Community discussions

MUM Europe 2020
 
AlfaGulf
just joined
Topic Author
Posts: 12
Joined: Sun Sep 16, 2012 10:10 pm

Strange DNS Entries in cache even when remote requests are denied.

Sun Dec 01, 2019 8:23 am

Hello,
In my RB2011UiAS with router OS version 6.45.7 I have disabled "Allow Remote Requests" in addition to having INPUT filter rule to block DNS requests and yet after I flush the DNS cache I immediately see some strange DNS cache entries that get refreshed every 5 minutes such as the following:
1 name="e221.en25.com" address=209.167.231.221 ttl=52m10s
2 name="mail98.atl91.mcsv.net" address=198.2.130.98 ttl=4h5m8s
3 name="mail.gradualapproach.net" address=198.54.117.200 ttl=21m17s
4 name="mail.gradualapproach.net" address=198.54.117.197 ttl=21m17s
5 name="mail.gradualapproach.net" address=198.54.117.199 ttl=21m17s
6 name="mail.gradualapproach.net" address=198.54.117.198 ttl=21m17s
7 name="mail34.sgml1.com" address=77.74.123.169 ttl=15m28s
9 name="mail.programsmanagement.com" address=204.11.56.48 ttl=4m15s
11 name="mail.servicemailnetwork.com" address=204.11.56.48 ttl=2m1s
13 name="mail.jamesfigurine.com" address=83.167.229.42 ttl=1m18s

I have another Mikrotik router with the same OS version although different models but does not show such entries.
I have to conclude that these are requests that came from the router itself .

Have any of you see such thing?
Should I be alarmed?
How do I find out which model or task withing the routeros is requesting these URLs to be resolved?

Your input is highly appreciated.
Thanks
 
AlfaGulf
just joined
Topic Author
Posts: 12
Joined: Sun Sep 16, 2012 10:10 pm

Re: Strange DNS Entries in cache even when remote requests are denied.  [SOLVED]

Sun Dec 01, 2019 10:31 am

Sorry guys,
I just found the reason.
those URLs are in one of my address lists which I added long time ago to block email spam.

Again my apology.
 
User avatar
jvanhambelgium
newbie
Posts: 31
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Strange DNS Entries in cache even when remote requests are denied.

Sun Dec 01, 2019 10:32 am

That might be pretty alarming I think, especially since these are quite strange entries.
Especially if indeed you disable "Allow Remote Request" this means Mikrotik is only acting as DNS-client, for lookups for itself and if these entries still popup after a flush.
So...did you check if any script is running ? (Under "Systems" -> "Scripts" and "System" -> "Scheduler" )?
Does you box have some script to send out mails for system status ?

If I check on my RB3011, there is only 1 entry that contains the Dynamic DNS entry offered by Mikrotik for my system , so XXXXXX.sn.mynetname.net" and nothing else.
My Mikrotik is not providing DNS lookups for clients anymore since my PI-HOLE took over this function since it allows some scrubbing

Who is online

Users browsing this forum: No registered users and 22 guests