this post was submitted on 14 May 2025
22 points (100.0% liked)

Librewolf

208 readers
1 users here now

Overview:

The secure and private firefox fork!

Website

Install

Matrix

Contribute

Related:

!waterfox@programming.dev

!privacy@lemmy.dbzer0.com

founded 2 months ago
MODERATORS
Sunshine@programming.dev
Sunshine@lemmy.ca
22
LibreWolf sends a DNS query to "host" on startup – why? (programming.dev)
submitted 2 days ago by ariadna@programming.dev to c/librewolf@programming.dev
5 comments fedilink hide all child comments
 

Hi everyone, When starting LibreWolf, I noticed that it sends the following DNS query:

Standard query 0x053e A host
Standard query response 0x053e A host SOA ns0.centralnic.net

The query is for a non-existent domain host, and the response includes an SOA record from ns0.centralnic.net. I'm wondering why LibreWolf is making this request. Is it related to security features, DNS caching, connection checks, or something else?

DNS is set manually, but this query still appears every time the browser launches.

Any insights would be appreciated!

top 5 comments
sorted by: hot top controversial new old
[–] slazer2au@lemmy.world 3 points 1 day ago

I wonder if this is part of its captive portal testing.

[–] Scipitie@lemmy.dbzer0.com 5 points 2 days ago (1 children)

The magic seems to be on what comes next - the log you posted looks to me like w normal DNS query via your cgnat (the 100.x.x.x ip) and that got answered by centralnic as the SOA. If that's because your DND is configured that way or the request for cascaded until the SOA had to answer I see no way of telling for sure.

For the reason why: as it's right at the startup I'd guess update check or telemetry - those are my go-to suspects:)

[–] ariadna@programming.dev 2 points 2 days ago (1 children)

I was thinking along the same lines. At this point, I have:

  • Removed all URLs in about:config
  • Disabled browser updates
  • Disabled all telemetry settings I could find

Despite all these actions, the browser still sends this request on startup. I'm starting to think it might be a setting that can't be changed via about:config.

[–] Scipitie@lemmy.dbzer0.com 1 points 1 day ago

Posting on mobile, worked in desktop so no links. Don't as why please :p

Ok I dug a bit into the Firefox code (that's where it's from). If I understand it correctly that query is part of the nameserver init.

It comes from the file nsEffectiveTLDService.dat and seems to be used by the cpp of the same name.

My c++ is not good enough to understand how or why though - I guess it's a fallback or validation or something. Can't see anything malicious though!

Still nice find, thanks a lot for that rabbit hole!

[–] SatanClaus@lemmy.dbzer0.com 3 points 2 days ago

Is it verifying the browser has internet connectivity or something?