I've started noticing that when I'm using netstat(1), I will often see outbound tcp requests for sunrpc (port 111). This seems to happen anytime I fail to use the '-n' flag. I don't believe this is expected, but I figured I'd ask.
My understanding is that the '-n' flag will prevent two things: 1. Translation of port numbers to port names, which uses a lookup file (/etc/services) 2. Translation of IP addresses to domain names Currently, my OpenBSD machine has only 1 active connection and that's for NTP. I'm using the command 'netstat -f inet'. Here's what that output looks like: Proto Recv-Q Send-Q Local Address Foreign Address udp 0 0 192.168.2.3.6145 192.168.1.251.123 In a packet capture, the first two packets are a PTR request and response for 192.168.2.3. In the second two packets are an A record request and response for localhost.home.arpa. I'm quite confused by this. '.home.arpa' is the domain I've sent on the OpenBSD machine. The machine is not named 'localhost'. I realize that localhost refers to the machine itself. However, I don't understand why it would send an A record request. In the netstat(1) output, there are only IPs, not names. So I don't understand this. The next packets in the packet capture are tcp outbound requests on port 111 and the requests are destined for the IP address of localhost.home.arpa. These requests are actually trying to go to an external host. My understanding is that in a home network environment, most ISPs will not return a 'no such name' request. Instead, they'll return an IP address that will redirect to you to some landing page of theirs. The last two packets in the packet capture are a PTR request and response for 192.168.1.251. Given what I was seeing, I started to wonder what would happen if an IP wasn't returned for localhost.home.arpa. I decided to change the DNS server from my ISP's to Cloudflare's. When I did this, I still see the same A record request for localhost.home.arpa. However, the request does not return an IP and no outbound sunrpc requests are attempted. But a sunrpc request will still be attempted to the device itself. I realize that if I always use the '-n' flag, no sunrpc requests will be attempted nor will any A record requests for localhost.home.arpa (or any other name). However, this would mean I could never translate IPs to names. I realize I could change my DNS servers, which would prevent outbound sunrpc requests, but that wouldn't explain why sunrpc requests are attempted at all or the A record request for localost.homa.arpa. I feel like I have a handle on the problem and solutions. However, I'm more interested in some of the behavior on OpenBSD's end. The two questions I have are: 1. Why does OpenBSD send an A record request for localhost.home.arpa? 2. Whether or not the A record request returns an IP or not, OpenBSD will attempt a sunrpc request, either to the IP returned or to itself. Why is this? I have no familiarity with sunrpc. The machine is not running sunrpc. Very little on the machine has been changed from the default. Any information on this is appreciated. Thanks.