Linux

51185 readers

610 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

Why is my Linux machine requesting the DNS records of .arpa domains every few seconds? (lemmy.ml)

submitted 3 years ago by [email protected] to c/[email protected]

10 comments fedilink hide all child comments

Looking at the logs of my local DNS server, my Linux computer has been looking up 191.0.0.10.in-addr.arpa every few seconds. It also looks up ipv4only.arpa, but less frequently. As far as I know, arpa domains are apart of the DNS system itself? Is this normal?

top 10 comments

sorted by: hot top controversial new old

[–] [email protected] 7 points 3 years ago (1 children)

If you really want you can set a trace filter on your firewall to see what users those requests are coming from. This is reverse-DNS. It looks up the hostname for an IP address. There are various reasons to do this.

Some applications filter based on the hostname. They need to convert the IP to a hostname (and they query the hostname to ensure it maps to the IP to verify)
Some applications show this to the user (some bittorrent clients try to show you peer hostnames).
Some applications log the hostname.

So there are a wide variety of reasons. You would have to trace this back to the application to find out why exactly it is happening for you.

[–] [email protected] 3 points 3 years ago* (last edited 3 years ago) (1 children)

I find it really weird that it keeps reverse looking up one IP address, which apparently is in Brazil, and it does it every few seconds.

I do have a VPN enabled (but not to a server in Brazil), but I don't know if that has anything to do with it.

[–] [email protected] 3 points 3 years ago (1 children)

191.0.0.10.in-addr.arpa

I do find it weird that this is an internal IP. I would check if this query works. Also maybe checking to see if your VPN has anything at this IP.

[–] [email protected] 1 points 3 years ago (1 children)

I would check if this query works.

I tried it in my browser, it doesn't, and Pihole says it returns NXDOMAIN.

[–] [email protected] 3 points 3 years ago (2 children)

Did you ping the ip? 10.0.0.191 or just try the hostname?

[–] [email protected] 1 points 3 years ago

Oh wait, I just realized that the IP is reversed from what the domain says. I thought it was 191.0.0.10.

10.0.0.191 is actually the IP address to the computer sending the queries.

[–] [email protected] 1 points 3 years ago (1 children)

Pinging it works, but it doesn't seem to have any webpage behind it.

[–] [email protected] 1 points 3 years ago

Maybe you can run one of those crazy nmap scans to see what it is?

Or maybe it's a better idea to figure out why it's happening in the first place instead hmm

[–] [email protected] 4 points 3 years ago (1 children)

Is it still looking up with your vpn completely disabled? What kind of vpn software are you using? I bet the internal IP is used inside the vpn for something.

[–] [email protected] 2 points 3 years ago

What kind of vpn software are you using?

I'm connecting to OpenVPN through KDE's network settings panel.

Is it still looking up with your vpn completely disabled?

It doesn't seem to use the DNS server at all when the VPN is disabled, even though I specified the DNS server on the Wi-Fi connection itself.

KDE's DNS settings are weird.