While running Wireshark in SUSE 12.1 I noticed that opening LibreOffice caused a DNS query with a random 16 bit hexadecimal value.
After noticing this in SUSE 12.1, thinking I had been hacked, I did a fresh install of SUSE 12.2 and the behavior was the same. I formatted the /boot, / and /home partitions during the install. Then I ran the SUSE updates, installed Wireshark and opened LibreOffice Writer. The DNS problem was still there. I do not see any reasonable way for any hack to make it back into my machine with this procedure. I was not even opening any file in Writer.
To make things worse I have an older SUSE 12.1 installed on another machine that does not have this behavior. I have constantly reproduced it on one machine and been unable to produce it on another machine. Both machines were/are current on their repo updates. I also use the Packman and Science repos in both machines, but these added repos were not istalled during the new 12.2 testing. I kept the new 12.2 test straight forward and simple as described above.
These are edited Wireshark examples of the actual DNS. The 74.211.x.x IP is my DNS server and my machine is named linux4x:
192.168.x.x 74.211.x.x DNS 69 Standard query 0x73d2 A linux4x
74.211.x.x 192.168.x.x DNS 144 Standard query response 0x73d2 No such name
____
192.168.x.x 74.211.x.x DNS 69 Standard query 0xc98b A linux4x
74.211.x.x 192.168.x.x DNS 144 Standard query response 0xc98b No such name
____
192.168.x.x 74.211.x.x DNS 69 Standard query 0xf0ff A linux4x
74.211.x.x 192.168.x.x DNS 144 Standard query response 0xf0ff No such name
Notice the 16 bit hexadecimal numbers appear to be random and do not repeat. The DNS query is only generated
when LibreOffice is opened (calc, impress, writer) and does not occur again until after all the LibreOffice
programs are closed and LibreOffice is opened again with no other instances running. If any other instance of
LibreOffice is running there is no new DNS query.
I tried messing with the LibreOffice Internet options and removed the e-mail (evolution) and tickled the
Browser Plug-In option with no change. I tried disabling LibreOffice Java and all I got was a miserable nag
about wanting to enable Java every time I started LibreOffice, with no change in the DNS behavior.
The problem machine:
i5-2500K Sandy Bridge LGA 1155 3_3 GHz Intel® HD Graphics 3000
MSI Z68MA-ED55 (B3) LGA 1155 Intel Z68 Micro ATX Intel Motherboard
DDR3 Model F3-12800CL9D-8GBXL 8 Gig Sandy Bridge XMP
Best Connectivity DL-0234802 PCI-E serial card
Western Digital Caviar Black 1 TB SATA III
Only DDR3 1600 XMP profile enabled - no other overclocking used and it is stable
The old machine:
i5-650 Clarkdale LGA 1156 3_2 GHz
Integrated Graphics
Gigabyte ga-h55m-s2v_e Micro ATX Intel Motherboard
DDR3 Model F3-10666CL9D-8GBXL 8 Gig
Western Digital Caviar Black 500GB SATA III - jumpered for SATA II
no overclocking
I just start or restart the Wireshark capture, then open LibreOffice, go back to Wireshark and there is the DNS
everytime. Has anyone alse seen this problem or is anyone able to reproduce it?
I saw an older October thread where LibreOffice had random startup delays that would appear and then dissappear.
Could it have possibily been be releated to this? I doubt anyone would have thought to look for unwanted DNS
transactions when openeing LibreOffice.
Thanks for any help.