When pdns_recursor first fires up, it fetches what I assume to be root server zone name information. Then it connects to the following hosts: nl1.dnsnode.net. ns1.pine.nl. xs.powerdns.com. "xs.powerdns.com" I am assuming is the security vulnerability "phone home" feature, but what are these other two hosts? Why is it "phoning home" to those?