Log entry for DNS type "TYPE5335" with reply of "BLOB"

Help
22

Looks like the issue is found and fixed? but my thing seems slightly different so i thought i should reply here.

in my case all "blob" response have "HTTPS" type, all are coming from same device and started roughly 6 hours ago, most of these requests seem porn related? but there are also some with www.google.com and cloudflare.com

I dont have DNSSEC active on pihole but i am using unbound.

image
image1022×479 66.3 KB

image
image1003×697 93.6 KB

Sep 18 08:44:15 dnsmasq[99607]: query[A] kompoz2.com from 192.168.1.155
Sep 18 08:44:15 dnsmasq[99607]: forwarded kompoz2.com to 10.0.0.2
Sep 18 08:44:15 dnsmasq[99607]: reply kompoz2.com is 104.21.57.47
Sep 18 08:44:15 dnsmasq[99607]: reply kompoz2.com is 172.67.141.242
Sep 18 08:44:15 dnsmasq[99607]: query[A] kompoz2.com from 192.168.1.155
Sep 18 08:44:15 dnsmasq[99607]: cached kompoz2.com is 172.67.141.242
Sep 18 08:44:15 dnsmasq[99607]: cached kompoz2.com is 104.21.57.47
Sep 18 08:44:15 dnsmasq[99607]: query[HTTPS] kompoz2.com from 192.168.1.155
Sep 18 08:44:15 dnsmasq[99607]: forwarded kompoz2.com to 10.0.0.2
Sep 18 08:44:15 dnsmasq[99607]: reply kompoz2.com is <HTTPS>
Sep 18 08:44:15 dnsmasq[99607]: query[A] st.kompoz2.com from 192.168.1.155
Sep 18 08:44:15 dnsmasq[99607]: forwarded st.kompoz2.com to 10.0.0.2
Sep 18 08:44:15 dnsmasq[99607]: query[A] cdn.jsdelivr.net from 192.168.1.155
Sep 18 08:44:15 dnsmasq[99607]: forwarded cdn.jsdelivr.net to 10.0.0.2
Sep 18 08:44:15 dnsmasq[99607]: reply st.kompoz2.com is 172.67.141.242
Sep 18 08:44:15 dnsmasq[99607]: reply st.kompoz2.com is 104.21.57.47
Sep 18 08:44:15 dnsmasq[99607]: query[A] kompoz2.com from 192.168.1.155
Sep 18 08:44:15 dnsmasq[99607]: cached kompoz2.com is 104.21.57.47
Sep 18 08:44:15 dnsmasq[99607]: cached kompoz2.com is 172.67.141.242
Sep 18 08:44:15 dnsmasq[99607]: reply cdn.jsdelivr.net is <CNAME>
Sep 18 08:44:15 dnsmasq[99607]: reply cdn.jsdelivr.net.cdn.cloudflare.net is 104.16.87.20
Sep 18 08:44:15 dnsmasq[99607]: reply cdn.jsdelivr.net.cdn.cloudflare.net is 104.16.88.20
Sep 18 08:44:15 dnsmasq[99607]: reply cdn.jsdelivr.net.cdn.cloudflare.net is 104.16.89.20
Sep 18 08:44:15 dnsmasq[99607]: reply cdn.jsdelivr.net.cdn.cloudflare.net is 104.16.85.20
Sep 18 08:44:15 dnsmasq[99607]: reply cdn.jsdelivr.net.cdn.cloudflare.net is 104.16.86.20
Sep 18 08:44:15 dnsmasq[99607]: query[A] st.kompoz2.com from 192.168.1.155
Sep 18 08:44:15 dnsmasq[99607]: cached st.kompoz2.com is 104.21.57.47
Sep 18 08:44:15 dnsmasq[99607]: cached st.kompoz2.com is 172.67.141.242
Sep 18 08:44:15 dnsmasq[99607]: query[HTTPS] st.kompoz2.com from 192.168.1.155
Sep 18 08:44:15 dnsmasq[99607]: forwarded st.kompoz2.com to 10.0.0.2
Sep 18 08:44:15 dnsmasq[99607]: reply st.kompoz2.com is <HTTPS>
Sep 18 08:44:15 dnsmasq[99607]: query[A] cdn.jsdelivr.net from 192.168.1.155
Sep 18 08:44:15 dnsmasq[99607]: cached cdn.jsdelivr.net is <CNAME>
Sep 18 08:44:15 dnsmasq[99607]: cached cdn.jsdelivr.net.cdn.cloudflare.net is 104.16.86.20
Sep 18 08:44:15 dnsmasq[99607]: cached cdn.jsdelivr.net.cdn.cloudflare.net is 104.16.85.20
Sep 18 08:44:15 dnsmasq[99607]: cached cdn.jsdelivr.net.cdn.cloudflare.net is 104.16.89.20
Sep 18 08:44:15 dnsmasq[99607]: cached cdn.jsdelivr.net.cdn.cloudflare.net is 104.16.88.20
Sep 18 08:44:15 dnsmasq[99607]: cached cdn.jsdelivr.net.cdn.cloudflare.net is 104.16.87.20
Sep 18 08:44:15 dnsmasq[99607]: query[HTTPS] cdn.jsdelivr.net from 192.168.1.155
Sep 18 08:44:15 dnsmasq[99607]: cached cdn.jsdelivr.net is <CNAME>
Sep 18 08:44:15 dnsmasq[99607]: forwarded cdn.jsdelivr.net to 10.0.0.2
Sep 18 08:44:15 dnsmasq[99607]: reply cdn.jsdelivr.net is <CNAME>
Sep 18 08:44:15 dnsmasq[99607]: reply cdn.jsdelivr.net.cdn.cloudflare.net is <HTTPS>
24

Been using internet most of Sunday, no more occurences of the TYPE5335 entries, and no new issues introduced, so confirming fixed. Many thanks devs for the help.

(EDIT to add detail – since the fix there have been 5 instances where dnssec-retry has appeared in the logs, each one when visiting amazon, and these are no longer causing this bug to manifest)

2 Likes
25

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.