Advice Request Over 1.9 million DNS request overnight

Please provide comments and solutions that are helpful to the author of this topic.
mlnevese

mlnevese

Level 29
Thread author
Verified
Top Poster
Well-known
Forum Veteran
May 3, 2015
1,822
9,837
2,769
51
I configured my phone to use Adguard DNS and it registered over 1.9 million DNS requests from my phone while I was sleeping. Now I know partially blocked Google services will cause this behavior so I turned off the DNS filters on my phone so that the DNS could process them. I cleared the logs so that I could see what was going on and got over 450 requests in less than a minute. Does anyone know how to identify which processes are making all these DNS requests?
 
Last edited:
  • Like
  • Wow
Reactions: CyberTech, Sunshine-boy, Nevi and 6 others
Take a look at "Apps management" if you click an app the amount of request made is show there. Or in the "filtering log" maybe also.
Edit: If you are not using the Adguard app on your android I understood you wrong and ignore my text :D
 
Last edited:
  • Like
  • HaHa
Reactions: vtqhtr413, Nevi, piquiteco and 3 others
mlnevese said:
I configured my phone to use Adguard DNS and it registered over 1.9 million DNS requests from my phone while I was sleeping. Now I know partially blocked Google services will cause this behavior so I turned off the DNS filters on my phone so that the DNS could process them. I cleared the logs so that I could see what was going on and got over 450 requests in less than a minute. Does anyone know how to identify which processes are making all these DNS requests?
Click to expand...
For forensics and easy mode try installing glasswire firewall. It's has a great UI. It's basically an UI overlay on Windows Firewall. It is heavy on resources so I would use it only as a test if you have a slow PC. Otherwise the full version integrates with Virus total so you can run all the processes that communicate outside against VT.
 
Last edited:
  • Like
  • Thanks
Reactions: vtqhtr413, Nevi, piquiteco and 2 others
TedCruz said:
For forensics and easy mode try installing glasswire firewall. It's has a great UI. It's basically an UI overlay on Windows Firewall. It is heavy on resources so I would use it only as a test if you have a slow PC. Otherwise the full version integrates with Virus total so you can run all the processes that communicate outside against VT.
Click to expand...
The man is talking about his phone, not his PC.
 
  • Like
Reactions: CyberTech, piquiteco, mlnevese and 1 other person
mlnevese said:
I configured my phone to use Adguard DNS and it registered over 1.9 million DNS requests from my phone while I was sleeping. Now I know partially blocked Google services will cause this behavior so I turned off the DNS filters on my phone so that the DNS could process them. I cleared the logs so that I could see what was going on and got over 450 requests in less than a minute. Does anyone know how to identify which processes are making all these DNS requests?
Click to expand...
Something like the below might help to identify what is making the DNS requests

play.google.com

NoRoot Firewall - Apps on Google Play

Firewall WITHOUT ROOT. Host name name filtering, fine-grained access control.
play.google.com play.google.com
 
  • Like
Reactions: piquiteco, mlnevese, simmerskool and 1 other person
Gangelo said:
The man is talking about his phone, not his PC.
Click to expand...
Ahh in that case just use AdGuard. They currently have a great deal for lifetime lic. Just look at the link in the deals sub forum on this site. If I recall correctly a lifetime for 3 devices at $12 and their lifetime is legit. I have been using them since if I recall correctly 2014 or something along those lines. The app section allows you to see exactly how much data each app uses and you can tell it to block if not on wifi or ask to connect.
 
  • Like
  • Thanks
Reactions: vtqhtr413 and mlnevese
Gangelo said:
The man is talking about his phone, not his PC.
Click to expand...
That is true.

I doubt it's of any use, but GlassWire do have a basic data app for mobile.

Gangelo said:
Something like the below might help to identify what is making the DNS requests

play.google.com

NoRoot Firewall - Apps on Google Play

Firewall WITHOUT ROOT. Host name name filtering, fine-grained access control.
play.google.com play.google.com
Click to expand...
What about NetGuard which has more recent updates? Pro version available.
play.google.com

NetGuard - no-root firewall - Apps on Google Play

A simple way to block access to the internet per application
play.google.com play.google.com
 
  • Like
Reactions: vtqhtr413, piquiteco and mlnevese
Found the guilty party. A local mall app that was sending around 100 requests every second. Things are back to normal now. The firewall and Adguards activity monitor helped me find the guilty one :) Thanks for the help
 
  • Like
  • Applause
Reactions: CyberTech, Ink, Gandalf_The_Grey and 6 others
mlnevese said:
Found the guilty party. A local mall app that was sending around 100 requests every second. Things are back to normal now. The firewall and Adguards activity monitor helped me find the guilty one :) Thanks for the help
Click to expand...
How did you resolve the issues? By disabling the default Mail app, or blocking the request with the firewall?
 
  • Like
Reactions: Gandalf_The_Grey and mlnevese
TedCruz said:
Do you mind sharing which app it was? I would love to Wireshark it in order to see what it's sending and where since that sounds more like malware than anything else.
Click to expand...
It's the app for Barrashoping in Brazil. I have no idea if you can get it outside the Brazilian market.
 

You may also like...