[dns-operations] Android - "strange" queries - connectivity check related ?
vom513 at gmail.com
Sun Jan 17 22:48:18 UTC 2021
tl;dr - Android sends “strange” queries, BIND logs errors. What is Android trying to do ?
On my home network I use BIND as my resolver. All of our devices are some form of an Apple OS, or Linux or other random embedded OS (game console, cameras, etc.)
Just today a guest at the house had an Android phone. I noticed some logs from BIND while he was connected to guest wifi, notably:
message parsing failed: FORMERR
message parsing failed: unexpected end of input
I managed to catch some of the DNS traffic from his phone (I told him I was doing this :) ) - and have it up in Wireshark. Looking at this, at the beginning of this flurry of queries, I see some for connectivitycheck.gstatic.com. So while it might be a red herring, it does seem grouped if you will with the other questionable queries. I’m familiar with the random alpha strings that chrome will query for to detect DNS wildcarding etc - this wasn’t that.
I see some INVERSE queries (opcode 1, https://tools.ietf.org/html/rfc3425)
Upon closer inspection, looks like some of the other queries have cookies - https://tools.ietf.org/html/rfc7873. Looks like my version of BIND doesn’t support cookies in it’s version/build.
So none of this has caused any problems, it just took me by surprise seeing a “normal” client generating so much “noise”.
So my acutal question - could anyone give me a summary of what this Android phone is doing - or better yet - point me to some Android developer docs or something that might/hopefully spell these mechanics out ?
Thanks in advance.
More information about the dns-operations