Strange DNS Requests

What is the problem?
I've noticed in PiHole that OctoPrint is sending weird requests. What is causing these and can I turn them off?

What did you already try to solve it?
I have no clue.

Additional information about your setup (OctoPrint version, OctoPi version, printer, firmware, octoprint.log, serial.log or output on terminal tab, ...)
OctoPrint 1.3.10 running on OctoPi 0.16.0 on a Creality Ender-3 Pro running TH3D's Marlin 2.10d.

These very much look like a compromised machine. I have seen similar requests that end up doing a long-response recursive DNS lookup. (I am a sysadmin)
Is this pi accessible from the internet? Have you changed its ssh login from defaults?

I would suggest taking that machine offline, and quarantining it, or maybe a fresh install. And keep it inaccessible from the internet directly.

Thanks for your reply, loclhst. The machine was accessible from the internet (only port 80) but has access control on. I've disabled the port forwarding and will do a fresh install this evening. I'll report back.


Possible, but .. something legit has this sort of behavior, I'm trying to remember what. @OutsourcedGuru does this ring a bell?

(googles) ah, that's right, here's an example of how Chrome does it for legitimate reasons.

(I am a devops)

You know what - I bet it has to do with chromium. I have TouchUI installed with a small TFT display. I use Chrome as my daily driver on my other machines but they're certainly not this noisy.

Note the DNS message types seen: A and AAAA. The second is specifically an IPv6-related A record so you can clearly ignore half of these as redundancy, if you will.

During the Startup Wizard I myself always turn off the Connectivity Check feature. I assume that if this is turned on then it needs to periodically ping or otherwise test some sort of tcp-based connection (which would include a lookup). Does foosel randomly create a hostname while doing this? I dunno.

But I think you both have decided that this is Chrome's connectivity.

Bonus points for PiHole. I myself invented one of those to block ads. :laugh:

It pings a specific IP, by default I believe it's a google IP, but you can change it to whatever you want. I disable it, or set it to my router's IP (my internet has 99.9% uptime so if my router is up, chances are my internet is too).

Update: a fresh install was silent until I installed TouchUI with the goodtft display. My hunch is that it's chromium being noisy and there's nothing I can do about it.
Thanks all for your insight!