IPC querying 'none' domain

rscole

n3wb
Joined
Apr 14, 2017
Messages
5
Reaction score
1
As part of setting up my first camera/nvr, I am trying to determine that the camera is not trying to phone home etc.
The camera is a IPC-HDW5231R-Z. According to my pi-hole logs it will regularly query a domain of 'none'. I have used wireshark, and all it shows is normal ARP traffic.

I have also asked this question here and here, however I am not getting any further.
Any ideas now what the camera may be attempting?
 

looney2ns

IPCT Contributor
Joined
Sep 25, 2016
Messages
10,712
Reaction score
10,944
Location
Evansville, In. USA
Block it in your router, turn off UPNP in cam and router.
Put in a fake Gateway IP in the cam.
Don't forward any ports.
Your good.
 

rscole

n3wb
Joined
Apr 14, 2017
Messages
5
Reaction score
1
I cannot block it with my current router, but will when I set up the Edgerouter (I could do it with the pihole now). Upnp is already disabled on both. I have no ports forwarded to the camera or NVR.
Yes I will put in a fake gateway.
And I'm already 'good'.

I am interested in WHY the camera is querying 'none' in the first place, or if anyone else has seen it with their cameras.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
14,070
Reaction score
5,162
Location
Scotland
According to my pi-hole logs it will regularly query a domain of 'none'.
is that the fully qualified domain name? And what type of query?

I have used wireshark, and all it shows is normal ARP traffic.
Do you have port mirroring implemented for the wireshark snoop point?
If not, all you will see is either broadcasts such as ARP, or traffic to/from the PC.
 

rscole

n3wb
Joined
Apr 14, 2017
Messages
5
Reaction score
1
Thanks for the reply. I must admit it has been a long time since I played with wireshark, and forgot completely about the port mirroring.
I was only monitoring on the rpi, as it is my dns server for ad blocking purposes. Presumably, as I have not set up port mirroring, I will only ever see the DNS query with wireshark running on the pi.

As you can see below, to the best of my knowledge, the domain is 'none'. Not sure if this effects it, but the pi-hole is set to Never forward non-FQDNs. I did have this disabled at one point, but do not think it made any difference to the pi-hole logging.

Queries
none: type A, class IN
Name: none
[Name Length: 4]
[Label Count: 1]
Type: A (Host Address) (1)
Class: IN (0x0001)
 
Top