I've started noticing that when I'm using netstat(1),
I will often see outbound tcp requests for sunrpc (port 111).
This seems to happen anytime I fail to use the '-n' flag.
I don't believe this is expected, but I figured I'd ask.
My understanding is that the '-n' flag will prevent two things:
1. Translation of port numbers to port names,
which uses a lookup file (/etc/services)
2. Translation of IP addresses to domain names
Currently, my OpenBSD machine has only 1 active connection
and that's for NTP.
I'm using the command 'netstat -f inet'.
Here's what that output looks like:
Proto Recv-Q Send-Q Local Address Foreign Address
udp 0 0 192.168.2.3.6145 192.168.1.251.123
In a packet capture, the first two packets are a PTR request
and response for 192.168.2.3.
In the second two packets are an A record request
and response for localhost.home.arpa.
I'm quite confused by this.
'.home.arpa' is the domain I've sent on the OpenBSD machine.
The machine is not named 'localhost'.
I realize that localhost refers to the machine itself.
However, I don't understand why it would send an A record request.
In the netstat(1) output, there are only IPs, not names.
So I don't understand this.
The next packets in the packet capture are tcp outbound requests
on port 111 and the requests are destined for
the IP address of localhost.home.arpa.
These requests are actually trying to go to an external host.
My understanding is that in a home network environment,
most ISPs will not return a 'no such name' request.
Instead, they'll return an IP address
that will redirect to you to some landing page of theirs.
The last two packets in the packet capture are a PTR request
and response for 192.168.1.251.
Given what I was seeing, I started to wonder what would happen
if an IP wasn't returned for localhost.home.arpa.
I decided to change the DNS server from my ISP's to Cloudflare's.
When I did this, I still see the same A record request
for localhost.home.arpa.
However, the request does not return an IP
and no outbound sunrpc requests are attempted.
But a sunrpc request will still be attempted to the device itself.
I realize that if I always use the '-n' flag,
no sunrpc requests will be attempted nor will any A record requests
for localhost.home.arpa (or any other name).
However, this would mean I could never translate IPs to names.
I realize I could change my DNS servers,
which would prevent outbound sunrpc requests, but
that wouldn't explain why sunrpc requests are attempted at all
or the A record request for localost.homa.arpa.
I feel like I have a handle on the problem and solutions.
However, I'm more interested in some of the behavior
on OpenBSD's end.
The two questions I have are:
1. Why does OpenBSD send an A record request
for localhost.home.arpa?
2. Whether or not the A record request returns an IP or not,
OpenBSD will attempt a sunrpc request, either to the IP returned
or to itself. Why is this?
I have no familiarity with sunrpc.
The machine is not running sunrpc.
Very little on the machine has been changed from the default.
Any information on this is appreciated. Thanks.
