|
|
|
|
|
|
by close04
2242 days ago
|
|
|
Worth mentioning that this is just the domain resolution, not necessarily the real volume of connections. The reason they try every second sometimes (I have devices that do exactly this, ~86000 attempts every day) is because they keep failing. Assuming they resolve once they stop flooding the Pi-hole and will bundle their connections in fewer, larger chunks. Couldn't say what's in those chunks since they're encrypted but I can make a fair guess. But the bottom line is that the number of attempts to resolve the DNS doesn't say anything about how egregious the activity is. You could have a device try every second because it wants to send an "I'm alive" message home, or you could have a device attempt DNS resolution once per day and send all the traffic it captured from your network. Don't use that number as an indication of how evil the device is, I'm sure the most egregious malware or crappy IoT will be careful not to flood DNS requests. |
|
|