Local DNS lookups in OpenDNS stats

[Zonkd]

For a long time, but also just in the last three days, I've noticed queries such as these in my OpenDNS statistics:

• local
• *.in-addr.arpa
  
• users-pc
• users-android

... plus a whole bunch of queries to synology domains from the NAS

• checkip.synology.com
• checkipv6.synology.com
• payment.synology.com

despite configuring the firewall blacklist (via GUI) to block the static IP assigned to Synology NAS from WAN.

Is it indicative of local DNS accidentally going upstream and/or firewall blacklist being ignored?. Maybe I'm missing something or its just completely normal and theres nothing wrong.

Solutions tried: I've completely reset and manually reconfigured, tried latest and older firmwares. Upstream DNS setting is always off. After turning off Global DNS Filtering completely the names of devices on network (ie. users-pc) are no longer appearing in stats, but over the last week and a half it hasn't fixed the other queries.

Aside: Over the last year OpenDNS has been extremely effective at blocking a staggering number of lookups/connections from my network to clearly malicious domains - hundreds every few days - in addition to most of the other usual dirty sites. I do want to continue using it, but NOT push all my local DNS queries upstream.​

 

[System Error Message]

DNS is handled by the router and is not routed. The best way around this is to blacklist the domains in the DNS server too or to have an invalid static dns entry for it.

Those domains are not malicious and relate to LAN, multicast and your NAS. Because you're using a consumer router it doesnt have local domains preconfigured.

 

[Zonkd]

DNS is handled by the router and is not routed. The best way around this is to blacklist the domains in the DNS server too or to have an invalid static dns entry for it.

Those domains are not malicious and relate to LAN, multicast and your NAS. Because you're using a consumer router it doesnt have local domains preconfigured.

So to clarify, yes there is a problem? Yes LAN queries are being accidentally resolved by WAN DNS instead of privately by router dnsmasq? Still unsure how to proceed with fixing this - not very skilled with networking. My understanding your suggestion is to blacklist the domains mentioned earlier (eg. local, *.in-addr.arpa) in the DNS server, which would be on the router (dnsmasq) using a custom script, correct? Not via OpenDNS web config because it wouldn't really be fixing the issue itself?

Cheers

 

[System Error Message]

yup except you dont need to black list them. You can use those domains in a different way if you like so you can use names instead of ip addresses within your LAN. There isnt a script needed. See http://www.snbforums.com/threads/dns-caching-asus-stock-merlin.26218/

 

[ColinTaylor]

So to clarify, yes there is a problem?

No, not really.

Yes LAN queries are being accidentally resolved by WAN DNS instead of privately by router dnsmasq?

No. Queries are being sent to the router and then forwarded to OpenDNS if the router doesn't know what they are.

Still unsure how to proceed with fixing this - not very skilled with networking. My understanding your suggestion is to blacklist the domains mentioned earlier (eg. local, *.in-addr.arpa) in the DNS server, which would be on the router (dnsmasq) using a custom script, correct?

If I understand you, you have three issues?

1) Local devices (users-pc) being queried with OpenDNS instead of locally. You have already fixed this by setting DNS Filter properly.

2) You want to blacklist 3 x synology.com for some reason. You could do this with a hosts.add file on the router.

3) You don't like local and *.in-addr.arpa. There's probably not much you can do about these special cases. See https://support.opendns.com/entries/21737244-What-is-in-addr-arpa- and https://en.wikipedia.org/wiki/.local Although they might indicate that something on you network is misconfigured.