Chrome and its strange DNS queries

edited August 2017 in Software
Just want to leave this here in case someone has the same experience I did.

I was having some trouble with my Internet, so I started poking around in the router logs to see what was going on. Then I saw these odd requests popping up:

WeirdChromeRequests.png

Seemingly random strings for DNS queries. I thought I had a virus or someone was trying to hack me somehow. Finally after some searching, I learned that Chrome makes random queries like that when it's first launched. Neither my girlfriend nor I use Chrome very often, but it turns out she had launched it just before I looked at the logs. Phew.

As for my Internet problems, I think it was just Frontier being a piece of crap again. :roll:

Comments

  • Just a quick idea/tidbit here:

    Those look like extension IDs, the first part of the FQDN's in question. Chrome uses weird random strings to identify them internally. Your router is probably setting your DNS search to your reverse DNS base, stbo.ga.frontiernet.net, and thus the chrome startup causes it to access http://esyrvhxegxq/whatever-bullshit-thing-it-needs.js which is ultimately local but still causes a DNS chain because it's otherwise an invalid domain.
  • hmm, that's possible.

    The explanation I read is this: "Chrome also tries to find out if someone is messing up with the DNS (i.e. “nasty” ISPs that have wildcard DNS servers to catch all domains). Chrome does this by issuing 3 DNS requests to randomly generated domain names, for every DNS extension configured."
Sign In or Register to comment.