Unusual dns requests

I saw below invalid dns queries from debian-minimal based app-vm on the pihole logs.

  1. AAAA, https
  2. A, https
  3. SRV, _http._tcp.https
  4. A, 0t
  5. AAAA, 0t

I could trace the first three calls to the library /usr/lib/apt/methods/http. The fourth and fifth calls does not occur often and I could not trace it.

I also think the http library is run when the service qubes-update-check runs.

Any idea on why the library /usr/lib/apt/methods/http is making invalid dns queries and how can I stop them? I did blacklist the calls in pihole, but I would like to stop them at the source.

Edit: Part of the problem is because I am using apt-cacher-ng and sources in sources.list begins with http://HTTPS//, so I guess the library is making dns request to https.
So my new questions are
why is the service qubes-update-check runs in app-vm?
why it does not use updates-proxy to check for updates?
Is it okay to turn off this service in app-vm?

3 Likes

it is how Qubes OS do updates check

It’s known and regularly confusing users

see

4 Likes

Thank you!

BTW, the below quote from github issue is no longer true when users enable apt-caher-ng. It’s not just a UX issue in that scenario.

This is primarily a UX bug, but the resolution need not be purely a UX solution.

1 Like