Home > Security > Strange DNS queries when Google Chrom(ium) is running

Strange DNS queries when Google Chrom(ium) is running

I noticed something strange lately, when Google Chrom(ium) 12.0.742.112 (90304) on my up-to-date Ubuntu 11.04 is running, it sends in 10 seconds interval always DNS queries out similar to these:

09:28:54.892711 IP linux.home.lan.52626 > ipv4gw.home.lan.domain: 55443+ AAAA? www.google.com. (32)
09:28:54.899660 IP linux.home.lan.33455 > ipv4gw.home.lan.domain: 13122+ PTR? 1.1.168.192.in-addr.arpa. (42)
09:28:54.900955 IP ipv4gw.home.lan.domain > linux.home.lan.33455: 13122* 1/0/0 PTR ipv4gw.home.lan. (74)
09:28:54.901153 IP linux.home.lan.50369 > ipv4gw.home.lan.domain: 21436+ PTR? 229.1.168.192.in-addr.arpa. (44)
09:28:54.902997 IP ipv4gw.home.lan.domain > linux.home.lan.50369: 21436* 1/0/0 PTR linux.home.lan. (75)
09:28:54.944839 IP ipv4gw.home.lan.domain > linux.home.lan.52626: 55443 1/0/0 CNAME www.l.google.com. (52)
09:28:54.945042 IP linux.home.lan.41788 > ipv4gw.home.lan.domain: 60563+ A? www.google.com. (32)
09:28:55.003016 IP ipv4gw.home.lan.domain > linux.home.lan.41788: 60563 3/0/0 CNAME www.l.google.com., A 209.85.143.99, A 209.85.143.104 (84)

09:28:55.894074 IP linux.home.lan.52008 > ipv4gw.home.lan.domain: 29437+ AAAA? mmxavuhjug.home.lan. (40)
09:28:55.894357 IP linux.home.lan.35436 > ipv4gw.home.lan.domain: 521+ AAAA? vhskgbyarv.home.lan. (40)
09:28:55.894595 IP linux.home.lan.45136 > ipv4gw.home.lan.domain: 53766+ AAAA? ksufeyycxa.home.lan. (40)
09:28:55.895823 IP ipv4gw.home.lan.domain > linux.home.lan.52008: 29437 NXDomain 0/0/0 (40)
09:28:55.895963 IP linux.home.lan.36059 > ipv4gw.home.lan.domain: 12946+ A? mmxavuhjug.home.lan. (40)
09:28:55.897602 IP ipv4gw.home.lan.domain > linux.home.lan.35436: 521 NXDomain 0/0/0 (40)
09:28:55.897676 IP ipv4gw.home.lan.domain > linux.home.lan.45136: 53766 NXDomain 0/0/0 (40)
09:28:55.897765 IP linux.home.lan.44839 > ipv4gw.home.lan.domain: 64206+ A? ksufeyycxa.home.lan. (40)
09:28:55.897835 IP linux.home.lan.41554 > ipv4gw.home.lan.domain: 45782+ A? vhskgbyarv.home.lan. (40)
09:28:55.899852 IP ipv4gw.home.lan.domain > linux.home.lan.36059: 12946 NXDomain 0/0/0 (40)
09:28:55.899993 IP ipv4gw.home.lan.domain > linux.home.lan.44839: 64206 NXDomain 0/0/0 (40)
09:28:55.900277 IP linux.home.lan.37840 > ipv4gw.home.lan.domain: 24605+ AAAA? ksufeyycxa.home.lan. (40)
09:28:55.900530 IP linux.home.lan.38511 > ipv4gw.home.lan.domain: 59521+ AAAA? mmxavuhjug.home.lan. (40)
09:28:55.902077 IP ipv4gw.home.lan.domain > linux.home.lan.41554: 45782 NXDomain 0/0/0 (40)
09:28:55.902148 IP ipv4gw.home.lan.domain > linux.home.lan.37840: 24605 NXDomain 0/0/0 (40)
09:28:55.902503 IP linux.home.lan.36729 > ipv4gw.home.lan.domain: 26133+ AAAA? vhskgbyarv.home.lan. (40)
09:28:55.902630 IP linux.home.lan.37400 > ipv4gw.home.lan.domain: 39639+ A? ksufeyycxa.home.lan. (40)
09:28:55.904271 IP ipv4gw.home.lan.domain > linux.home.lan.38511: 59521 NXDomain 0/0/0 (40)
09:28:55.904344 IP ipv4gw.home.lan.domain > linux.home.lan.36729: 26133 NXDomain 0/0/0 (40)
09:28:55.904469 IP linux.home.lan.38786 > ipv4gw.home.lan.domain: 4130+ A? mmxavuhjug.home.lan. (40)
09:28:55.904570 IP linux.home.lan.42703 > ipv4gw.home.lan.domain: 52825+ A? vhskgbyarv.home.lan. (40)
09:28:55.906403 IP ipv4gw.home.lan.domain > linux.home.lan.37400: 39639 NXDomain 0/0/0 (40)
09:28:55.906547 IP ipv4gw.home.lan.domain > linux.home.lan.38786: 4130 NXDomain 0/0/0 (40)
09:28:55.907959 IP ipv4gw.home.lan.domain > linux.home.lan.42703: 52825 NXDomain 0/0/0 (40)

I had a play what is causing this, and I figured that it is definitely Chrome. I closed down all the tabs, and it was still happening. The queries are always different, they never repeat themselves. I wonder what would happen if one of these resolves to an actual internal IP….

Categories: Security Tags:
  1. No comments yet.
  1. No trackbacks yet.

Notify me of followup comments via e-mail. You can also subscribe without commenting.