SOLVED Why does FreeNAS try to contact this IP every 10 seconds?

[Mr. Slumber]

Hi, my FreeNAS box lives behind a pfsense firewall and a pihole server. 3 days ago I did a fresh install of FreeNAS 11.2-U3. Until now nothing more than a single SMB share and of course eMail alarms were configured. FreeNAS is running just fine and stable.

Today I took a closer look at the pfsense and pihole logs and realized that my FreeNAS box tries to contact the following IP adress every 10s:

Should this worry me? It seems to be some kind of reverse dns lookup but what for?

Thanks for some ideas what this is about! :)

 

[rvassar]

Interesting... That IP is non-routeable on the open Internet. It's part of the 192.168.0.0/16 reserved block. What address block is your NAS using?

 

[Mr. Slumber]

What address block is your NAS using?

192.168.178.XXX

 

[jgreco]

So what's on your network at 192.168.178.148?

 

[rvassar]

192.168.178.XXX

That's what I was expecting... The reverse address lookup gets the octets reversed. So when 192.168.178.148 get requested as a reverse lookup, it asks for 148.178.168.192.in-addr.arpa. Which would have a PTR record in a formally configured network with DNS.

 

[Mr. Slumber]

So what's on your network at 192.168.178.148?

my Proxmox Server... Isn't this really bad?

 

[rvassar]

my Proxmox Server... Isn't this really bad?

Isn't that just a Linux based VM environment?

 

[jgreco]

my Proxmox Server... Isn't this really bad?

Do you have any shares mounted off your FreeNAS server from the proxmox server?

 

[Mr. Slumber]

Isn't that just a Linux based VM environment?

Correct. :)

 

[rvassar]

Got an idea: on my proxmox server lives the pihole server as a VM. FreeNAS DNS was setup the way that it should use the pihole server (192.168.178.3). Is this why?

I don't think we're going to be able to adequately determine that here. Suffice to say, the FreeNAS software is checking an IP address to figure out what formal name it has, possibly to provide or deny some kind of service by hostname. If you don't have BIND or something similar running on that network with a rDNS map loaded, it just a wasted call.

 

[Mr. Slumber]

Do you have any shares mounted off your FreeNAS server from the proxmox server?

I hope I understand this in the correct way, sorry :) Proxmox is setup the way that it backups its VMs to the FreeNAS SMB share. Did you mean this? So in the proxmox server a SMB share of the FreeNAS box is mounted as a CIFS share so that Proxmox sees it.

 

[Mr. Slumber]

If you don't have BIND or something similar running on that network with a rDNS map loaded, it just a wasted call.

ok, thank you, so nothing to worry about, right?! I thought a malware of some kind had infected my FreeNAS box and this was what I saw in the logs. I must confess it seems that there a still many things to learn networkwise for me ;)

 

[Mr. Slumber]

Thanks to all for your quick help! :)

 

[rvassar]

ok, thank you, so nothing to worry about, right?! I thought a malware of some kind had infected my FreeNAS box and this was what I saw in the logs. I must confess it seems that there a still many things to learn networkwise for me ;)

It's literally a "What's their name?" call... That's it... The only way it might cause you trouble is if you try and permit access to the NAS share by hostname, and FreeNAS has no way to figure out if the name matches a rule or not.