Why is my multy m1 generating constant ptr queries
Looks like my multy m1 is generating constant stream of reverse dns lookups of the network, example below. 192.168.10.164 is my main and 192.168.10.58 is a satellite, and the system is set to bridge mode. Any reason why, and how to limit it?
time | type | domain | client | status | reply | |
|---|---|---|---|---|---|---|
2024-04-22 13:47:31 | PTR | 11.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.7ms) | |
2024-04-22 13:47:31 | PTR | 1.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.8ms) | |
2024-04-22 13:47:31 | PTR | 58.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.7ms) | |
2024-04-22 13:47:31 | PTR | 36.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.8ms) | |
2024-04-22 13:47:31 | PTR | 54.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.8ms) | |
2024-04-22 13:47:31 | PTR | 11.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.7ms) | |
2024-04-22 13:47:31 | PTR | 1.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.8ms) | |
2024-04-22 13:47:31 | PTR | 58.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.7ms) | |
2024-04-22 13:47:31 | PTR | 36.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.9ms) | |
2024-04-22 13:47:27 | PTR | 164.10.168.192.in-addr.arpa | 192.168.10.58 | OK (cache) | NXDOMAIN (0.7ms) |
All Replies
-
Hi @lukkarm
Thank you for your feedback.
To better understand the issue, could you please provide us with your network topology?
Additionally, could you inform us where you obtained the logs and how frequently the PTR logs are generated?
Furthermore, could you assist us in collecting packets from both the WAN side and the LAN side of the Main Multy? These packets are necessary for us to analyze the issue.
If you have any concerns about sharing this information in the article, please feel free to send us a private message containing your network topology and the packet capture file.0 -
Hi Jerry,
I'll try to collect the requested data as soon as I'm able.
As a small update, it looks like the queries comes in bursts of 10 in about 5 second intervals on the main multy, and on the satellite it is 5 query in 5 second interval. In 30 minutes I have 1190 and 595 query respectively. These stats are from my DNS server running pihole software.
Also, maybe related, my DHCP leases (24h, pool size 224) gets used, sometimes completely. I haven't investigated this yet, but I noticed this issue at the same time I took the multy devices in use couple of days ago. Multy is set to use DHCP
0
Zyxel Employee
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 86 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 915 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
