Route10 spamming DNS server with requests

marcus1060 · March 21, 2025, 2:39pm

Yesterday my Route10 spammed my DNS server with around 2 million requests
for b._dns-sd._udp.0.86.168.192.in-addr.arpa, db._dns-sd._udp.0.86.168.192.in-addr.arpa, and lb._dns-sd._udp.0.86.168.192.in-addr.arpa

These all seemed to happen within a short period.

Any idea why this would happen?

b._dns-sd._udp.0.86.168.192.in-addr.arpa 680,309 30.72%
lb._dns-sd._udp.0.86.168.192.in-addr.arpa 679,180 30.66%
db._dns-sd._udp.0.86.168.192.in-addr.arpa 674,024 30.43%

My devices are all going to the DNS server directly, not through the router so its not another device on the network I don’t think.

ebuckland81 · March 21, 2025, 4:35pm

Did it happen with the previous Route10 firmware or the one released yesterday?

ebuckland81 · March 21, 2025, 4:43pm

Had a chat with ChatGPT and got the following suggestions:

A firmware bug or loop in the router’s DNS-SD (Bonjour) handling, causing repeated queries.
A stuck service discovery process triggered by a device connection/disconnection event or configuration change.
Misconfigured or partial reverse DNS delegation causing aggressive retry behavior.
DNS-SD proxy or multicast-forwarding feature malfunctioning.
A DNS loop between the router’s resolver and my DNS server (though unlikely given direct device DNS).

It’s way out of my knowledge, but maybe something is relevant

Alta-Jeff · March 21, 2025, 5:36pm

We don’t see anything like this on our test networks. Can you provide a packet capture or some other evidence that it is coming from the Route10 itself? Route10 does not use MDNS actively for anything unless it is unconfigured, and even then it will only send probes every 60 seconds.

The only relevant service is avahi, and that could be stopped with this, if you want to see if it helps:
/etc/init.d/avahi-daemon stop

marcus1060 · March 21, 2025, 5:54pm

It seems the request started from a Mac which sent a DNS request for each of those domains once and then the DNS server forwarded it to the Route10 as the local upstream server, which then I’m guessing sent it back to the DNS server and it just looped until it quit.

I can add an entry to the DNS server to just have this domains error out instead of creating the loops.

Durandal · March 28, 2025, 12:59pm

I see that Alta Labs products are pinging more more than other cloud solutions i have at home. For the last 90 days i have 1 951 811 DNS-requests to ping.alta.inc which is quite alot compared to Shelly, Tuya, AirThings and other cloud products i have at home.

system · January 12, 2026, 4:21pm

This thread has been automatically closed due to inactivity. If you believe you have the same issue, please create a new post describing your issue. Feel free to link to this post for context if desired.