Things to Know About Google Chrome DNS Prefetching

Archive
1

In the past we have had users post about discovering a multitude of portscans on Port 53, which turned out to be caused by DNS Prefetching done by the Google Chrome browser.  Whenever one of Chrome's numerous provisional DNS lookups came back late, Norton would log it as a portscan.

 

Now the SANS Internet Storm Center has posted an article that finds more odd behaviors with this Google Chrome feature.  For one thing, it runs a slew of mostly unnecessary DNS requests every time it starts up.  In addition, it turns out that as you type a URL in the address bar, Chrome tries to anticipate what domain you want to go to, and does DNS lookups based on your partially entered address.  So as you type in community.norton.com, Chrome does a useless DNS lookup of community.no (Norway).

 

None of these are major issues, but If you use Google Chrome and you notice strange DNS happenings :smileysurprised:, you might want to turn off DNS Prefetching.

 

http://isc.sans.edu/diary.html?storyid=10312

2

 

SendOfJive wrote:

In the past we have had users post about discovering a multitude of portscans on Port 53, which turned out to be caused by DNS Prefetching done by the Google Chrome browser.  Whenever one of Chrome's numerous provisional DNS lookups came back late, Norton would log it as a portscan.

 

Now the SANS Internet Storm Center has posted an article that finds more odd behaviors with this Google Chrome feature.  For one thing, it runs a slew of mostly unnecessary DNS requests every time it starts up.  In addition, it turns out that as you type a URL in the address bar, Chrome tries to anticipate what domain you want to go to, and does DNS lookups based on your partially entered address.  So as you type in community.norton.com, Chrome does a useless DNS lookup of community.no (Norway).

 

None of these are major issues, but If you use Google Chrome and you notice strange DNS happenings :smileysurprised:, you might want to turn off DNS Prefetching.

 

http://isc.sans.edu/diary.html?storyid=10312

Personally I would not install anything on my computer that is from Google. I don't even like the fact that all that google stuff is in the default whitelist in NoScript.

 

3

Very interesting information, SendOfJive, and goes a long way to explain some of those incredibly confusing portscan threads.

4

 

reactivate wrote:

I don't even like the fact that all that google stuff is in the default whitelist in NoScript.

You can remove Google or any other default entries from the Whitelist.  Blocking Google would mean that the Norton Safe Web site rating icons would no longer work in your search results.  But I do have Google Analytics blocked.