0

Loads of queries in log I didn't actively make!

  I'm struggling a bit with Next DNS, I think I've got it to block the categories I don't like and implement SafeSearch. However I notice that there are a lot of queries going through on the log, the huge majority of stuff I'm not actively browsing!

See attachment, the "bbc.co.uk" stuff is mine but loads of stuff from amazon, wikipedia etc that isn't. I'm setting up a new router so there's only the laptop I'm on now on it!

Is this a security issue or just loads of "plants" of some sort by amazon, wikipedia etc to create queries e.g. monitoring my web usage etc? Should I be concerned? Even with one device I'd smash through the 300k limit, is this normal??

I've set up NextDNS using a TP Archer C80 and with the settings shown 

13 replies

null
    • Hey
    • 2 yrs ago
    • Reported - view

    TP-Link usually hits the a root servers domain a ton of times.

    The websites you visit usually have Ads and other connections that are made. So you don't have to directly visit a website but for example, ads, cdns, analytics and general necessary connections for the websites functions are loaded.

      • Paul_Monaghan
      • 2 yrs ago
      • Reported - view

      Hey  thanks! Why does TP Link do that?? Is it safe? Just checking noone is some coding isn't trying to access these from inside my network (as I say it would be from the outside having "broken in", there's no more devices connected from this end).

       

      That alone will smash through the 300k limit, I suppose nearly everyone must go over their limit in that case? 

      • Hey
      • 2 yrs ago
      • Reported - view

      Paul Monaghan It depends on the device and browsing habits. If for example I use YouTube, Reddit, Twitter etc only, it would be more than enough for the user. But again the browsing habits and general usage changes everything.

      For the TP-Link part, it happens to check if the device is connected to the internet. It happens every 30 seconds from what I know, pretty sure it's triggered by using the TP-Links DDNs service, so you can try to avoid using that if you aren't getting any constant hits as of right now. My ISP blocks most DDNS servers so I'm forced to use it as of right now.

      • Paul_Monaghan
      • 2 yrs ago
      • Reported - view

      Hey thanks again, is the DDNS enabled using the below - I don't think I do have it enabled.  That was going to be my next question - should this be enabled given I'm using the "Linked IP" method? Is there a security risk to enabling this?

       

      • Hey
      • 2 yrs ago
      • Reported - view

      Paul Monaghan It's just linking your IP to your own configuration. The only risk would be that you aren't using DNS encryption, DoT or DoH would be better in terms of security. DDNS doesn't seem to be on, I had to enable it since my IP is dynamic and changes based on Router Reboot. As long as your IP isn't changing you shouldn't need to use DDNS but you might have to enable it depending on the IP changing rate.

      • Paul_Monaghan
      • 2 yrs ago
      • Reported - view

      Hey Cheers, I assume you mean the router IP not changing? I can easily check that over the next couple of days. I assume the worst case is that the filters stop working and need setting up again?  What's the risk of not using DNS encryption? How do you set up DoT or DoH on a router - I tried following the instructions but they're not clear - loads of code etc

      • Hey
      • 2 yrs ago
      • Reported - view

      Paul Monaghan Your router doesn't seem to support it but you can do your own research to double check. If the IP changes it won't follow your Filters rules, you gotta go to your home page and link the IP again.

      You don't need to change your own configuration or modify your settings, just link the IP again and that's it.

      DDNS does the linking automatically so if you have issues, try turning it on and if you don't have constant requests to root domains that's perfect.

      What's the problem with not using DNS encryption? Your ISP can see what's going on to an extent as the requests and returns aren't protected. It's just an additional layer to have for Security reasons. If your Router doesn't support it your clients like your Phone and PC support DNS encryption either inside the OS or with downloading the NexDNS Apps.

      • Paul_Monaghan
      • 2 yrs ago
      • Reported - view

      Hey ok cheers, I did a bit of googling and I think you're right that my router doesn't support DoT or DoH, so I'll look into using the DDNS solution.

      I've had 600 queries in the half hour I've been having my tea with no browsing! By my maths I'll hit the 300k in 10 days, before my kids are even on! I'm not too fussed about it, if it works it's money well spent, I just can't believe how many there are

    • Calvin_Hobbes
    • 2 yrs ago
    • Reported - view

    Btw, your configuration ID is shown in the image  you posted.   Anyone could use it

      • Paul_Monaghan
      • 2 yrs ago
      • Reported - view

      Calvin Hobbes  thanks, I didn't realise! Does that matter - presumably that would just allow someone to use my Next DNS settings if they so wished - surely there's no security risk either to my NextDNS account or definitely not the network??

      • Paul_Monaghan
      • 2 yrs ago
      • Reported - view

      Calvin Hobbes  if there's a risk I suppose the only option is to delete the account and start again?

      • Paul_Monaghan
      • 2 yrs ago
      • Reported - view

      Calvin Hobbes Actually no dramas, I've just deleted it and set up a new one to be on the safe side. THanks for pointing this out

      • Hey
      • 2 yrs ago
      • Reported - view

      I had the response ready but seeing that something more important was pointed out didn't want to create confusion.

      -----

      Well, DNS is like a Taxi, it gets called and it does the job of transportation. Your network calls the DNS and says hey, bring me the IP for this website.

      Now you're seeing what is going on in the background, with your ISPs or any other DNS service, these happen, it's your device that's requesting the domains.

      It's as you said surpising the first time, since you get to see a part of the web that you see before. A ton of domains per each site and more than half of them are advertising and other problematic connections that aren't even necessary.

      We had a few guests for a week or two and we were doing 100k+ daily. Things like TikTok do domain requests like there is no tomorrow literally 20+ domains per app start if it's not cached.

      The usage depends heavily on the amount of Apps and Websites visited on the network, currently the router here does about 10k a day, that's with the Root Domain lookups, it completely depends on usage patterns.

      For me I can genuinely see the impact. This still depends on your use, the more random browsing and apps with ads you use, the more it matters. It should be worth it though.

Login to reply

Content aside

  • 2 yrs agoLast active
  • 13Replies
  • 268Views
  • 3 Following