Base station queries DNS for google every 30 seconds

I have dnsmasq logs on my router showing my base station querying DNS for google.com every 30 seconds. This is highly unnecessary and needs to be eliminated in the next FW update. Please refrain from flooding your customer’s networks with unneeded traffic.

Log samples below (192.168.50.57 is the base station):

Sep 1 05:36:41 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 05:37:11 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 05:37:41 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 05:38:11 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 05:38:41 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 05:39:11 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 05:39:42 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 05:40:12 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 05:40:42 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 05:41:12 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57

Sep 1 12:12:36 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 12:13:06 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 12:13:36 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 12:14:06 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 12:14:36 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 12:15:06 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 12:15:36 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 12:16:06 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57
Sep 1 12:16:36 dnsmasq[8704]: query[A] www.google.com from 192.168.50.57

2 Likes

Kind of funny they’re using that instead of wyze.com for a keepalive status. Or is this in concert with Google hosted analytics?

Nice find, thanks for sharing, and I couldn’t agree more!

Not DNS Spoofing? What address ping www.google.com ? [172.217.11.68]
The scenario described in this tutorial uses the very tiny DNS server Dnsmasq to forge DNS entries. In short, the following steps will show you how to set up Dnsmasq and configure it to forward all DNS requests to Google’s DNS server — except the ones that you’d like to forge.
Once Dnsmasq is installed and running, clients must be told to use this DNS server to resolve IP addresses. This can be done by changing the router configuration or the network settings of the operating system or mobile device.

1 Like

A ping or DNS lookup to www.google.com will vary based on physical location. I’m in Minnesota USA and get: 172.217.1.36

Also, I think you mean you can change the DNS server setting used by client nodes by updating your DHCP scope/settings on your router? I think I’m understanding you properly, but I don’t know anything about DNSmasq.

I’m learning now though: WIKI on DNSmasq

I think it is a Google address but. . .
This IP address has been reported a total of 10 times from 3 distinct sources. 172.217.1.36 was first reported on April 27th 2019, and the most recent report was 7 months ago
IP Tracker

I don’t know much about Wyze but searching this site it seems their equipment would go through the Wyze servers (hosted by Amazon) before going to another company’s server.
If 192.168.50.57 is your Wyze base station address then I’d open a support ticket, Doesn’t seem Kosher.

1 Like