topic baidu.com requests in OpenDNS

baidu.com requests

rhome1 — Mon, 14 Aug 2017 18:26:43 GMT

Hello all,

I'm new to the OpenDNS community, and love having the ability to be able to control internet access from my network and make it safer for my family.

I've noticed that in my stats, one of the leading domain requests are to (www.baidu.com). I'm seeing a couple thousand requests a day. I have blacklisted them, but what I would really like to know is where it is coming from on my end. The requests are still coming, but I'm assuming they aren't getting anywhere.

Can anyone point me in the right direction on finding this information, or perhaps let me know what is happening in regards to this domain? None of my family use baidu.com, as I believe it's a Chinese made search engine.

Thanks!

Re: baidu.com requests

rotblitz — Mon, 14 Aug 2017 20:57:28 GMT

Baidu, Inc., incorporated on January 18, 2000, is a Chinese-American web services company headquartered at the Baidu Campus in Beijing's Haidian District. It is one of the largest Internet companies in the world.
https://en.wikipedia.org/wiki/Baidu

These DNS requests come out of your network. There is no way to see your internal infrastructure from an external service like OpenDNS. You would want to find the device and program out yourself which raises these requests, by installing sniffer software like http://www.nirsoft.net/utils/dns_query_sniffer.html or https://www.wireshark.org/. I could think of a Baidu web browser add-on or other helper app which would cause these DNS lookups.
https://www.startpage.com/do/search?query=baidu+browser+add-on&cat=web

Re: baidu.com requests

patrick10 — Sun, 26 Jan 2020 21:15:27 GMT

I am noticing the same thing with baidu.com lookups. For example on a single day I have the top 5 OpenDNS lookup stats:

1	www.baidu.com	14,118
2	www.apple.com	374
3	apple.com	361
4	guzzoni.apple.com	346
5	device-metrics-us.amazon.com	308

We have a 2 macs, 2 iphones, a OnePlus3, Huawei P20Pro, and 2 Window machines in addition to a Playstation, Samsung and routing devices. Identifying which machine is making the abuse requires me to install something between our Wifi router and Internet provider device. I understand there is not much else to do since domain lookups do not include much metadata.

I did try to block the baidu.com domain in my OpenDNS panel but that failed with a "Error blocking www.baidu.com. undefined" message. I thought that if I blocked it, maybe I could identify what machine started complaining. Anyone have an idea why can I not block baidu.com?

Re: baidu.com requests

rotblitz — Sun, 26 Jan 2020 21:55:27 GMT

You must block it from the content filtering page, not from the stats page.

Re: baidu.com requests

rotblitz — Sun, 26 Jan 2020 21:58:31 GMT

See https://support.opendns.com/hc/en-us/community/posts/220050607