Interesting thing.. I switched my Untangle to ComodoDNS, and ran a honeypot overnight to gather intelligence on this change. What I found the next morning was troubling to me.. Massive spam to Barefruit Ltd, and intelligence/analytical/hijacking firm. The main problem is I left no browser open on the honeypot, and this activity was taking place in the background while I was sleeping. Removal of ComodoDNS on the Untangle solved the problem immediately. My concerns are, this was happening with background window services, updates, and other background programs. No actual web browser was loaded. Also these bypassed normal firewall examination. Glasswire showed no activity, neither did Norton. Likely this is because they aren't examining Port-53 very closely. But I have Port-53 set to deep packet inspection - which revealed this activity. Anyone have any thoughts on this? https://en.wikipedia.org/wiki/Barefruit Barefruit works with Internet Service Providers (ISPs) and major portals to use a range of software solutions which modify the ISPs DNS service such as the BIND software and also a specialist proxy solution known as a "Frootbox" to capture the errors and redirect its clients to navigation pages that may contain sponsored listings and algorithmic results.