Hello,
In my RB2011UiAS with router OS version 6.45.7 I have disabled "Allow Remote Requests" in addition to having INPUT filter rule to block DNS requests and yet after I flush the DNS cache I immediately see some strange DNS cache entries that get refreshed every 5 minutes such as the following:
1 name="e221.en25.com" address=209.167.231.221 ttl=52m10s
2 name="mail98.atl91.mcsv.net" address=198.2.130.98 ttl=4h5m8s
3 name="mail.gradualapproach.net" address=198.54.117.200 ttl=21m17s
4 name="mail.gradualapproach.net" address=198.54.117.197 ttl=21m17s
5 name="mail.gradualapproach.net" address=198.54.117.199 ttl=21m17s
6 name="mail.gradualapproach.net" address=198.54.117.198 ttl=21m17s
7 name="mail34.sgml1.com" address=77.74.123.169 ttl=15m28s
9 name="mail.programsmanagement.com" address=204.11.56.48 ttl=4m15s
11 name="mail.servicemailnetwork.com" address=204.11.56.48 ttl=2m1s
13 name="mail.jamesfigurine.com" address=83.167.229.42 ttl=1m18s
I have another Mikrotik router with the same OS version although different models but does not show such entries.
I have to conclude that these are requests that came from the router itself .
Have any of you see such thing?
Should I be alarmed?
How do I find out which model or task withing the routeros is requesting these URLs to be resolved?
Your input is highly appreciated.
Thanks
Re: Strange DNS Entries in cache even when remote requests are denied. [SOLVED]
Sorry guys,
I just found the reason.
those URLs are in one of my address lists which I added long time ago to block email spam.
Again my apology.
I just found the reason.
those URLs are in one of my address lists which I added long time ago to block email spam.
Again my apology.
-
-
jvanhambelgium
Forum Guru
- Posts: 1119
- Joined:
- Location: Belgium
Re: Strange DNS Entries in cache even when remote requests are denied.
That might be pretty alarming I think, especially since these are quite strange entries.
Especially if indeed you disable "Allow Remote Request" this means Mikrotik is only acting as DNS-client, for lookups for itself and if these entries still popup after a flush.
So...did you check if any script is running ? (Under "Systems" -> "Scripts" and "System" -> "Scheduler" )?
Does you box have some script to send out mails for system status ?
If I check on my RB3011, there is only 1 entry that contains the Dynamic DNS entry offered by Mikrotik for my system , so XXXXXX.sn.mynetname.net" and nothing else.
My Mikrotik is not providing DNS lookups for clients anymore since my PI-HOLE took over this function since it allows some scrubbing
Especially if indeed you disable "Allow Remote Request" this means Mikrotik is only acting as DNS-client, for lookups for itself and if these entries still popup after a flush.
So...did you check if any script is running ? (Under "Systems" -> "Scripts" and "System" -> "Scheduler" )?
Does you box have some script to send out mails for system status ?
If I check on my RB3011, there is only 1 entry that contains the Dynamic DNS entry offered by Mikrotik for my system , so XXXXXX.sn.mynetname.net" and nothing else.
My Mikrotik is not providing DNS lookups for clients anymore since my PI-HOLE took over this function since it allows some scrubbing