FOOD FOR THOUGHT DNS traffic

N

Nubleet

New Member
Joined
Nov 16, 2015
Messages
17
Reaction score
0
Any reason why I would be seeing so much DNS traffic on my newly setup IncrediblePBX? Here is a snippet from my firewall logs.
Code: 
===================================================================================
2015-11-24 11:12:39 Allow 50.75.22.74 XXX.XXX.XXX.XXX dns/udp 30944 53 0-External-Fiber 2-DMZ Allowed 73 238 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
2015-11-24 11:12:39 Allow 65.160.76.28 XXX.XXX.XXX.XXX dns/udp 52572 53 0-External-Fiber 2-DMZ Allowed 73 238 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
2015-11-24 11:12:42 Allow 64.20.96.215 XXX.XXX.XXX.XXX dns/udp 57087 53 0-External-Fiber 2-DMZ Allowed 74 241 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
2015-11-24 11:12:43 Allow 86.56.150.44 XXX.XXX.XXX.XXX dns/udp 16542 53 0-External-Fiber 2-DMZ Allowed 70 240 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
2015-11-24 11:12:43 Allow 112.254.153.200 XXX.XXX.XXX.XXX dns/udp 31174 53 0-External-Fiber 2-DMZ Allowed 73 238 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
2015-11-24 11:12:44 Allow 49.31.121.174 XXX.XXX.XXX.XXX dns/udp 55788 53 0-External-Fiber 2-DMZ Allowed 73 238 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
2015-11-24 11:12:44 Allow 77.177.8.133 XXX.XXX.XXX.XXX dns/udp 41447 53 0-External-Fiber 2-DMZ Allowed 73 238 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
2015-11-24 11:12:45 Allow 110.107.45.190 XXX.XXX.XXX.XXX dns/udp 2198 53 0-External-Fiber 2-DMZ Allowed 73 244 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
2015-11-24 11:12:45 Allow 75.253.38.252 XXX.XXX.XXX.XXX dns/udp 48374 53 0-External-Fiber 2-DMZ Allowed 72 238 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
2015-11-24 11:12:47 Allow 57.18.163.142 XXX.XXX.XXX.XXX dns/udp 5044 53 0-External-Fiber 2-DMZ Allowed 73 237 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
2015-11-24 11:12:47 Allow 111.167.185.87 XXX.XXX.XXX.XXX dns/udp 38567 53 0-External-Fiber 2-DMZ Allowed 73 237 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
2015-11-24 11:12:47 Allow 97.236.223.133 XXX.XXX.XXX.XXX dns/udp 41311 53 0-External-Fiber 2-DMZ Allowed 73 238 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
2015-11-24 11:12:48 Allow 119.74.146.242 XXX.XXX.XXX.XXX dns/udp 32648 53 0-External-Fiber 2-DMZ Allowed 73 235 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
2015-11-24 11:12:51 Allow 67.141.134.61 XXX.XXX.XXX.XXX dns/udp 2905 53 0-External-Fiber 2-DMZ Allowed 73 237 (Asterisk-Incoming-00)  proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="10.10.102.9"     Traffic
======================================================================================
This happens quite a bit.
 
Last edited by a moderator:
N

Nubleet

New Member
Joined
Nov 16, 2015
Messages
17
Reaction score
0
oic. That would make sense. So, then I can just delete these trunks and it will all go away I assume.
 
tbrummell

tbrummell

Guru
Joined
Jan 8, 2011
Messages
1,275
Reaction score
339
Yes, you can delete the trunks. If that is what is causing the DNS requests, they will go away. I dug a few of the pre-programmed host names and they didn't match any IP's you posted, but there could be something else doing DNS requests on boot as well.
To prove it's something in the PBX, issue a "amportal restart" while tailing your DNS logs, you should see the requests go out while Asterisk starts (if it is Asterisk causing it).
 
F

frederic

Guru
Joined
May 18, 2008
Messages
58
Reaction score
4
If you have a big enough network to require SIP phones and a PBX, you would benefit by having a local caching DNS server on the same network. That won't solve your problem, but it will make DNS requests that much quicker. Going to google dns or your ISP's DNS all the time eats bandwidth and slows things down a bit.
 
You must log in or register to reply here.

Members online

Total: 101 (members: 1, guests: 100)

Latest Posts

Forum statistics

Threads
25,812
Messages
167,765
Members
19,241
Latest member
bellabos
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Top