DNS calls to opnsense.emergingthreats.net

vecchiostupido · November 30, 2020, 07:37:44 PM

I have installed Suricata and I use the ET Telemetry. I also have a Pihole as my local DNS, resolves back to Unbound in OPNSense

The Pihole has hundreds of calls per minute to opnsense.emergingthreats.net, see example from Pihole log below. The calls are from my OPNsense firewall (192.168.121.1), that's why I am posting on this forum

Nov 29 10:01:11 dnsmasq[580]: query[A] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is 72.12.200.25
Nov 29 10:01:11 dnsmasq[580]: query[AAAA] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is NODATA-IPv6
Nov 29 10:01:11 dnsmasq[580]: query[A] opnsense.emergingthreats.net from 192.168.121.1
Nov 29 10:01:11 dnsmasq[580]: cached opnsense.emergingthreats.net is 72.12.200.25

I checked my Suricata logs and the Unbound logs in OPNSense, nothing going on (e.g. no calls out to 72.12.200.25 - Wintek.com - data provider).

Any suggestions on how to diagnose what is going on ?

dancwilliams · February 13, 2023, 04:34:34 PM

Did you ever figure this out? I am seeing the same thing!

DNS calls to opnsense.emergingthreats.net

vecchiostupido

November 30, 2020, 07:37:44 PM

dancwilliams

February 13, 2023, 04:34:34 PM #1