Looking at the logs of my local DNS server, my Linux computer has been looking up 191.0.0.10.in-addr.arpa
every few seconds. It also looks up ipv4only.arpa
, but less frequently. As far as I know, arpa domains are apart of the DNS system itself? Is this normal?
If you really want you can set a trace filter on your firewall to see what users those requests are coming from. This is reverse-DNS. It looks up the hostname for an IP address. There are various reasons to do this.
So there are a wide variety of reasons. You would have to trace this back to the application to find out why exactly it is happening for you.
I find it really weird that it keeps reverse looking up one IP address, which apparently is in Brazil, and it does it every few seconds.
I do have a VPN enabled (but not to a server in Brazil), but I don’t know if that has anything to do with it.
I do find it weird that this is an internal IP. I would check if this query works. Also maybe checking to see if your VPN has anything at this IP.
I tried it in my browser, it doesn’t, and Pihole says it returns NXDOMAIN.
Did you ping the ip?
10.0.0.191
or just try the hostname?Oh wait, I just realized that the IP is reversed from what the domain says. I thought it was 191.0.0.10.
10.0.0.191 is actually the IP address to the computer sending the queries.
Pinging it works, but it doesn’t seem to have any webpage behind it.
Maybe you can run one of those crazy
nmap
scans to see what it is?Or maybe it’s a better idea to figure out why it’s happening in the first place instead hmm