Hi everyone, When starting LibreWolf, I noticed that it sends the following DNS query:
Standard query 0x053e A host
Standard query response 0x053e A host SOA ns0.centralnic.net
The query is for a non-existent domain host, and the response includes an SOA record from ns0.centralnic.net. I'm wondering why LibreWolf is making this request. Is it related to security features, DNS caching, connection checks, or something else?
DNS is set manually, but this query still appears every time the browser launches.
Any insights would be appreciated!
The magic seems to be on what comes next - the log you posted looks to me like w normal DNS query via your cgnat (the 100.x.x.x ip) and that got answered by centralnic as the SOA. If that's because your DND is configured that way or the request for cascaded until the SOA had to answer I see no way of telling for sure.
For the reason why: as it's right at the startup I'd guess update check or telemetry - those are my go-to suspects:)
I was thinking along the same lines. At this point, I have:
about:configDespite all these actions, the browser still sends this request on startup. I'm starting to think it might be a setting that can't be changed via
about:config.Posting on mobile, worked in desktop so no links. Don't as why please :p
Ok I dug a bit into the Firefox code (that's where it's from). If I understand it correctly that query is part of the nameserver init.
It comes from the file nsEffectiveTLDService.dat and seems to be used by the cpp of the same name.
My c++ is not good enough to understand how or why though - I guess it's a fallback or validation or something. Can't see anything malicious though!
Still nice find, thanks a lot for that rabbit hole!