You are not logged in.

#1 2021-02-18 07:03:24

mabox
Member
Registered: 2016-05-03
Posts: 5

Question about DNS configuration because of thousand PTR requests.

I have a question about my DNS configuration. I have the following situation in my network:
I have my own DNS server (Pi-hole) in my network. DHCP is provided by my router.

My clients in the network get the address from my DNS server via the DHCP server.
This works fine for all clients. The clients are visible under their own name on the DNS server and behave normally with "A" and "AAA" requests.

My problem now is the following with my archlinux machine:
I have installed a desktop environment and "NetworkManager" is responsible for the network connection. My archlinux also gets IP and DNS through the DHCP server. About the desktop environment is "DHCP" set in the "NetworkManager".
So at the end in the /etc/resolv.conf as "nameserver" is the address of my DNS server:

[root@arch home]# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 192.168.1.3

With this configuration immediately appears from my archlinux computer in the DNS server log thousands and thousands of "PRT" requests.
If I change the DNS server in my archlinux to my DHCP server (router), so that the address of the DHCP server is in the /etc/resolv.conf, the PRT requests stop immediately and "normal" "A" and "AAA" requests appear from my archlinux computer.

[root@arch home]# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 192.168.1.1

By the requests in the DNS log then the name of my archlinux is the name oft the router.

Can someone support me what is going wrong here? May I set the "NetworkManager" maybe not over the desktop environment but directly in the shell? Or should I configure the network via the DHCP client?
As an example still the following:
In the network there is also a Linux Mint machine. Same desktop environment and also configured via "NetworkManager" with DHCP. The resolv.conf please see below and everything looks good on the DNS server:

# This file is managed by man:systemd-resolved(8). Do not edit.
nameserver 127.0.0.53
options edns0 trust-ad
search routername

As it looks here the resolv.conf is managed by systemd although the "NetworkManager" is also used.

Unfortunately, I do not know the whole network topic so well and therefore do me very difficult with it.


EDIT:
Perhaps I have opened the topic in the wrong category. If it is wrong please move it maybe to "System Administration"?

Last edited by mabox (2021-02-18 07:06:24)

Offline

#2 2021-02-19 11:53:13

mabox
Member
Registered: 2016-05-03
Posts: 5

Re: Question about DNS configuration because of thousand PTR requests.

I have found the problem. On my archlinux I have "conky" installed with a feature where I can see outgoing and incoming connection (tcp_portmon). When I disable this the many PTR requests to the DNS server stopped.

Offline

#3 2021-02-19 12:00:39

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 9,034

Re: Question about DNS configuration because of thousand PTR requests.

System administration is closed, see https://bbs.archlinux.org/viewtopic.php?id=218234 .
This category is fine for your topic.

127.0.0.53 is an address used for  a local service.
The linux mint machine probably runs some kind of local caching dns-server.

I don't use NetworkManager at all and don't know how useful my help will be.

post /etc/hosts , /etc/NetworkManager/NetworkManager.conf and the output of ls -lR /etc/NetworkManager/conf.d/ .

Edit : glad you solved it.

Last edited by Lone_Wolf (2021-02-19 12:01:26)


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
Did you use the guided installer ? If yes, I can't help you.

(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#4 2021-02-19 15:48:43

mabox
Member
Registered: 2016-05-03
Posts: 5

Re: Question about DNS configuration because of thousand PTR requests.

Yes that makes me very happy now too. Thank you for your willingness to help.


EDIT:
But I have discovered something else now. The top DNS request for me is now archlinux.org.
Every 5 minutes something goes there:

[root@arch ~]# tcpdump -i enp0s31f6 -s 0 dst archlinux.org
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp0s31f6, link-type EN10MB (Ethernet), snapshot length 262144 bytes
17:29:05.653076 IP arch.59434 > archlinux.org.http: Flags [S], seq 2610211807, win 64240, options [mss 1460,sackOK,TS val 4093613132 ecr 0,nop,wscale 7], length 0
17:29:05.706536 IP arch.59434 > archlinux.org.http: Flags [.], ack 3150821197, win 502, options [nop,nop,TS val 4093613185 ecr 1308222171], length 0
17:29:05.706640 IP arch.59434 > archlinux.org.http: Flags [P.], seq 0:95, ack 1, win 502, options [nop,nop,TS val 4093613185 ecr 1308222171], length 95: HTTP: GET /check_network_status.txt HTTP/1.1
17:29:05.761594 IP arch.59434 > archlinux.org.http: Flags [.], ack 204, win 501, options [nop,nop,TS val 4093613240 ecr 1308222225], length 0
17:29:05.761687 IP arch.59434 > archlinux.org.http: Flags [F.], seq 95, ack 204, win 501, options [nop,nop,TS val 4093613241 ecr 1308222225], length 0
17:29:05.761767 IP arch.59434 > archlinux.org.http: Flags [.], ack 205, win 501, options [nop,nop,TS val 4093613241 ecr 1308222225], length 0
17:34:05.648454 IP arch.59470 > archlinux.org.http: Flags [S], seq 4116681146, win 64240, options [mss 1460,sackOK,TS val 4093913127 ecr 0,nop,wscale 7], length 0
17:34:05.707280 IP arch.59470 > archlinux.org.http: Flags [.], ack 1008381893, win 502, options [nop,nop,TS val 4093913186 ecr 1308522172], length 0
17:34:05.707393 IP arch.59470 > archlinux.org.http: Flags [P.], seq 0:95, ack 1, win 502, options [nop,nop,TS val 4093913186 ecr 1308522172], length 95: HTTP: GET /check_network_status.txt HTTP/1.1
17:34:05.777224 IP arch.59470 > archlinux.org.http: Flags [.], ack 204, win 501, options [nop,nop,TS val 4093913256 ecr 1308522241], length 0
17:34:05.777390 IP arch.59470 > archlinux.org.http: Flags [F.], seq 95, ack 204, win 501, options [nop,nop,TS val 4093913256 ecr 1308522241], length 0
17:34:05.777497 IP arch.59470 > archlinux.org.http: Flags [.], ack 205, win 501, options [nop,nop,TS val 4093913256 ecr 1308522241], length 0

Why?
I do not know what I run that could cause this

Last edited by mabox (2021-02-24 06:29:51)

Offline

#5 2021-02-24 06:29:57

mabox
Member
Registered: 2016-05-03
Posts: 5

Re: Question about DNS configuration because of thousand PTR requests.

I would really like to know why my arch installation sends a AAAA request every 3 minutes and an A request every 5 minutes to archlinux.org. Has no one else made such observations?

Offline

#6 2021-02-24 07:57:37

progandy
Member
Registered: 2012-05-17
Posts: 4,241

Re: Question about DNS configuration because of thousand PTR requests.

I do not know why there are two intervals, but this should probably be networkmanager:
https://wiki.archlinux.org/index.php/Ne … nnectivity


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#7 2021-02-24 08:08:28

mabox
Member
Registered: 2016-05-03
Posts: 5

Re: Question about DNS configuration because of thousand PTR requests.

Thank you very much for this info. It does not really bother me, especially archlinux I trust completely :-) but I wanted to understand.
Is there any recommendation why it's set that way and if it's really necessary? Maybe I would rather disable it then.

EDIT:
ok I don't see it as necessary and have now disabled it. The IP6 requests (AAAA) also stop now.

Last edited by mabox (2021-02-24 08:29:36)

Offline

Board footer

Powered by FluxBB