strange spam of wpad queries ...from the other side

pmf026 · February 24, 2025, 03:40:00 AM

Legend:

216.66.80.90 / 2001:470:27:3be::1 = my tunnel endpoint
2001:470:0:11e::2 = tserv1.sto1.he.net.
2001:470:27:3be::2 my server that being queried for 'wpad' record.
lan.kaillera.ru. is my local network zone (v4+v6)

Question: What might be the cause of this? I mean, everything works fine on my end, and yet there are tons of these in my logs...

Code Select

24-Feb-2025 08:58:39.686 security: info: client @0x7f11bc4d7670 2001:470:0:11e::2#25167 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/A/IN' denied
24-Feb-2025 08:58:39.690 security: info: client @0x7f11c853f7d0 216.66.80.90#23548 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/AAAA/IN' denied
24-Feb-2025 08:58:39.706 security: info: client @0x7f11c854b740 2001:470:0:11e::2#28185 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/A/IN' denied
24-Feb-2025 08:58:39.706 security: info: client @0x7f11cc65a2b0 2001:470:0:11e::2#61861 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/AAAA/IN' denied
24-Feb-2025 08:58:39.726 security: info: client @0x7f11bc56ee10 2001:470:0:11e::2#52237 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/A/IN' denied
24-Feb-2025 08:58:39.726 security: info: client @0x7f11c44f6c20 2001:470:0:11e::2#17834 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/AAAA/IN' denied
24-Feb-2025 09:21:45.448 security: info: client @0x7f11c854ed90 2001:470:0:11e::2#5745 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/AAAA/IN' denied
24-Feb-2025 09:21:45.456 security: info: client @0x7f11c853f7d0 216.66.80.90#50366 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/A/IN' denied
24-Feb-2025 09:21:45.468 security: info: client @0x7f11cc681580 2001:470:0:11e::2#34186 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/AAAA/IN' denied
24-Feb-2025 09:21:45.476 security: info: client @0x7f11c854ed90 2001:470:0:11e::2#11063 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/A/IN' denied
24-Feb-2025 09:21:45.484 security: info: client @0x7f11bc4f9e10 2001:470:0:11e::2#17678 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/AAAA/IN' denied
24-Feb-2025 09:21:45.492 security: info: client @0x7f11c4537930 2001:470:0:11e::2#40996 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/A/IN' denied
24-Feb-2025 09:21:45.504 security: info: client @0x7f11c853f7d0 216.66.80.90#39871 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/AAAA/IN' denied
24-Feb-2025 09:21:45.512 security: info: client @0x7f11bc4f9e10 2001:470:0:11e::2#53345 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/A/IN' denied

pmf026 · February 25, 2025, 04:02:26 PM

It was my Win10 machine to blame after all and its MSFTNetworkConnectivityServiceIndicator.
I'd never figure it out if my link-local address wasn't logged just in time.

Code Select

26-Feb-2025 02:20:16.332 security: info: client @0x7fb5c854e2c0 fe80::d3af:9874:b7bb:2fd7%2#59703 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/A/IN' denied
26-Feb-2025 02:20:16.500 security: info: client @0x7fb5b0490a60 fe80::d3af:9874:b7bb:2fd7%2#54335 (dns.msftncsi.com): query (cache) 'dns.msftncsi.com/A/IN' denied
26-Feb-2025 02:20:56.911 security: info: client @0x7fb5c457aaf0 2001:470:0:11e::2#23632 (wpad.lan.kaillera.ru): query 'wpad.lan.kaillera.ru/A/IN' denied

News:

strange spam of wpad queries ...from the other side

pmf026

pmf026