In my RB2011UiAS with router OS version 6.45.7 I have disabled "Allow Remote Requests" in addition to having INPUT filter rule to block DNS requests and yet after I flush the DNS cache I immediately see some strange DNS cache entries that get refreshed every 5 minutes such as the following:
1 name="e221.en25.com" address=18.104.22.168 ttl=52m10s
2 name="mail98.atl91.mcsv.net" address=22.214.171.124 ttl=4h5m8s
3 name="mail.gradualapproach.net" address=126.96.36.199 ttl=21m17s
4 name="mail.gradualapproach.net" address=188.8.131.52 ttl=21m17s
5 name="mail.gradualapproach.net" address=184.108.40.206 ttl=21m17s
6 name="mail.gradualapproach.net" address=220.127.116.11 ttl=21m17s
7 name="mail34.sgml1.com" address=18.104.22.168 ttl=15m28s
9 name="mail.programsmanagement.com" address=22.214.171.124 ttl=4m15s
11 name="mail.servicemailnetwork.com" address=126.96.36.199 ttl=2m1s
13 name="mail.jamesfigurine.com" address=188.8.131.52 ttl=1m18s
I have another Mikrotik router with the same OS version although different models but does not show such entries.
I have to conclude that these are requests that came from the router itself .
Have any of you see such thing?
Should I be alarmed?
How do I find out which model or task withing the routeros is requesting these URLs to be resolved?
Your input is highly appreciated.