# Odd DNS queries



## kpa (May 5, 2016)

I recently started blocking DNS queries on my systems so that no client can do DNS queries on anything else but the local router/firewall that is now running pfSense 2.3. I started noticing some really strange stuff in my logs today:


```
May 5 16:21:01 LAN   10.71.14.9:46929   69.171.239.13:53 UDP
```

That's a log entry from the block rule. The 10.71.14.9 address is my Android phone and the 69.171.239.13 address belongs to Facebook according to whois(1). I do run the facebook app on my phone but surely it should have no business sending DNS queries anywhere else but the local resolver (what it is told to use by DHCP)?

Anyone have a clue what purpose those queries would serve? I'm pretty sure my phone is not infected by any malware or anything of that sort.


----------



## tingo (May 5, 2016)

You should turn the question around: why do you think that the Facebook app (or your mobile phone for that matter) would rely on a local resolver?
Do you think that the "universe" of the mobile phone is put together by someone who understands networking?


----------



## kpa (May 5, 2016)

Well, whatever it's trying to do is not working now  I do have a hunch that it's related to application updates on android but not sure yet, the timestamps on log entries do seem to correlate with the Facebook app updates that have quite frequent recently.


----------

