Brian Hamachek Posted February 9, 2022 Share Posted February 9, 2022 My Unifi controller is reporting that my EA-3 controller is looking up .su (Soviet Union) DNS names. What could possibly cause this? Has my controller been infected with malware? Quote Link to comment Share on other sites More sharing options...
-defunct- Posted February 9, 2022 Share Posted February 9, 2022 What OS version is it on? Quote Link to comment Share on other sites More sharing options...
-defunct- Posted February 9, 2022 Share Posted February 9, 2022 It should not be reaching out to Russian servers, but I would review the DNS requests as it might be the ntp server reverse lookup. My own system was pulling an NSA time server from that reverse lookup. Quote Link to comment Share on other sites More sharing options...
Brian Hamachek Posted February 9, 2022 Author Share Posted February 9, 2022 It's running 3.3.0.613856. Quote Link to comment Share on other sites More sharing options...
-defunct- Posted February 9, 2022 Share Posted February 9, 2022 Well, that's a nonexistent version, so... Quote Link to comment Share on other sites More sharing options...
Andrew luecke Posted February 9, 2022 Share Posted February 9, 2022 Are you using port forwarding. Also, just to confirm, are you an end user or installer? Quote Link to comment Share on other sites More sharing options...
Brian Hamachek Posted February 9, 2022 Author Share Posted February 9, 2022 I'm an installer, but I'm seeing this on my home system. I think Dunamivora might be right about NTP being the cause though. I did a tcpdump on my Unifi firewall and within a few minutes saw entries from the EA-3 resolving domains for NTP servers in France. Quote Link to comment Share on other sites More sharing options...
-defunct- Posted February 9, 2022 Share Posted February 9, 2022 To verify, you can use system manager and connect to the controller, then go to the time tab and select Legacy. That should do one ntp request per day instead of the frequent checks. That would at least let you know if all of them are the reverse dns lookups for the ntp servers. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.