THOUSANDS of DNS requests that "web usage" page does now show

[lollapalooza]

I've got a static IP address at home, and I'm using OpenDNS.
This gives me the chance to see a nice dashboard with statistics.

I have noticed that in the last 15 days there's a huge number of DNS requests to account.kkbox.com domain (more than 30K per day).

Now ... I'm in Italy, where kkbox (a music streaming provider) is not available.

I wanted to investigate a bit: I want to know which of my devices tries so hard to connect to a service I did not subscribe...

For this reason I've enabled the Web Usage Monitor.

Unfortunately there's absolutely no trace of requests for this domain.

Can somebody help?

[RomanHK]

You can turn on DNS logging and see the results in the system log. Run these commands via ssh:
To enable DNS logging:

Code: Select all

uci set dhcp.@dnsmasq[0].logqueries=1
uci commit dhcp
/etc/init.d/dnsmasq restart

To disable DNS logging:

Code: Select all

uci delete dhcp.@dnsmasq[0].logqueries
uci commit dhcp
/etc/init.d/dnsmasq restart

Browse the system log:

Code: Select all

logread | grep account.kkbox.com

Also, by enabling this feature, the system log will be too large and it is a good idea to turn off this feature when it detects a domain you are looking for or if you are experiencing problems!

[lollapalooza]

@RomanHK
Thanks for sharing this...
Anyway the only intenrnal IP I see, belongs to my Wireless Access Point

Yes ... as I do have a mesh system at home, I do not rely on my Gargoyle Router for my Wi-Fi.

Here's an extract from the log:

Code: Select all

Fri Oct 18 19:41:03 2019 daemon.info dnsmasq[9384]: forwarded account.kkbox.com to 208.67.220.220
Fri Oct 18 19:41:03 2019 daemon.info dnsmasq[9384]: query[A] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:03 2019 daemon.info dnsmasq[9384]: cached account.kkbox.com is 210.61.182.104
Fri Oct 18 19:41:05 2019 daemon.info dnsmasq[9384]: query[AAAA] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:05 2019 daemon.info dnsmasq[9384]: forwarded account.kkbox.com to 208.67.220.220
Fri Oct 18 19:41:05 2019 daemon.info dnsmasq[9384]: query[A] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:05 2019 daemon.info dnsmasq[9384]: cached account.kkbox.com is 210.61.182.104
Fri Oct 18 19:41:06 2019 daemon.info dnsmasq[9384]: query[AAAA] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:06 2019 daemon.info dnsmasq[9384]: forwarded account.kkbox.com to 208.67.220.220
Fri Oct 18 19:41:07 2019 daemon.info dnsmasq[9384]: query[A] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:07 2019 daemon.info dnsmasq[9384]: cached account.kkbox.com is 210.61.182.104
Fri Oct 18 19:41:08 2019 daemon.info dnsmasq[9384]: query[AAAA] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:08 2019 daemon.info dnsmasq[9384]: forwarded account.kkbox.com to 208.67.220.220
Fri Oct 18 19:41:08 2019 daemon.info dnsmasq[9384]: query[A] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:08 2019 daemon.info dnsmasq[9384]: cached account.kkbox.com is 210.61.182.104
Fri Oct 18 19:41:10 2019 daemon.info dnsmasq[9384]: query[AAAA] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:10 2019 daemon.info dnsmasq[9384]: forwarded account.kkbox.com to 208.67.220.220
Fri Oct 18 19:41:11 2019 daemon.info dnsmasq[9384]: query[A] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:11 2019 daemon.info dnsmasq[9384]: cached account.kkbox.com is 210.61.182.104
Fri Oct 18 19:41:13 2019 daemon.info dnsmasq[9384]: query[AAAA] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:13 2019 daemon.info dnsmasq[9384]: forwarded account.kkbox.com to 208.67.220.220
Fri Oct 18 19:41:13 2019 daemon.info dnsmasq[9384]: query[A] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:13 2019 daemon.info dnsmasq[9384]: cached account.kkbox.com is 210.61.182.104

[EDIT]
By unplugging all my devices one by one, I've been able to find out who's guilty.

It's my Orbi RBS40V (mesh satellite + Alexa speaker).
I'll check in Netgear forum.

Thank you!!