I tried this on a fresh installation of Fedora Workstation 39. I installed wireshark and set the filter to `tcp.port == 5355` then ran the python script again with an ip of `123.123.123.123` and I see an outbound connection attempt to IP 123.123.123.123 on port 5355.
Hope that helps, Anthony From: Anthony Fuller (TR-NA) <anthony_ful...@trendmicro.com> Date: Friday, February 23, 2024 at 10:22 AM To: Cristian Rodríguez <crrodrig...@opensuse.org> Cc: systemd-devel@lists.freedesktop.org <systemd-devel@lists.freedesktop.org> Subject: Re: [systemd-devel] Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt Hi Cristian, Below is my complete /etc/nsswitch.conf file. Have you tried any other IP addresses by chance? I noticed that some IPs do not exhibit this behavior such as 1.1.1.1 and 8.8.8.8. I’m also willing to see if this behavior exists outside Debian, maybe it’s a default Debian configuration causing this. Thanks, Anthony ``` user@debian12:~$ cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files systemd group: files systemd shadow: files systemd gshadow: files systemd hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ``` From: Cristian Rodríguez <crrodrig...@opensuse.org> Date: Friday, February 23, 2024 at 10:07 AM To: Anthony Fuller (TR-NA) <anthony_ful...@trendmicro.com> Cc: systemd-devel@lists.freedesktop.org <systemd-devel@lists.freedesktop.org> Subject: Re: [systemd-devel] Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt This message was sent from outside of Trend Micro. Please do not click links or open attachments unless you recognise the source of this email and know the content is safe. On Thu, Feb 22, 2024 at 8:13 PM anthony_ful...@trendmicro.com <anthony_ful...@trendmicro.com> wrote: I tried again now with packet capture software and no such behaviour was found. ..what you have in the hosts line of nsswitch.conf ? TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. For details about what personal information we collect and why, please see our Privacy Notice on our website at: Read privacy policy<http://www.trendmicro.com/privacy>