Unsafe Browser based on Tor Browser 9.0a7 makes connections to the Internet which are not user initiated

Spotted by our test suite:

Unexpected connections were made:
  #<OpenStruct mac_saddr="50:54:00:23:e9:fd", mac_daddr="52:54:00:9e:0d:2a", protocol="udp", sport=59237, dport=53, saddr="10.2.1.186", daddr="10.2.1.1">
  #<OpenStruct mac_saddr="50:54:00:23:e9:fd", mac_daddr="52:54:00:9e:0d:2a", protocol="udp", sport=45778, dport=53, saddr="10.2.1.186", daddr="10.2.1.1">
  #<OpenStruct mac_saddr="50:54:00:23:e9:fd", mac_daddr="52:54:00:9e:0d:2a", protocol="udp", sport=60285, dport=53, saddr="10.2.1.186", daddr="10.2.1.1">
  #<OpenStruct mac_saddr="50:54:00:23:e9:fd", mac_daddr="52:54:00:9e:0d:2a", protocol="udp", sport=45170, dport=53, saddr="10.2.1.186", daddr="10.2.1.1">
  #<OpenStruct mac_saddr="50:54:00:23:e9:fd", mac_daddr="52:54:00:9e:0d:2a", protocol="udp", sport=50288, dport=53, saddr="10.2.1.186", daddr="10.2.1.1">
  #<OpenStruct mac_saddr="50:54:00:23:e9:fd", mac_daddr="52:54:00:9e:0d:2a", protocol="udp", sport=34249, dport=53, saddr="10.2.1.186", daddr="10.2.1.1"> (FirewallAssertionFailedError)
./features/support/helpers/firewall_helper.rb:109:in `assert_all_connections'
./features/step_definitions/common_steps.rb:465:in `/^all Internet traffic has only flowed through Tor$/'
features/unsafe_browser.feature:65:in `And all Internet traffic has only flowed through Tor'

Is this our test suite setting the bar too high and these requests are actually acceptable?
Or is our test suite setting the bar at the right height and we should fix that in the Unsafe Browser?

Feature Branch: feature/16356-tor-browser-9.0+force-all-tests

Parent Task: #16356 (closed)

Related issues

Related to #17159
Blocks #16209

Original created by @intrigeri on 17130 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information