Hello, often i see incorrect dns names in glasswire, eg Speech Runtime Executable is connecting to
settings-win.data.microsoft.com but in glasswire it’s displayed
settingsfd-geo.trafficmanager.net or edge connecting to
api.msn.com but glasswire show
a-0003.a-msedge.net or virustotaluploader 2.2 connect to
www.virustotal.com but in glasswire it show
why? it seems related to CNAMES, but it’s confusing and it make much harder to understand the connection destinations.
Also glasswire seems to pick a random CNAME, eg as described above in the case of edge connecting to
api.msn.com, CNAMES are
but glasswire only show the 2nd one.
Don’t it would be better to show the first thing eg
api.msn.com instead and maybe show the cnames in a tooltip when you hover the domain?
edit, i tried some other software:
it’s much easier to understand to what a program is connecting to
Edit, i found this topic; Hostnames seem wrong, the guy is right CDN name isn’t really helpful, it’s good to have but both should be displayed and with a preference to show the “real” name first instead of the cdn, it seems related to the fact that glasswire is just doing a reverse lookup to get the domain name? can’t it have a better feature to intercept the dns request or even better can it replace the dns system by his own DoH/DoT dns like that software on the screenshot is doing?
If you go to our top left menu and choose “About” what version of GlassWire are you using?
Also, if you go to our settings is this box checked or not?
I recommend having it unchecked (the default) to have the most accurate data.
https://www.glasswire.com/changes/ - Our latest update fixed this. Perhaps if you’re using it you have old data from a bug in a previous version.
“Fixed an issue where some DNS host names could be wrong in some situations.”
Hi, I’m pretty new to GlassWire and have only recently started experimenting with it using the free version (thank you very much for your work on it).
I would like to second the request for better DNS information. Ideally GlassWire should capture and display the actual hostname queried as opposed to displaying the last CNAME found in the response.
Any idea if this is something the dev’s are considering? or is it not currently planned?
@bottleofglass May I ask what software you are using alongside GlassWire in your image?
Thanks for using GlassWire and thank you for your feedback.
Did you try the settings shown above? What are your current settings there?
I will ask our team about the CNAME question (I’m not 100% sure I understand), but I wanted to be sure you were aware of our settings options.
Thank you for the quick reply Ken.
Yes I have the setting ‘look up DNS names for hosts’ unticked. I have a default install currently other than theme changes.
If you’d like to get a better idea as to why this is important from a network monitoring standpoint I recommend downloading nirsofts free DNSQuerySniffer tool. Using the tool you’ll see the actual hostnames queried in the left most column, and you can then compare it to what GlassWire shows. I do have an image as an example but unfortunately I’m too new to add images
You will see in the image that steam.exe looks up the hostname ‘steamstore-a.akamaihd. net’ underlined in orange. The returned DNS response includes 2 IP addresses and 2 CNAME records. GlassWire displays the least descriptive CNAME record (a1737.b.akamai. net) making it hard to understand what steam is connecting to.
Due to the huge popularity of CDN’s it’s usually much more informative to show the original hostname queried by an application.
As @bottleofglass pointed out. A great solution would be to show the original queried hostname and then display the CNAME records as a tooltip or in the popout window when clicking on an entry.