I have a Peplink Balance 580 that I use as my edge router for my network. It is configured with two WAN connections. I have recently been working with a cybersecurity firm which is analyzing my outbound traffic. They are doing this by capturing my DNS traffic. I have configured the outbound DNS resolution under both my WAN connections (Network>>>WAN>>>Connection Name>>>Static IP Settings>>>DNS servers) to use the cybersecurity firms DNS server as the secondary DNS server.
The problem is that when they analyzed the traffic after a day, it came back with very odd results:
08-Feb-2017 02:17:35.898 client www.xxx.yyy.zzz#8080 (1804289383.localhost): query: 1804289383.localhost IN A + (192.168.17.198)
It always shows that 192.168.17.198 as the last number, never showing what the queried web address/IP is. Can someone explain this?