browse
Overview
You may sometimes find strange looking DNS requests listed in your reports. See the examples below of what these may look like.
iafkbge
nwvkqqojgx
uefakmvidzao
claeedov
cjkcmrh
cjemikolwaczyb
ccshpypwvddmro
cdsvmfjgvfcnbob
cegzaukxjexfrk
ceqmhxowbcys
cewigwgvfd
cexggxhwgt
What are they, and why do they happen?
Unfortunately, not all ISP's follow RFC rules. These obscure DNS requests we see in the Activity Search Reports are Google Chrome's response to that. Google Chrome will send unique requests out as a precautionary tool to protect end-users.
When met with DNS requests for non-existent domains, the ISP's in question often respond with an A record belonging to the ISP. The landing page will have advertisements along with a message such as "did you mean....". An overview of this type of manipulation and associated consequences is explained in this Wikipedia article here.
As per the RFC system, when a DNS request for a non-existent domain is made, the appropriate response is NXDOMAIN. Since ads are typically unwanted, Google developed a method to test for this behaviour. On startup, Chrome sends 3 requests and checks to see what the response is. If the test domains resolve to the same A record instead of resolving to NXDOMAIN, Chrome will respond accordingly and hide the ads from the end-user.
This is not the only cause for random-looking DNS requests but it is one of the most common causes. The key to identifying Chrome as the cause would be seeing the queries sent in groups of 3 per internal host.