Looking at the logs of my local DNS server, my Linux computer has been looking up 191.0.0.10.in-addr.arpa every few seconds. It also looks up ipv4only.arpa, but less frequently. As far as I know, arpa domains are apart of the DNS system itself? Is this normal?
If you really want you can set a trace filter on your firewall to see what users those requests are coming from. This is reverse-DNS. It looks up the hostname for an IP address. There are various reasons to do this.
- Some applications filter based on the hostname. They need to convert the IP to a hostname (and they query the hostname to ensure it maps to the IP to verify)
- Some applications show this to the user (some bittorrent clients try to show you peer hostnames).
- Some applications log the hostname.
So there are a wide variety of reasons. You would have to trace this back to the application to find out why exactly it is happening for you.
I find it really weird that it keeps reverse looking up one IP address, which apparently is in Brazil, and it does it every few seconds.
I do have a VPN enabled (but not to a server in Brazil), but I don’t know if that has anything to do with it.
191.0.0.10.in-addr.arpa
I do find it weird that this is an internal IP. I would check if this query works. Also maybe checking to see if your VPN has anything at this IP.
I would check if this query works.
I tried it in my browser, it doesn’t, and Pihole says it returns NXDOMAIN.
Did you ping the ip?
10.0.0.191or just try the hostname?Pinging it works, but it doesn’t seem to have any webpage behind it.
Maybe you can run one of those crazy
nmapscans to see what it is?Or maybe it’s a better idea to figure out why it’s happening in the first place instead hmm
Oh wait, I just realized that the IP is reversed from what the domain says. I thought it was 191.0.0.10.
10.0.0.191 is actually the IP address to the computer sending the queries.
Is it still looking up with your vpn completely disabled? What kind of vpn software are you using? I bet the internal IP is used inside the vpn for something.
What kind of vpn software are you using?
I’m connecting to OpenVPN through KDE’s network settings panel.
Is it still looking up with your vpn completely disabled?
It doesn’t seem to use the DNS server at all when the VPN is disabled, even though I specified the DNS server on the Wi-Fi connection itself.
KDE’s DNS settings are weird.
