aca80a02.ipt.aol.com DNS Requests

[NickS]

Hi,

I've noticed through my pi-hole that my FreeNAS box is sending out DNS requests to this the above address on both IPv4 and IPv6 several times a second. ~26000 times so far in the last 24 hours.

Anyone have any idea what's causing this?

Thanks

 

[danb35]

Any jails?

 

[NickS]

Any jails?

No jails and no odd config, running pure Freenas, no add-ons.

Running 11.0, updated to 11.1 last night to see if that makes a difference.

 

[Kennyvb8]

Aint that just Google's server?


Sent from my iPhone using Tapatalk

 

[NickS]

Nope, don't think so. DNS says part of AOLs Data Transfer Network (.aol.com is in the domain name).

Even if it were a Google address why is FreeNAS sending several DNS requests every second?

 

[Kennyvb8]

Nope, don't think so. DNS says part of AOLs Data Transfer Network (.aol.com is in the domain name).

Even if it were a Google address why is FreeNAS sending several DNS requests every second?

Hmm when I ping Google.com it comes with a address similar to that one.


Sent from my iPhone using Tapatalk

 

[Kennyvb8]

Okey not exactly same address. But never the less strange

Sent from my iPhone using Tapatalk

 

[NickS]

Yeah that's a completely different address and you pinged a server and that's the response address (le100 is owned by Google). So you pinged Google and one of their servers responded.

Nothing to do with DNS or the issue I'm seeing.

 

[HoneyBadger]

I'll roll the dice here.

Your internal IP range is 192.168.10.x and you fat-fingered your DNS server, because the IP that name resolves to is 172.168.10.2 ;)

 

[NickS]

I'll roll the dice here.

Your internal IP range is 192.168.10.x and you fat-fingered your DNS server, because the IP that name resolves to is 172.168.10.2 ;)

I so thought you were bang on the money there. The IP for the VLAN my FreeNAS box sits in is 192.168.10.x.

But I've checked all my DNS settings and they're all correct, no 172's. Also I'm only getting these requests from the FreeNAS box, other devices in the same VLAN are fine.

 

[NickS]

Right, HoneyBadgers comment has sent me in the right direction I think. I have a primary network connection on 192.168.10.x and a secondary connection that is 172.168.10.1.

The 172 address is directly connected to 172.168.10.2 (back to back), I wonder if it's something there that's causing the issue?

 

[HoneyBadger]

The 172 address is directly connected to 172.168.10.2 (back to back), I wonder if it's something there that's causing the issue?

An RFC1918 violation. ;)

Your private /20 is 172.16.0.0 through 172.31.255.255 - 172.168.x.x is publicly routed. Change that second private LAN to fall inside those and you're good to go.

 

[danb35]

a secondary connection that is 172.168.10.1.

172.168.0.0/16 is not a valid private network, so this definitely could be causing your problems.

Edit: Ninja'd by @HoneyBadger!

 

[Elliot Dierksen]

172.168.0.0/16 is not a valid private network, so this definitely could be causing your problems.

@danb35 is the winner! (Edit: nope, it was really @HoneyBadger. I guess that is what happens when I go millennial and click too fast. )

Code:

NetRange:	   172.128.0.0 - 172.191.255.255
CIDR:		   172.128.0.0/10
NetName:		AOL-172BLK
NetHandle:	  NET-172-128-0-0-1
Parent:		 NET172 (NET-172-0-0-0-0)
NetType:		Direct Allocation
OriginAS:
Organization:   AOL Inc. (AOLIN-1)
RegDate:		2000-03-24
Updated:		2014-04-21
Ref:			https://rdap.arin.net/registry/ip/172.128.0.0

Edit: Just to clarify what is happening, FreeNAS is doing a reverse lookup on the IP's on 172.168.0.0 which belongs to AOL. That is why you are seeing requests for that.

 

[NickS]

Ha! I bet that's it, that's embarrassing, just chucked in two close addresses for my back to back without thinking about it :)

Can't believe I didn't check the IP on the reverse DNS earlier!

I'll update the network settings now.

 

[NickS]

Yup, looks like this was it. No DNS requests out to aol for the last half an hour. Switched to a private /20 addressing scheme. Lesson to think things through before throwing IPs around!