-2

I have a Pi_hole installed on my network as my DNS server. While perusing the logs, I noticed that a windows 10 PC on my network makes frequent A DNS requests for npi64eceb.fritz.box - I have no idea what this site is or why my machine might need to resolve it.

My Pi-Hole responds with NXDOMAIN, and third party DNS lookup sites record no domain either.

This is happening every 20-30s or so - how can I find out what is going on?

ThatDataGuy
  • 183
  • 1
  • 5

2 Answers2

0

Install Wireshark on the Windows 10 PC, and run it to capture the DNS and network data.

Then perform closer inspection to identify which service and or port is performing the queries.

madacoda
  • 215
  • 1
  • 9
0

From an elevated command prompt type:

netstat -a -o 1 >c:\netstat.txt

Let that run for a few minutes then press Ctrl C to stop the command. Then go look at the netstat.txt file. Find the traffic to fritz.box and look at the process ID of the process generating that traffic. Then go look at the process.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • I did this, and there is no mention of fritz.box in the output. Perhaps the pi hole is labelling this requests wrong. – ThatDataGuy May 30 '20 at 10:32