Windows 10 constantly on 8.8.8.8

trish · 3 March 2021 08:50

Firewall log is showing

00:16:21 FORWARDFW green0 UDP 192.168.0.48 8.8.8.8 61986 53(DOMAIN)

00:19:54 FORWARDFW green0 UDP 192.168.0.48 8.8.4.4 59841 53(DOMAIN)

I got this Windows 10 machine that is constantly hammering 8.8.8.8 and 8.8.4.4 on port 53, no idea why is it doing 24x7.

I setup a Firewal rule to DROP that traffic.

but maybe there is a valid reason for this traffic?
I would like to redirect that traffic to my local DNS server or Unbound. but is this Wiki - Force clients to use IPFire’s DNS proxy still accurate saying?

an “any” rule is currently not accepted for DNAT rules in the IPFire WUI. Hopefully this will be possible in future.

bbitsch · 3 March 2021 09:22

There is a discussion in the community and on the dev mail list about redirecting these requests.
I do not exactly know how far the development of a solution fitting to the IPFire internals has gone, but I use the intermediate skript published in the community topic(s).

mfischer · 3 March 2021 17:25

Hi,

Yes, I’m still at it - redirecting DNS and NTP requests. And I think I found an acceptable solution - everything is working fine here - no seen problems.

I just waited for Core 154 because of this commit.

In this commit Michael rewrote a few *.ctrl files and now that Core 154 has been published I’ll rewrite dnsntpctrl(.c) the same way. And then - if everything’s still working - I’ll push “DNS-Redirect V3” to GIT.

Best,
Matthias

trish · 3 March 2021 17:44

Thank you Bernhard and Matthias. I understand it is not that simple ans quick project.

I actually don’t need at this moment a solution to redirect all DNS traffic on LAN.

Maybe just the DNS traffic going to “RED” or “WAN” or is that the same exact thing as “on LAN”?

or maybe just UDP going to 53 on RED?
or even 123 in your case

I see no traffic on 853. I even set a “private DNS” in Chrome Browser to use DoT.

On other hand I heard that Windows 10 is pushing IPv6 in their new upgrades So maybe there is IPv6 traffic that I can’t see on IPFire

trish · 5 March 2021 03:14

I was thinking… What about using

Network - Static Routes ?

would this forward all DNS traffic instead of 8.8.8.8 to my IPFire (192.168.1.100) ?

mfischer · 13 March 2021 17:03

Thought about your idea, but I’m not sure - perhaps someone else?

I’ve sent my current version to the list:
=> [PATCH] (V3) Forcing DNS/NTP

Best,
Matthias