Why is my multy m1 generating constant ptr queries

Looks like my multy m1 is generating constant stream of reverse dns lookups of the network, example below. 192.168.10.164 is my main and 192.168.10.58 is a satellite, and the system is set to bridge mode. Any reason why, and how to limit it?

time

type

domain

client

status

reply

2024-04-22 13:47:31

PTR

11.10.168.192.in-addr.arpa

192.168.10.164

OK (cache)

NXDOMAIN (0.7ms)

2024-04-22 13:47:31

PTR

1.10.168.192.in-addr.arpa

192.168.10.164

OK (cache)

NXDOMAIN (0.8ms)

2024-04-22 13:47:31

PTR

58.10.168.192.in-addr.arpa

192.168.10.164

OK (cache)

NXDOMAIN (0.7ms)

2024-04-22 13:47:31

PTR

36.10.168.192.in-addr.arpa

192.168.10.164

OK (cache)

NXDOMAIN (0.8ms)

2024-04-22 13:47:31

PTR

54.10.168.192.in-addr.arpa

192.168.10.164

OK (cache)

NXDOMAIN (0.8ms)

2024-04-22 13:47:31

PTR

11.10.168.192.in-addr.arpa

192.168.10.164

OK (cache)

NXDOMAIN (0.7ms)

2024-04-22 13:47:31

PTR

1.10.168.192.in-addr.arpa

192.168.10.164

OK (cache)

NXDOMAIN (0.8ms)

2024-04-22 13:47:31

PTR

58.10.168.192.in-addr.arpa

192.168.10.164

OK (cache)

NXDOMAIN (0.7ms)

2024-04-22 13:47:31

PTR

36.10.168.192.in-addr.arpa

192.168.10.164

OK (cache)

NXDOMAIN (0.9ms)

2024-04-22 13:47:27

PTR

164.10.168.192.in-addr.arpa

192.168.10.58

OK (cache)

NXDOMAIN (0.7ms)

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,271  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @lukkarm
    Thank you for your feedback.
    To better understand the issue, could you please provide us with your network topology?
    Additionally, could you inform us where you obtained the logs and how frequently the PTR logs are generated?
    Furthermore, could you assist us in collecting packets from both the WAN side and the LAN side of the Main Multy? These packets are necessary for us to analyze the issue.
    If you have any concerns about sharing this information in the article, please feel free to send us a private message containing your network topology and the packet capture file.

    Engage in the Community, become an MVP, and win exclusive prizes!

  • lukkarm
    lukkarm Posts: 2
    First Comment

    Hi Jerry,

    I'll try to collect the requested data as soon as I'm able.

    As a small update, it looks like the queries comes in bursts of 10 in about 5 second intervals on the main multy, and on the satellite it is 5 query in 5 second interval. In 30 minutes I have 1190 and 595 query respectively. These stats are from my DNS server running pihole software.

    Also, maybe related, my DHCP leases (24h, pool size 224) gets used, sometimes completely. I haven't investigated this yet, but I noticed this issue at the same time I took the multy devices in use couple of days ago. Multy is set to use DHCP

Consumer Product Help Center