I am Samsung customer and it's unlikely to be the router that is the issue, in this case. The failure of the DNS is not the concern, but what is being accessed that is leading to failures on the Network. The router is not the single reason a DNS will fail, for example, an application or services intentionally generate bogus queries such as VPN usage, Samsung privacy and security services are a possiblity, misconfigured applications on a device, other privacy tools (tor), or custom DNS setting on a device.

Regardless, my inquiry is if it is truly a component of Samsung's privacy and security measures for certain Samsung smartphones. However, I appreciate your response.

I did not suggest by a second that you were not a Samsung customer. I tried to convey that users on the forum might be able to help with your Samsung’s device, which I clearly failed to do so. So, I do apologise for not being clear enough. Your query seemed a network orientated one.

 

Whenever a client (phone/laptop/device) needs to talk to a server (LAN/WAN); it queries the immediate DNS server for the domain. That would be the router on most typical cases. If the immediate DNS server does not have the information, it will query its server, typically the ISP. This can be configured to use other DNS providers, e.g. Google.

 

If you are using a VPN service, then it will modify the network configuration on the client (this could include the router, if VPN is installed on the router) to follow the VPN’s own DHCP, DNS, etc, but the principle is the same. The DNS server does not have the information for a particular domain and fails to find the server. Any custom configuration would follow the same principle.

 

The failure of the network is not caused by the accessed services, but by the configuration made to it. However, if person A has a VPN service on their device, it should not affect any other device on the LAN. If you are the admin of the router, you could block certain IP ranges, devices (MAC addresses), etc.

 

There is no reason to be concern if the router’s log shows failed DNS queries, unless you want to access those services. It could well be that the device generating all the bogus domain names is compromised. It might have a virus or malicious app.

I understand, and I think there may have been some miscommunication — I wasn’t frustrated by your response, though I can see how it might have come across that way. My concern is less about malware affecting my device directly, and more about the possibility that someone’s device — if compromised — could expose sensitive information that overlaps with mine, such as shared banking credentials or linked accounts. From what I’ve read, the DNS failures I’m seeing may be caused by a misconfigured Tor or privacy-focused application designed to obscure browsing activity, which would align with the kind of tools this person might be using based on activity they are hoping to hide. That said, I’ve also come across conflicting information suggesting that Samsung’s security apps might intentionally query inactive or non-existent domains — and that the .onion or Tor-related domains could somehow be part of that diagnostic process. That doesn’t quite make sense to me. So I'm questioning if past activity on their device — including visits to risky websites hidden by use of privacy tools — have led to malware that’s now triggering both failed DNS queries and successful domain access? And if so, could that pose a risk to shared financial or personal data? I will contact my network provider for their take of course, but this is my thought process and it may have been unclear.

See that's why I thought maybe it's not their intention, but my concern was that they may be accessing websites associated with malware that could impact shared personal information and that it may be a Tor application associated with the misconfigurations. However, you've raised a valid point and their past activity has maybe already led to a bug?

I'm wondering, if their last phone was infected, would transferring data to a new phone also transfer the bug? I imagine so, and this is why it may have impacted more than one phone. I do find it confusing that it's only appeared on the other family member's phone once and not again since the person in question accessed it. This is why I'm under the impression that it may be a Tor application and that misconfigurations used by Tor apps have led to failed DNS queries which defeats the purpose of anonymity. I thought it would be less likely for a regular application to be attempting to access misconfigured onion domains. I understand that these things can happen, but felt that the possibility would be higher if it's an app attempting to access other onion domains. I did read that length of Tor addresses are typically longer, so I'm probably worrying unnecessarily and that it is just really bad timing that I've come across these after past issues. While I'm technologically-inclined, I am not a tech genius by any means, but this person is not tech-savvy and has made decisions online that they do not fully understand which may lead to problems.

DNS failures are nothing to worry about. It is just that a client tries to access a domain which is unknown to the DNS server. You could replicate one by simply opening the browser and typing https://a-non-existing-domain.org. Any query for any domain is passed to the DNS server to translate the domain into IP and if the domain is not on its list, it fails to find the host. Most malicious software would search for IP ranges rather than domains.

 

If they are using those tools (tor, VPN) on their device, there is very little chance that the information on your device might be compromised. In the other hand if the service/tool is installed on the router, then all LAN devices are at risk.

 

If their device is compromised by a virus or a malicious app, then all LAN devices are at risk. A malicious app could scan the LAN for other devices.

 

I do not understand “shared banking credentials or linked accounts”. Even if you have a join bank account, they will not be able to login to your Internet banking unless they have your login details. Connections to the most important sites are encrypted and unless your device has been compromised, it is unlikely that they will expose those details. However, if their device has a malicious app and you have some of that information in plain text, there is a potential risk. Please note that there are many IFs.

 

I am assuming that you have admin rights on the router. One thing that you could do, if the router allows it, it is to create a guest network. They will connect to the guest network, and you could connect to the main network. Usually, the traffic is separated in between the main and guest network.

 

I do not think Samsung devices will be searching for random websites, if that were the case, it will be happening to most of us.

Worse case scenario it's a single app contacting something sketchy. True phone malware doesn't really exist anymore, especially on S series devices.

To explain, android is so locked down and secure that actually trying to infect the phone itself is not worth doing to some random person. It'd only happen to a CEO or political person. As long as play protect is on and device protection is enabled in device care, I wouldn't worry too much. Oh and weekly reboots help.

Just have a look for any apps you might not need and delete them.

Plus as you said, a tor connection would never hit your dns anyway.

There's a chance it might have even been an advert that loaded on your phone. They have some power to load things, or try to load things

Okay, this was so helpful. Thank you!