Looking at the logs of my local DNS server, my Linux computer has been looking up 191.0.0.10.in-addr.arpa
every few seconds. It also looks up ipv4only.arpa
, but less frequently. As far as I know, arpa domains are apart of the DNS system itself? Is this normal?
I find it really weird that it keeps reverse looking up one IP address, which apparently is in Brazil, and it does it every few seconds.
I do have a VPN enabled (but not to a server in Brazil), but I don’t know if that has anything to do with it.
I do find it weird that this is an internal IP. I would check if this query works. Also maybe checking to see if your VPN has anything at this IP.
I tried it in my browser, it doesn’t, and Pihole says it returns NXDOMAIN.
Did you ping the ip?
10.0.0.191
or just try the hostname?Oh wait, I just realized that the IP is reversed from what the domain says. I thought it was 191.0.0.10.
10.0.0.191 is actually the IP address to the computer sending the queries.
Pinging it works, but it doesn’t seem to have any webpage behind it.
Maybe you can run one of those crazy
nmap
scans to see what it is?Or maybe it’s a better idea to figure out why it’s happening in the first place instead hmm