Yesterday my Route10 spammed my DNS server with around 2 million requests
for b._dns-sd._udp.0.86.168.192.in-addr.arpa, db._dns-sd._udp.0.86.168.192.in-addr.arpa, and lb._dns-sd._udp.0.86.168.192.in-addr.arpa
These all seemed to happen within a short period.
Any idea why this would happen?
b._dns-sd._udp.0.86.168.192.in-addr.arpa 680,309 30.72%
lb._dns-sd._udp.0.86.168.192.in-addr.arpa 679,180 30.66%
db._dns-sd._udp.0.86.168.192.in-addr.arpa 674,024 30.43%
My devices are all going to the DNS server directly, not through the router so its not another device on the network I don’t think.
1 Like
Did it happen with the previous Route10 firmware or the one released yesterday?
Had a chat with ChatGPT 
and got the following suggestions:
-
A firmware bug or loop in the router’s DNS-SD (Bonjour) handling, causing repeated queries.
-
A stuck service discovery process triggered by a device connection/disconnection event or configuration change.
-
Misconfigured or partial reverse DNS delegation causing aggressive retry behavior.
-
DNS-SD proxy or multicast-forwarding feature malfunctioning.
-
A DNS loop between the router’s resolver and my DNS server (though unlikely given direct device DNS).
It’s way out of my knowledge, but maybe something is relevant
1 Like
We don’t see anything like this on our test networks. Can you provide a packet capture or some other evidence that it is coming from the Route10 itself? Route10 does not use MDNS actively for anything unless it is unconfigured, and even then it will only send probes every 60 seconds.
The only relevant service is avahi, and that could be stopped with this, if you want to see if it helps:
/etc/init.d/avahi-daemon stop
It seems the request started from a Mac which sent a DNS request for each of those domains once and then the DNS server forwarded it to the Route10 as the local upstream server, which then I’m guessing sent it back to the DNS server and it just looped until it quit.
I can add an entry to the DNS server to just have this domains error out instead of creating the loops.
I see that Alta Labs products are pinging more more than other cloud solutions i have at home. For the last 90 days i have 1 951 811 DNS-requests to ping.alta.inc which is quite alot compared to Shelly, Tuya, AirThings and other cloud products i have at home.