Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Firewall host sends multiple DNS requests to many different IPs
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall host sends multiple DNS requests to many different IPs (Read 998 times)
dh3rb
Newbie
Posts: 3
Karma: 0
Firewall host sends multiple DNS requests to many different IPs
«
on:
December 15, 2022, 04:04:45 am »
Hello OPNsense Forum!
I have a question: i found that the firewall host sends multiple DNS requests from its WAN address to different destinations (not just Google and Microsoft...but also, for example, IPs from russia that are hosted by "Misaka Network, Inc." - apparently an american company)...so why is this happening? DNS requests to 8.8.8.8 is understandable but the others?
They all pass my firewall rules because they are labeled as "let out anything from firewall host itself (force gw)".
Is this normal? Or does this mean there is malware on the firewall?
Regards,
David
Logged
bartjsmit
Hero Member
Posts: 2016
Karma: 194
Re: Firewall host sends multiple DNS requests to many different IPs
«
Reply #1 on:
December 15, 2022, 07:24:15 am »
Most likely those requests are done on behalf of LAN clients. You need to dig through your DNS logs to see which ones are making the requests. If you run a Pi-Hole you may have an easier time with your analysis.
Bart...
Logged
dh3rb
Newbie
Posts: 3
Karma: 0
Re: Firewall host sends multiple DNS requests to many different IPs
«
Reply #2 on:
December 15, 2022, 05:05:05 pm »
Thanks for the reply!
I also figured something out: once i (hopefully) correctly configured DNS servers and the Unbound service - all those DNS requests went finally to the assigned IPs!
Also interestingly: every time I updated and restarted the Unbound service, for a few moments the DNS requests went to other IPs again and then back to the assigned ones...seems like when my DNS
isn't
correctly configured the firewall uses all those random servers.
Logged
Patrick M. Hausen
Hero Member
Posts: 6807
Karma: 572
Re: Firewall host sends multiple DNS requests to many different IPs
«
Reply #3 on:
December 15, 2022, 05:14:36 pm »
That's just how DNS works:
https://forum.opnsense.org/index.php?topic=22760.msg108462#msg108462
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
dh3rb
Newbie
Posts: 3
Karma: 0
Re: Firewall host sends multiple DNS requests to many different IPs
«
Reply #4 on:
December 15, 2022, 05:23:02 pm »
Ahh ok, that explains this behavior! Thanks for that!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Firewall host sends multiple DNS requests to many different IPs