Page 1 of 1
THOUSANDS of DNS requests that "web usage" page does now show
Posted: Fri Oct 18, 2019 10:19 am
by lollapalooza
I've got a static IP address at home, and I'm using OpenDNS.
This gives me the chance to see a nice dashboard with statistics.
I have noticed that in the last 15 days there's a huge number of DNS requests to account.kkbox.com domain (more than 30K per day).
Now ... I'm in Italy, where kkbox (a music streaming provider) is not available.
I wanted to investigate a bit: I want to know which of my devices tries so hard to connect to a service I did not subscribe...
For this reason I've enabled the Web Usage Monitor.
Unfortunately there's absolutely no trace of requests for this domain.
Can somebody help?
Re: THOUSANDS of DNS requests that "web usage" page does now show
Posted: Fri Oct 18, 2019 11:28 am
by RomanHK
You can turn on DNS logging and see the results in the system log. Run these commands via ssh:
To enable DNS logging:
Code: Select all
uci set dhcp.@dnsmasq[0].logqueries=1
uci commit dhcp
/etc/init.d/dnsmasq restart
To disable DNS logging:
Code: Select all
uci delete dhcp.@dnsmasq[0].logqueries
uci commit dhcp
/etc/init.d/dnsmasq restart
Browse the system log:
Also, by enabling this feature, the system log will be too large and it is a good idea to turn off this feature when it detects a domain you are looking for or if you are experiencing problems!
Re: THOUSANDS of DNS requests that "web usage" page does now show
Posted: Fri Oct 18, 2019 1:45 pm
by lollapalooza
@RomanHK
Thanks for sharing this...
Anyway the only intenrnal IP I see, belongs to my Wireless Access Point
Yes ... as I do have a mesh system at home, I do not rely on my Gargoyle Router for my Wi-Fi.
Here's an extract from the log:
Code: Select all
Fri Oct 18 19:41:03 2019 daemon.info dnsmasq[9384]: forwarded account.kkbox.com to 208.67.220.220
Fri Oct 18 19:41:03 2019 daemon.info dnsmasq[9384]: query[A] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:03 2019 daemon.info dnsmasq[9384]: cached account.kkbox.com is 210.61.182.104
Fri Oct 18 19:41:05 2019 daemon.info dnsmasq[9384]: query[AAAA] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:05 2019 daemon.info dnsmasq[9384]: forwarded account.kkbox.com to 208.67.220.220
Fri Oct 18 19:41:05 2019 daemon.info dnsmasq[9384]: query[A] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:05 2019 daemon.info dnsmasq[9384]: cached account.kkbox.com is 210.61.182.104
Fri Oct 18 19:41:06 2019 daemon.info dnsmasq[9384]: query[AAAA] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:06 2019 daemon.info dnsmasq[9384]: forwarded account.kkbox.com to 208.67.220.220
Fri Oct 18 19:41:07 2019 daemon.info dnsmasq[9384]: query[A] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:07 2019 daemon.info dnsmasq[9384]: cached account.kkbox.com is 210.61.182.104
Fri Oct 18 19:41:08 2019 daemon.info dnsmasq[9384]: query[AAAA] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:08 2019 daemon.info dnsmasq[9384]: forwarded account.kkbox.com to 208.67.220.220
Fri Oct 18 19:41:08 2019 daemon.info dnsmasq[9384]: query[A] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:08 2019 daemon.info dnsmasq[9384]: cached account.kkbox.com is 210.61.182.104
Fri Oct 18 19:41:10 2019 daemon.info dnsmasq[9384]: query[AAAA] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:10 2019 daemon.info dnsmasq[9384]: forwarded account.kkbox.com to 208.67.220.220
Fri Oct 18 19:41:11 2019 daemon.info dnsmasq[9384]: query[A] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:11 2019 daemon.info dnsmasq[9384]: cached account.kkbox.com is 210.61.182.104
Fri Oct 18 19:41:13 2019 daemon.info dnsmasq[9384]: query[AAAA] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:13 2019 daemon.info dnsmasq[9384]: forwarded account.kkbox.com to 208.67.220.220
Fri Oct 18 19:41:13 2019 daemon.info dnsmasq[9384]: query[A] account.kkbox.com from 192.168.0.10
Fri Oct 18 19:41:13 2019 daemon.info dnsmasq[9384]: cached account.kkbox.com is 210.61.182.104
[EDIT]
By unplugging all my devices one by one, I've been able to find out who's guilty.
It's my Orbi RBS40V (mesh satellite + Alexa speaker).
I'll check in Netgear forum.
Thank you!!