• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 62
  • Last Modified:

'ipconfig /displaydns' display over 200 DNS unrecognized, should we worry

We are having a problem with a connection and came upon recommended task where we were instructed to run the line "ipconfig /displaydns".   This displayed a series of sites unrecognized to us.

The result showed over 200 DNS and with the list actual sites and IPs.  The sites are in line "Record Name . . . . . :" and "CNAME Record  . . . . : ", the IPs are in line "A (Host) Record . . . :".

For example:
    in.greta.io
    ----------------------------------------
    Record Name . . . . . : in.greta.io
    Record Type . . . . . : 1
    Time To Live  . . . . : 41482
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 35.186.212.13

Open in new window


and
    p2-eiiarhhxducde-vnxdzw56kwg3gh6t-299593-i1.stbcast3-stb.metric.gstatic.com
    ----------------------------------------
    Record Name . . . . . : p2-eiiarhhxducde-vnxdzw56kwg3gh6t-299593-i1.stbcast3-stb.metric.gstatic.com
    Record Type . . . . . : 1
    Time To Live  . . . . : 79151
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 216.239.32.62

Open in new window


So we wanted to know,
  • what is causing this?
  • should we worry?
  • what should we do?
0
rayluvs
Asked:
rayluvs
  • 5
  • 4
  • 3
4 Solutions
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Well all this is revealing what the websites are pulling from in the background. Web pages apps, and Windows are all making calls to different resources over the Internet. The DNS lookups are all cached on your computer.

As an example, this Experts Exchange page here is pulling from the following domains when looking at the stats in my browser:
www.experts-exchange.com
cdn.experts-exchange.com
expertsexchange.112.2o7.net
filedb.experts-exchange.com

And I'm using uBlock Origin so this is going to be greatly reduced.
0
 
KimputerCommented:
Even during the most simple browsing session, your browser fires away countless of cloud based services (be it Google, ad services or content delivery networks). In your case, those are still normal requests you make on a more busy website (news outlet or such).
1
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Bottom line is this is normal.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
rayluvsAuthor Commented:
Understood and gives a relief.  

However, if we were check them out, recommended steps you guys recommend?
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
What do you mean "check them out"?
0
 
KimputerCommented:
Would require extreme knowledge of all hosts. I know in.greta.io is checking for CDN, while gstatic is Google owned. For you to do that, takes you a lot of time to find out, making it a 24/7 job to keep up with all the hostnames used every day.
You could use some algorithm to lessen the load as times go by (slowly whitelisting the known ones), but still requires a lot of time.
0
 
rayluvsAuthor Commented:
I  got it, you mean check every site and google them one by one (yes, painstaking)
0
 
KimputerCommented:
Some are not revealed by a simple google query, and needs quite a bit more research.
0
 
rayluvsAuthor Commented:
Ok, prior closing the question, can you suggest some of "bit more research"? (just a little to direct us the right way)
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
It depends on what kind of research you want to do. If you are just concerned about browser activity then something like Privacy Badger (from the EFF https://www.eff.org/privacybadger) or uBlock Origin can do logging and blocking and show you a lot of resources that are being pulled from. You can also hit F12 when in your browser and you can explore all the elements.

More in depth would be to use wireshark on your computer and filter by DNS...

But if you're looking for general security knowledge then I have to say that the landscape is always changing. Following blogs or podcasts is how I keep up with it.... as best I can.
0
 
rayluvsAuthor Commented:
Thanx!!!
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Glad to help. :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

  • 5
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now