0

NXdomain what is it? I'm being bombarded by it.

I have no idea what NXdomain is. After being hit by it several times, I decided to look it up, apparently it's something to do with ISP's trying to highjack DNS request. I've noticed this since I've been using nextDNS off and on, however today I was hit multiple times, back to back with it. I use a VPN in conjunction with nextDNS services. Earlier in the day I noticed: content-autofill.googleapis.com was coming to/through my Android device, even though I never have and never will use Google autofill for anything. So I blocked it. And if you look at the log, it shows Google being first and last of the NXdomain bombardment. Any coincidence? What do you think? Should I just block NXdomain altogether?

Here is a link to the same screenshot:

https://drive.proton.me/urls/1HXDCJGFQC#WgAWjAokTfaw

1 reply

null
    • A_T
    • 3 mths ago
    • Reported - view

    Interesting case.  Specially seeing nxdomin-randomstring.differentTLDs

    I've never seen such domains on my logs either on my logs.

     I suggest you gather on-device network logs to see from which app such network traffic is coming from.

    I am sure there are other apps to help you capture network traffic but the first app that comes to mind that is free and opensource is Rethink app. Rethink has a very solid log viewer which are divided into Network (apps) and DNS (dns resolutions) You can also see per app traffic.

    This could help you locate the source of this traffic.

    https://github.com/celzero/rethink-app

Content aside

  • 3 mths agoLast active
  • 1Replies
  • 129Views
  • 1 Following