I wrote – quite some time ago about those strange DNS queries what I have seen when Chromium (with the latest version of 17.0.963.79 (Developer Build 125985 Linux) Ubuntu 11.10 as well) is running, like this one:
I was still puzzled and wanted to know whats going on, what this is for.
First problem was, I needed an easy configurable DNS server to respond to all those queries, to respond with something I am in control. My assumption was that they are quite likely HTTP requests – maybe even POST requests, but that would be scary and potentially for another post on here.
After some searching I came across a mini DNS server written in Python, downloaded and – it just works. Ok, so lets have a look. I changed that mini DNS server to respond to any query with my machine’s IP and made sure that a webserver is running on that, at least for serving just /, I only wanted to see the initial query from Chromium.
Fired up Wireshark (brilliant tool!) and Chromium. Visiting any site was kinda funny, as I always ended up on my local machine… anyway, Wireshark was collecting nicely data and here you go:
HEAD / HTTP/1.1 Host: asdclvxexk Connection: keep-alive Content-Length: 0 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/17.0.963.79 Chrome/17.0.963.79 Safari/535.11 Accept-Encoding: gzip,deflate,sdch
HTTP/1.1 200 OK Date: Wed, 28 Mar 2012 20:02:54 GMT Server: Apache/2.2.20 (Ubuntu) Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 20 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html;charset=UTF-8
Nothing exciting here. RFC 2696 states for HEAD:
The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. The metainformation contained in the HTTP headers in response to a HEAD request SHOULD be identical to the information sent in response to a GET request. This method can be used for obtaining metainformation about the entity implied by the request without transferring the entity-body itself. This method is often used for testing hypertext links for validity, accessibility, and recent modification.
Puzzled. Confused. Why oh why?
You could say the HEAD request is some sort of a “Ping” request on a high level – does this URI exist? But where does this lead us to? The hostname of the queries I have seen so far is always 10 characters long.
I fired my tools up again, checked whether it is all still “working” and closed Chromium, at least no data is sent someplace else.