Why do I see domains with random characters (such as yfjmdpisrvyrnq) in my query log?


#1

This behavior is something that Chrome does.

You may see domains in your log such as

2017-30-22T15:18:51	A	yfjmdpisrvyrnq	localhost(127.0.0.1)	OK	
2017-30-22T15:18:51	A	attxnwheeeuiad	localhost(127.0.0.1)	OK	
2017-30-22T15:18:47	A	nskywzjbpj	    localhost(127.0.0.1)	OK	
2017-30-22T15:18:45	A	jlkjfxgwhpn	    localhost(127.0.0.1)	OK	
2017-30-22T15:18:45	A	qumdgakndpowoga	localhost(127.0.0.1)	OK	
2017-30-22T15:18:35	A	wbjdzyaplucvpcl	localhost(127.0.0.1)	OK

A Chrome web browser reaches out to random local domains on startup to try and detect hijacking

The response from the DNS server is No such domain (NXDOMAIN). You can read more about this behavior here.


Blocking randomly generated domain names
Weird traffic to .local addresses
It is the process of DNS hijacking?