System log entry

Installing and Using OpenWrt
1

I noticed something puzzling with OpenWrt 24.10.0-rc5 running on a GL.iNet GL-MT6000 using PiHole on a separate device (no additional opkg packages have been installed beside nano and htop).
I'm still trying to narrow it down, but here is what I observed so far:
Every time a page is accessed or refreshed (F5) in LUCI, 2 reverse DNS requests are sent and logged in pihole. They are sent on regular intervals (every 10 sec or so) when the "refreshing" option is enabled in LUCI pages when this option is available (like the overview main page) too:
These addresses belong to:

  • China Unicom Heilongjiang
  • China Unicom IP Network
    This behavior is very deterministic. What could be causing this and why is it resolving a Chinese IP?
    Note: stopping dnsmasq stops the requests being sent, but then dhcp stops working too of course.
    Is anyone else able to reproduce this behavior and/or explain it?
2

Is that your ISP?

3

No, I have a US ISP. I'm based in the US, not China

Also, as implied above, the requests only appear when LUCI is being used. When logged out of LUCI the queries disappear completely afaik.

I suppose that it's unlikely, but here there some kind of security concern in relation to this behavior?

Does anyone else see something similar in the System Log?

4

It's not.

This is the reverse lookup for ip address 73.6.62.218

So you are using Comcast Cable aren't you?

Hostname:c-73-76-62-218.hsd1.tx.comcast.net

ASN:7922

ISP:Comcast Cable Communications LLC

Services:None detected

Country:United States

State/Region:Texas

City:Sugar Land

Latitude:29.6198 (29° 37′ 11.32″ N)

Longitude:-95.6351 (95° 38′ 6.31″ W)
1 Like
5

How did you reverse the IP? What site did you use?

6

Same as you. The ip address is "reversed" in a reverse lookup. If you like, it is a way of generating a domain name out of an ip address.

So you are on Comcast Cable in Texas then?

2 Likes
7

Okay. Thanks for the info. I guess I missed and learnt something.

1 Like
8

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.