Why is my multy m1 generating constant ptr queries
Looks like my multy m1 is generating constant stream of reverse dns lookups of the network, example below. 192.168.10.164 is my main and 192.168.10.58 is a satellite, and the system is set to bridge mode. Any reason why, and how to limit it?
time | type | domain | client | status | reply | |
---|---|---|---|---|---|---|
2024-04-22 13:47:31 | PTR | 11.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.7ms) | |
2024-04-22 13:47:31 | PTR | 1.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.8ms) | |
2024-04-22 13:47:31 | PTR | 58.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.7ms) | |
2024-04-22 13:47:31 | PTR | 36.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.8ms) | |
2024-04-22 13:47:31 | PTR | 54.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.8ms) | |
2024-04-22 13:47:31 | PTR | 11.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.7ms) | |
2024-04-22 13:47:31 | PTR | 1.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.8ms) | |
2024-04-22 13:47:31 | PTR | 58.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.7ms) | |
2024-04-22 13:47:31 | PTR | 36.10.168.192.in-addr.arpa | 192.168.10.164 | OK (cache) | NXDOMAIN (0.9ms) | |
2024-04-22 13:47:27 | PTR | 164.10.168.192.in-addr.arpa | 192.168.10.58 | OK (cache) | NXDOMAIN (0.7ms) |
All Replies
-
Hi @lukkarm
Thank you for your feedback.
To better understand the issue, could you please provide us with your network topology?
Additionally, could you inform us where you obtained the logs and how frequently the PTR logs are generated?
Furthermore, could you assist us in collecting packets from both the WAN side and the LAN side of the Main Multy? These packets are necessary for us to analyze the issue.
If you have any concerns about sharing this information in the article, please feel free to send us a private message containing your network topology and the packet capture file.Engage in the Community, become an MVP, and win exclusive prizes!
0 -
Hi Jerry,
I'll try to collect the requested data as soon as I'm able.
As a small update, it looks like the queries comes in bursts of 10 in about 5 second intervals on the main multy, and on the satellite it is 5 query in 5 second interval. In 30 minutes I have 1190 and 595 query respectively. These stats are from my DNS server running pihole software.
Also, maybe related, my DHCP leases (24h, pool size 224) gets used, sometimes completely. I haven't investigated this yet, but I noticed this issue at the same time I took the multy devices in use couple of days ago. Multy is set to use DHCP
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight