Hello, often i see incorrect dns names in glasswire, eg Speech Runtime Executable is connecting to settings-win.data.microsoft.com but in glasswire it’s displayed settingsfd-geo.trafficmanager.net or edge connecting to api.msn.com but glasswire show a-0003.a-msedge.net or virustotaluploader 2.2 connect to www.virustotal.com but in glasswire it show ghs-svc-https-c46.ghs-ssl.googlehosted.com
why? it seems related to CNAMES, but it’s confusing and it make much harder to understand the connection destinations.
Also glasswire seems to pick a random CNAME, eg as described above in the case of edge connecting to api.msn.com, CNAMES are api-msn-com.a-0003.a-msedge.net, a-0003.a-msedge.net
but glasswire only show the 2nd one.
Don’t it would be better to show the first thing eg api.msn.com instead and maybe show the cnames in a tooltip when you hover the domain?
it’s much easier to understand to what a program is connecting to
Edit, i found this topic; Hostnames seem wrong, the guy is right CDN name isn’t really helpful, it’s good to have but both should be displayed and with a preference to show the “real” name first instead of the cdn, it seems related to the fact that glasswire is just doing a reverse lookup to get the domain name? can’t it have a better feature to intercept the dns request or even better can it replace the dns system by his own DoH/DoT dns like that software on the screenshot is doing?
I recommend having it unchecked (the default) to have the most accurate data.
https://www.glasswire.com/changes/ - Our latest update fixed this. Perhaps if you’re using it you have old data from a bug in a previous version.
“Fixed an issue where some DNS host names could be wrong in some situations.”
Hi, I’m pretty new to GlassWire and have only recently started experimenting with it using the free version (thank you very much for your work on it).
I would like to second the request for better DNS information. Ideally GlassWire should capture and display the actual hostname queried as opposed to displaying the last CNAME found in the response.
Any idea if this is something the dev’s are considering? or is it not currently planned?
@bottleofglass May I ask what software you are using alongside GlassWire in your image?
Thank you for the quick reply Ken.
Yes I have the setting ‘look up DNS names for hosts’ unticked. I have a default install currently other than theme changes.
If you’d like to get a better idea as to why this is important from a network monitoring standpoint I recommend downloading nirsofts free DNSQuerySniffer tool. Using the tool you’ll see the actual hostnames queried in the left most column, and you can then compare it to what GlassWire shows. I do have an image as an example but unfortunately I’m too new to add images
You will see in the image that steam.exe looks up the hostname ‘steamstore-a.akamaihd. net’ underlined in orange. The returned DNS response includes 2 IP addresses and 2 CNAME records. GlassWire displays the least descriptive CNAME record (a1737.b.akamai. net) making it hard to understand what steam is connecting to.
Due to the huge popularity of CDN’s it’s usually much more informative to show the original hostname queried by an application.
As @bottleofglass pointed out. A great solution would be to show the original queried hostname and then display the CNAME records as a tooltip or in the popout window when clicking on an entry.
