28 March 2012

I wrote - quite some time ago about those strange DNS queries what I have seen when Chromium (with the latest version of 17.0.963.79 (Developer Build 125985 Linux) Ubuntu 11.10 as well) is running, like this one:

mmxavuhjug.home.lan.

I was still puzzled and wanted to know whats going on, what this is for.

First problem was, I needed an easy configurable DNS server to respond to all those queries, to respond with something I am in control. My assumption was that they are quite likely HTTP requests - maybe even POST requests, but that would be scary and potentially for another post on here.

After some searching I came across a mini DNS server written in Python, downloaded and - it just works. Ok, so lets have a look. I changed that mini DNS server to respond to any query with my machine's IP and made sure that a webserver is running on that, at least for serving just /, I only wanted to see the initial query from Chromium.

Fired up Wireshark (brilliant tool!) and Chromium. Visiting any site was kinda funny, as I always ended up on my local machine... anyway, Wireshark was collecting nicely data and here you go:

HEAD / HTTP/1.1
Host: asdclvxexk
Connection: keep-alive
Content-Length: 0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML,
like Gecko) Ubuntu/11.10 Chromium/17.0.963.79 Chrome/17.0.963.79
Safari/535.11
Accept-Encoding: gzip,deflate,sdch
HTTP/1.1 200 OK
Date: Wed, 28 Mar 2012 20:02:54 GMT
Server: Apache/2.2.20 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8

Nothing exciting here. RFC 2696 states for HEAD:

The HEAD method is identical to GET except that the server MUST NOT return
a message-body in the response. The metainformation contained in the HTTP
headers in response to a HEAD request SHOULD be identical to the information
sent in response to a GET request. This method can be used for obtaining
metainformation about the entity implied by the request without transferring
the entity-body itself. This method is often used for testing hypertext links
for validity, accessibility, and recent modification.

Puzzled. Confused. Why oh why?

You could say the HEAD request is some sort of a "Ping" request on a high level - does this URI exist? But where does this lead us to? The hostname of the queries I have seen so far is always 10 characters long.

I fired my tools up again, checked whether it is all still "working" and closed Chromium, at least no data is sent someplace else.



blog comments powered by Disqus