dns.msftncsi.com DNS Requests Every Few Seconds

Over the weekend, I updated my wireless router to the latest revision of ASUSWRT-Merlin. I also decided to update my DietPi Pi-hole to their latest builds. Due to a full code rewrite of Dietpi, it meant a complete rebuild for that system. The release of ASUSWRT-Merlin also suggested resetting to factory defaults due to some major changes. Everything was about to be new again.

Once I got everything rebuilt and running, I noticed requests coming from my firewall to my dietpi every 10 seconds or so for dns.msftncsi.com. I immediately assumed this was some Microsoft telemetry noise on my network from MS NLA. However, the queries were coming directly from my firewall which seemed odd. Another search led me to a post on the Pi-hole discourse. After I ran nvram show | grep dns_probe, it was clear I found the culprit.

admin@gw:/tmp/home/root# nvram show | grep dns_probe
dns_probe_host=dns.msftncsi.com
dns_probe_content=131.107.255.255 fd3e:4f5a:5b81::1

I ran the following three lines and confirmed the traffic stopped. No reboot was necessary. The first post I read recommended setting dns_probe_content to 0.0.0.0 and dns_probe_host to “” (effectively blank). I later found a post by RMerlin that explains setting dns_probe_content to blank disables the watchdog service but effectively disables the dual WAN feature. It would make sense that dual WAN would require a watchdog service. So, if you use dual WAN, don’t do this. Otherwise, you should be fine.

admin@gw:/tmp/home/root# nvram set dns_probe_content=
admin@gw:/tmp/home/root# nvram set dns_probe_host=
admin@gw:/tmp/home/root# nvram commit

RPM/yum Database Corruption

Jumped onto my server and noticed a few out of date packages. A quick % sudo yum update reported the following:

error: rpmdb: BDB0113 Thread/process 12323/139745043400512 failed: BDB1507 Thread died in Berkeley DB library
error: db5 error(-30973) from dbenv->failchk: BDB0087 DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages index using db5 - (-30973)
error: cannot open Packages database in /var/lib/rpm
CRITICAL:yum.main:

Fortunately, the fix was easy:
% sudo rpm --rebuilddb

Once complete, yum update worked like new.

Weekend Reading – April 22, 2016

Blogs / News

Weekend Reading – April 15, 2016

Blogs / News

Weekend Reading – March 25, 2016

Conference / Meetups

Blogs / News

Announcing New YouTube Channel: InfoSecTech Tools

infosectech-logoFor a while, I’ve been trolling the rich world of infosec tools offered in distributions like Kali Linux and BlackArch. Many of these tools have been a huge boost to my productivity and efficiency. Whether looking to defend a network, do network discovery, or just get a better idea of what tools adversaries use, learning these tool sets is critical to the success of today’s IT pros.

I’ll be covering tutorials on some of the more relevant infosec tools, scripts, and applications to the every day IT professional. For starters, I’ll be doing tutorials and demos of information gathering tools directly listed on the Kali Linux tools website. As I build out a streamlined process and home studio, I hope to improve the format and production quality, eventually introducing personal narration instead of text only, onscreen guides.

I’d love your input and feedback as I start down this path.

Follow along here on my blog or subscribe to the InfoSecTech YouTube channel.

Thanks for your support. I’m hoping this becomes a valuable contribution to the rich community of existing IT and infosec pros.

Weekend Reading – March 18, 2016

Blogs / News

Weekend Reading – March 11, 2016

Conference / Meetups

Blogs / News

Weekend Reading – March 4, 2016

Conference / Meetups

Blogs / News

Weekend Reading – February 26, 2016

Conferences/Meetups

Blogs/News