Very strange localhost Domain calls - also from router

#1

I am getting some very strange data, first two calls appear to come from my Router (Mikrotik) and the others are from “localhost”:

2019-03-18 13:43:40 A mx01.2-1q1vgvpze.truckinsurancekentucky.net 172.16.105.1 OK (forwarded) IP (317.8ms)
2019-03-18 13:42:49 A mailx.mtbmorzinebeds.com 172.16.105.1 OK (forwarded) IP (32.1ms)

2019-03-18 13:46:20 A dahgouh.8.8.4.4 localhost OK (forwarded) NXDOMAIN (19.3ms)
2019-03-18 13:46:20 A xksquoi.8.8.4.4 localhost OK (forwarded) NXDOMAIN (30.9ms)
2019-03-18 13:46:20 A bqnjwipjyqy.8.8.4.4 localhost OK (forwarded) NXDOMAIN (30.8ms)
2019-03-18 13:46:20 A dahgouh localhost OK (cached) NODATA (1.7ms)
2019-03-18 13:46:20 A xksquoi localhost OK (cached) NODATA (0.9ms)
2019-03-18 13:46:20 A bqnjwipjyqy localhost OK (cached) NODATA (0.6ms)

Can anyone help me shed any light on these? Thank you.

0 Likes

#2

First thing I would advise would be to virus scan all connected devices just to be one the safe side.

I can’t check either URL’s as they are both blocked by our internal security software for belonging to the Russian Federation.

0 Likes

#3

What I find most bizarre is the source is 105.1 which is my router. How about all the other bizarre named calls coming from localhost?

I now noticed in the logs a call today for ntp1.tuxfamily.net from a PC which is off, disconnected and currently sitting on top of a cupboard! In fact a total of 5 entries today:

ntp-1.vt.edu
wpad.domus
vortex-win.data.microsoft.com
lerc-dns.lerc.nasa.gov
teredo.ipv6.microsoft.com

Is Pi-Hole broken?

Thanks.

0 Likes

#4

I’ve flushed the logs and enables DNSSEC. Getting these calls now:

2019-03-18 16:04:00 PTR 99.105.16.172.in-addr.arpa 127.0.0.1 OK (cached)
2019-03-18 16:03:00 PTR 121.105.16.172.in-addr.arpa 127.0.0.1 OK (cached)
2019-03-18 16:03:00 PTR 184.105.16.172.in-addr.arpa 127.0.0.1 OK (cached)
2019-03-18 16:03:00 PTR 101.105.16.172.in-addr.arpa 127.0.0.1 OK (cached)
2019-03-18 16:03:00 PTR 185.105.16.172.in-addr.arpa 127.0.0.1 OK (cached)
2019-03-18 16:03:00 PTR 196.105.16.172.in-addr.arpa 127.0.0.1 OK (cached)
2019-03-18 16:03:00 PTR 126.105.16.172.in-addr.arpa 127.0.0.1 OK (cached)
2019-03-18 16:03:00 PTR 1.0.0.1.in-addr.arpa 127.0.0.1 OK (forwarded)
2019-03-18 16:03:00 PTR 1.1.1.1.in-addr.arpa 127.0.0.1 OK (forwarded)
2019-03-18 16:02:31 A clients1.google.com 127.0.0.1 OK (forwarded)

0 Likes

closed #5

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

0 Likes