I found a very strange thing when I saw DNS queries for random servers on Wireshark. I am running Ubuntu 10.10 and I was pretty sure that no one is running malicious scripts on my Laptop. I was really worried when I saw DNS queries to http://www.ssa.gov and I had no idea what it was at the time. And when I googled to find out what it was the DNS queries increased.
So I had to get the bottom of this. “lsof” is a very useful program to see which process is responsible for the which network transaction. When I ran the following I found the culprit.
poo@SDT-TravelMate-8572G:~$ lsof -i udp
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
firefox-b 1855 poo 42u IPv4 27548 0t0 UDP SDT-TravelMate-8572G:41473->dns1.xxx.com.au:domain
firefox-b 1855 poo 62u IPv4 27547 0t0 UDP SDT-TravelMate-8572G:35432->dns1.xxx.com.au:domain
firefox-b 1855 poo 63u IPv4 27556 0t0 UDP SDT-TravelMate-8572G:34421->dns1.xxx.com.au:domain
So the culprit is Firefox doing DNS pre-fetching. Interesting article on that