Just some weird domains being logged

Time Type Domain Client Status Action
Time Type Domain Client Status Action
2016-12-22T19:34:41 A yfjmdpisrvyrnq localhost(127.0.0.1) OK
2016-12-22T19:34:41 A attxnwheeeuiad localhost(127.0.0.1) OK
2016-12-22T19:34:37 A nskywzjbpj localhost(127.0.0.1) OK
2016-12-22T19:34:35 A jlkjfxgwhpn localhost(127.0.0.1) OK
2016-12-22T19:34:35 A qumdgakndpowoga localhost(127.0.0.1) OK
2016-12-22T19:34:35 A wbjdzyaplucvpcl localhost(127.0.0.1) OK

Anyone familiar with what this gibberish is?? I’m just curious.

1 Like

My guess is your using chrome… Chrome can do random queries to see if dns is being messed with.

1 Like

Thanks, yeah I’m using chromium. Appreciate your help.

Yeah we have had other users report that Chrome does this. Not really sure what they are though.

1 Like

Chrome tries to find out if someone is messing up with the DNS (i.e. wildcard DNS servers to catch all domains). Chrome does this by issuing DNS requests to randomly generated domain names.

In a normal setup this results in a “No such name” response from your DNS server. If the DNS server you use has a wildcard setup, each of these requests will result in a response (which is normally even the same) so Chrome knows that there is someone messing around with DNS responses.

In my experience this happens for example on wireless networks where you have to authenticate through a browser in order to get access to the Internet (each and every DNS request guides you to the auth page). Android did the same at some point to find out if you have to auth. On more recent versions they changed this, because many DNS services, such as OpenDNS, will always return an IP, even for a malformed query.

I’m not sure what Chrome does when it finds someone modifying DNS responses, but I think it does nothing?..

2 Likes