malware warning

[minhhungit]

[notherealmarco]

One of the devices in your network attempted to resolve the FQDN ssd3.iltuohosting.it, malwarebytes identified it as malware. The issue is not related to Technitium DNS Server in any way

[minhhungit]

No @notherealmarco The antivirus just show that message when only I install technitium. It has never show that before installing dns server, and after uninstall the dns server. So I think the dns server might has problem

[ShreyasZare]

Thanks for the post. However, its what @notherealmarco already said. Some client on your network queried for that domain and the AV running on your DNS server picked it up.

Now that this shows up only after installing the DNS server is because now your client's DNS requests are coming to this server running Malwarebytes. Prior to that, those DNS request probably were going to your router directly.

This all assumes that you have downloaded the DNS server from the official website and not from any 3rd party website. I you have doubts about the downloaded file, you can verify the SHA256 hash of the file with the one published on the website.

[minhhungit]

Thanks for the quick reply, guys @ShreyasZare @notherealmarco

Just to provide more information:

• I installed DNS Server on my PC, and an antivirus program is also installed on the same PC.
• I downloaded DNS Server directly from https://technitium.com/dns/, version 12.1.
• However, I couldn't find where the SHA256 is listed.

[ShreyasZare]

You can find the SHA256 hash a bit below the download link:

[minhhungit]

Is there a way I can find out which application on my PC is sending requests to the domain or if there is some log somewhere?

[ShreyasZare]

Is there a way I can find out which application on my PC is sending requests to the domain or if there is some log somewhere?

Yes, there are DNS query logs that you can see from the admin panel. But, you have to enable query logging from settings first and only then the queries will be logged. You can also install the Query Logs (sqlite) app and check for logs in Logs > Query Logs section on the panel.

[minhhungit]

I found it; this is the problem: https://www.mesta-automation.com/feed I have an RSS crawler on my PC, and it tried to fetch that channel. So, it's not related to Technitium.