Is there any way for a blocked domain request to be recorded outside of an explicit browser request?

Comments

4 comments

  • Avatar
    rotblitz

    Nearly every networking program and device (even the router) in your network can perform DNS lookups, not just browsers. The non-browser generated DNS lookups can even be the majority. And there are software updates, mail programs, time sync, VoIP, IPTV, the Operating Systems themselves and possibly much more all performing DNS lookups all day.

    "other than a user explicitly making a url request"

    This kind of DNS lookups is clearly the minority nowadays. Most major sites load content from multiple domains, so visiting a URL usually comes with a bunch of DNS lookups against different domains before a connection can even be established. Just an example, visiting https://www.facebook.com/

    www.facebook.com
    ocsp.verisign.com
    fbstatic-a.akamaihd.net
    fbcdn-profile-a.akamaihd.net    
    fbcdn-sphotos-e-a.akamaihd.net    
    fbexternal-a.akamaihd.net
    fbcdn-sphotos-d-a.akamaihd.net    
    fbcdn-sphotos-g-a.akamaihd.net    
    fbcdn-sphotos-f-a.akamaihd.net    
    fbcdn-sphotos-a-a.akamaihd.net    
    5-p-06-ash2.channel.facebook.com

    If you are interested in seeing this real-time just for one computer, try http://www.nirsoft.net/utils/dns_query_sniffer.html

  • Avatar
    cervezafria

    You will not always see a blocked domain notification. As rotblitz pointed out, visiting Facebook presents connections to multiple domains. If tracking/adware sites are blocked, for example, it's unlikely you will see a notification. In contrast, if the domain in your address bar is blocked, you will typically be presented a notification.

    FWIW I see 27 blocked instances of "stumbleupon.com" in my stats, but never have I received a blocking notice because these connection attempts were all incidental to other sites I visitied.

  • Avatar
    clspa

    This is an interesting conversation. I started using the free parental controls just a couple of days ago and today was my 14 year-old son's first day home since I put Open DNS on the router. I just checked the stats for today and it says that something like 80 different porn sites were blocked? Some of them many times. Even if my son did click on one or two sites (and I'm not even sure that he did), how could so many requests have been generated? He wasn't even at home (or by himself) for most of the day. He does have an iPod and I'm wondering if some of his apps generate some of these DNS look-ups without him even being aware of it?

  • Avatar
    rotblitz

    Beside what has been said above already, many browsers have DNS prefetching enabled, this causing to raise a DNS lookup for every and each link found at webpages, no matter if the links ever will be followed.

    And generally, nobody is aware of the DNS lookups being generated. This is done by the OS and by networking programs, usually not by humans. Tools like the OpenDNS stats and others can reveal this.

Please sign in to leave a comment.