Unusual dns requests

I saw below invalid dns queries from debian-minimal based app-vm on the pihole logs.

1. AAAA, https
2. A, https
3. SRV, _http._tcp.https
4. A, 0t
5. AAAA, 0t

I could trace the first three calls to the library /usr/lib/apt/methods/http. The fourth and fifth calls does not occur often and I could not trace it.

I also think the http library is run when the service qubes-update-check runs.

Any idea on why the library /usr/lib/apt/methods/http is making invalid dns queries and how can I stop them? I did blacklist the calls in pihole, but I would like to stop them at the source.

Edit: Part of the problem is because I am using apt-cacher-ng and sources in sources.list begins with http://HTTPS//, so I guess the library is making dns request to https.
So my new questions are
why is the service qubes-update-check runs in app-vm?
why it does not use updates-proxy to check for updates?
Is it okay to turn off this service in app-vm?

it is how Qubes OS do updates check

It’s known and regularly confusing users

see

• Some users think that enabling updates over Tor in the installer will route all update checks over Tor · Issue #9406 · QubesOS/qubes-issues · GitHub
• Feature request: disabling all clearnet update checks during installation process
• Updates check over clearnet instead of sys-whonix and other strange decisions
• Update check without sys-whonix

Thank you!

BTW, the below quote from github issue is no longer true when users enable apt-caher-ng. It’s not just a UX issue in that scenario.

This is primarily a UX bug, but the resolution need not be purely a UX solution.