Looking at the logs of my local DNS server, my Linux computer has been looking up 191.0.0.10.in-addr.arpa every few seconds. It also looks up ipv4only.arpa, but less frequently. As far as I know, arpa domains are apart of the DNS system itself? Is this normal?

  • AgreeableLandscapeOPM
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    4 years ago

    I find it really weird that it keeps reverse looking up one IP address, which apparently is in Brazil, and it does it every few seconds.

    I do have a VPN enabled (but not to a server in Brazil), but I don’t know if that has anything to do with it.

    • kevincox
      link
      fedilink
      arrow-up
      3
      ·
      4 years ago

      191.0.0.10.in-addr.arpa

      I do find it weird that this is an internal IP. I would check if this query works. Also maybe checking to see if your VPN has anything at this IP.

      • AgreeableLandscapeOPM
        link
        fedilink
        arrow-up
        1
        ·
        4 years ago

        I would check if this query works.

        I tried it in my browser, it doesn’t, and Pihole says it returns NXDOMAIN.

        • kevincox
          link
          fedilink
          arrow-up
          3
          ·
          4 years ago

          Did you ping the ip? 10.0.0.191 or just try the hostname?

            • SeerLite
              link
              fedilink
              arrow-up
              1
              ·
              4 years ago

              Maybe you can run one of those crazy nmap scans to see what it is?

              Or maybe it’s a better idea to figure out why it’s happening in the first place instead hmm

          • AgreeableLandscapeOPM
            link
            fedilink
            arrow-up
            1
            ·
            4 years ago

            Oh wait, I just realized that the IP is reversed from what the domain says. I thought it was 191.0.0.10.

            10.0.0.191 is actually the IP address to the computer sending the queries.