Question What are these bizarre DNS lookups from my LG B6?

PsyQ

Standard Member
Joined
Jun 2, 2017
Messages
27
Reaction score
6
Points
33
Age
44
Location
Earth
I notice that my TV is trying to look up nonsensical DNS records as soon as it's on, such as:
  • ejjdtcvnpyt
  • qgjpqdnz
  • uchkqfzmnab
  • uomtckkhjt
And so on. It tries them in rapid succession, once without my local search domain attached, then with. So it is definitely reading the resolver configuration correctly from DHCP, including search domain. After such a burst it's quiet for a while, but I can reproduce the behavior by switching it into standby and back on.

The only apps I use regularly on it are YouTube, Netflix and the built-in DLNA player. No unofficial apps installed.

What could this be, and can I get it to stop?
 
Odd - how are you checking this activity?

Jim
 

No, just the hostnames. In the initial query only the hostname, then for the next one the TV adds my local search domain. So it would look up ejjdtcvnpyt and then almost immediately ejjdtcvnpyt.psynet.

Maybe other Pi-hole users who are also LG B-series owners would find similar stuff in their query log? I know one C-series owner I can ask, but I'm not sure if they log their DNS stuff.
 
I use Pi hole and have a B7, I don't see anything in my logs matching yours when I power on the TV.

I can see a bunch of LG domains it's connecting to, those are lgtvsdp, lge, lgtvonline but that's about it.

The blocklist for LG TV's has no mention of these either.
 
Thanks a lot for checking! They mostly appear to be randomly generated and so would be hard to block. It also doesn't appear to use the same name more than once, except for one: wpad. It always tries a sequence of wpad, then 9 random hostnames.

I will set up a honeypot under wpad, let's see what traffic comes through. Maybe the TV got exploited via e.g. the web browser at some point?

Edit: Ah, nope, wpad is something unrelated. So it's down to just 9 random hostnames in a row, nothing to do with wpad.
 
Last edited:
wpad would be it checking if theres a proxy server configured. Though I didn't see that with mine when I checked it just now.

These are the lookups my TV makes on boot. Doesn't seem to be much of concern to me.
push.prod.netflix.com
api-global.netflix.com
GB.lgtvsdp.com
lgtvonline.lge.com
GB.info.lgsmartad.com
snu.lge.com
preferences.cid.samba.tv
a3phael99lf879.iot.eu-west-1.amazonaws.com
ngfts.lge.com
common.lgthinq.com
GB.lgtvsdp.com
 
Last edited:
Thanks. Yes, my list would look similar if it werent for the creepy random lookups. They always happen about 2-3 minutes after powering on or resuming from standby.

I will probably have to set up a local DNS server and point a wildcard domain at a honeypot to figure out what the TV is trying to do. The DNS server inside Pi-hole (I think it's dnsmasq) does not support wildcards :(
 
Anybody ever get to the bottom of this?

Even in standby, my TV performs circa 3000 DNS lookups an hour!
 
Anybody ever get to the bottom of this?

Even in standby, my TV performs circa 3000 DNS lookups an hour!
Interesting. I wonder if that accounts for my B8 using 25W when in standby.
 
A question for LG, perhaps? I wonder if the OP’s TV has been hacked in some way?
 
I thought it was hacked as well, but the only likely attack would have been through the web browser component. Nothing suspicious on my wireless network. But I live in a tiny village, not likely to have any wardrivers around here.

Anyway, a friend told me that the YouTube client on one of his devices does similar lookups and it's a mechanism for Google to find out if you're using DNS blocklists to block ads. If they detect you're doing this, they will simply query their own DNS servers directly from the YT client so they can still show ads. An adblock-block.

I've removed my Pi-hole since, so I can neither confirm nor deny. I may be rebuilding my network over the holidays and will watch this behavior again if I do. I also sent an e-mail to LG support about it, but I don't expect much to be honest.
 
I use my HTPC for youtube, so don’t see any ads. Not sure whether it is the JRiver Media centre app or pi-hole server.

I’ll try the LG youtube app and see if i have ads.
 

The latest video from AVForums

Is Home Theater DEAD in 2024?
Subscribe to our YouTube channel
Back
Top Bottom