Multicast DNS noise

From Firewall logs, I see ❄️ Snowflake client try to create exactly one connection per every second to the 224.0.0.251:5353 well-known multicast address for multicast Domain Name System (mDNS) from any available interface as source.

While searching for the reason, I just found: Detecting Snowflake TLDR:

Regular WebRTC clients do not do hostname lookups for remote STUN servers on the local network. If you see any DNS lookups for snowflake's STUN servers on the local network (stun.epygi.com.internal.lan, stun.voipgate.com.internal.lan, etc.) then you've found a Tor snowflake client.