Suspicious traffic from Alarm Decoder Pi?

[Maxburn]

So I just put in a Ubiquiti ERX and a Pi-Hole, with deep packet inspection and DNS logs I can see so much now. I was not expecting to see the Alarm Decoder Pi reaching out so much.

Why is the Alarm Decoder reaching out to github every ten minutes or so?

Next one seems like a misconfiguration somewhere, I see Alarm Decoder constantly searching for a MX record for "alarmdecoder"

[kevin]

The automatic updater reaches out to github to check version and see if there are software updates

The "dns lookup" for alarmdecoder probably has to do with mail notifications and the hostname being set as "alarmdecoder"

[Maxburn]

It checks for updates every ten minutes?

I don't think I understand the DNS lookup, shouldn't it look up the mail server it is reaching out to? I don't see the reason to lookup it's own IP address.

[kevin]

The updater thread checks every 10 minutes yes - it is on the list to make configurable, but for now it is hardcoded at 10 minutes.

As far as the mail goes, it is likely to do with a default configuration of the local mail server. If you aren't using the local mail server, you can turn it off from the command line

sudo /etc/init.d/postfix stop
sudo /etc/inid.d/sendmail stop

one of those should work. If you are using the local mailserver, then you can attempt to reconfigure it - but if it works, why break it... pretty safe to ignore this benign traffic to be honest.

[Maxburn]

Mostly I'm just looking for explanations, I was actually looking for something else when I encountered all this in the logs. Thanks for answering.