You are not logged in.

Pages: 1

#1 2011-10-04 23:10:05

jon.wulf
Member
Registered: 2009-07-03
Posts: 40

Unusual DNS Activity [Solved]

Hello all, I noticed this afternoon that I had abnormal network activity on my desktop. After some sleuthing I found that my desktop and router appeared to be playing ping pong with DNS. If I boot up, login, connect to the network (wired) and run wireshark, everything's fine. If I do ANYTHING, even just visit google, my desktop is continually pelted with DNS responses from the router - it doesn't stop until I reboot. I checked my laptop and does NOT have this problem.
While this isn't a critical issue it'd be nice to get to the bottom of it.

Regards,
Jon

Last edited by jon.wulf (2011-10-05 17:41:13)

Offline

#2 2011-10-05 01:54:46

eldragon
Member
From: Buenos Aires
Registered: 2008-11-18
Posts: 1,029

Re: Unusual DNS Activity [Solved]

if the responses come from the router only....why not reboot the router instead, which dns addresses are being sent / requested? only google' s?

Offline

#3 2011-10-05 09:50:43

jon.wulf
Member
Registered: 2009-07-03
Posts: 40

Re: Unusual DNS Activity [Solved]

I have rebooted my router several times and the problem persists.  The DNS requests/responses occur from anything I do, I just use google as a baseline as it's reliable and loads fast. 

No.     Time        Source                Destination           Protocol Length Info
      1 0.000000    192.168.1.1           192.168.1.3           DNS      142    Standard query response PTR baymsg1010719.gateway.edge.messenger.live.com
Domain Name System (response)

No.     Time        Source                Destination           Protocol Length Info
      2 0.000474    192.168.1.3           192.168.1.1           DNS      87     Standard query PTR 134.230.125.74.in-addr.arpa
Domain Name System (query)

No.     Time        Source                Destination           Protocol Length Info
      3 0.075945    192.168.1.1           192.168.1.3           DNS      147    Standard query response, No such name
Domain Name System (response)

No.     Time        Source                Destination           Protocol Length Info
      4 0.076166    192.168.1.3           192.168.1.1           DNS      86     Standard query PTR 235.94.221.88.in-addr.arpa
Domain Name System (query)

No.     Time        Source                Destination           Protocol Length Info
      5 0.121257    192.168.1.1           192.168.1.3           DNS      144    Standard query response PTR a88-221-94-235.deploy.akamaitechnologies.com
Domain Name System (response)

No.     Time        Source                Destination           Protocol Length Info
      6 1.347473    192.168.1.3           192.168.1.1           DNS      84     Standard query PTR 3.1.168.192.in-addr.arpa
Domain Name System (query)

No.     Time        Source                Destination           Protocol Length Info
      7 1.359410    192.168.1.1           192.168.1.3           DNS      127    Standard query response, No such name
Domain Name System (response)

No.     Time        Source                Destination           Protocol Length Info
      8 1.359506    192.168.1.3           192.168.1.1           DNS      85     Standard query PTR 112.18.9.176.in-addr.arpa
Domain Name System (query)

No.     Time        Source                Destination           Protocol Length Info
      9 1.405287    192.168.1.1           192.168.1.3           DNS      121    Standard query response PTR brynhild.archlinux.org
Domain Name System (response)

No.     Time        Source                Destination           Protocol Length Info
     10 1.405799    192.168.1.3           192.168.1.1           DNS      87     Standard query PTR 138.169.85.209.in-addr.arpa
Domain Name System (query)

No.     Time        Source                Destination           Protocol Length Info
     11 1.501901    192.168.1.1           192.168.1.3           DNS      127    Standard query response PTR bru02m01-in-f138.1e100.net
Domain Name System (response)

No.     Time        Source                Destination           Protocol Length Info
     12 1.502285    192.168.1.3           192.168.1.1           DNS      83     Standard query PTR 43.61.4.64.in-addr.arpa
Domain Name System (query)

No.     Time        Source                Destination           Protocol Length Info
     13 1.549457    192.168.1.1           192.168.1.3           DNS      142    Standard query response PTR baymsg1010719.gateway.edge.messenger.live.com
Domain Name System (response)

No.     Time        Source                Destination           Protocol Length Info
     14 1.549629    192.168.1.3           192.168.1.1           DNS      87     Standard query PTR 134.230.125.74.in-addr.arpa
Domain Name System (query)

No.     Time        Source                Destination           Protocol Length Info
     15 1.625354    192.168.1.1           192.168.1.3           DNS      147    Standard query response, No such name
Domain Name System (response)

No.     Time        Source                Destination           Protocol Length Info
     16 1.625510    192.168.1.3           192.168.1.1           DNS      86     Standard query PTR 235.94.221.88.in-addr.arpa
Domain Name System (query)

No.     Time        Source                Destination           Protocol Length Info
     17 1.670172    192.168.1.1           192.168.1.3           DNS      144    Standard query response PTR a88-221-94-235.deploy.akamaitechnologies.com
Domain Name System (response)

No.     Time        Source                Destination           Protocol Length Info
     18 2.847171    192.168.1.3           192.168.1.1           DNS      84     Standard query PTR 3.1.168.192.in-addr.arpa
Domain Name System (query)

No.     Time        Source                Destination           Protocol Length Info
     19 2.859043    192.168.1.1           192.168.1.3           DNS      127    Standard query response, No such name
Domain Name System (response)

No.     Time        Source                Destination           Protocol Length Info
     20 2.859156    192.168.1.3           192.168.1.1           DNS      85     Standard query PTR 112.18.9.176.in-addr.arpa
Domain Name System (query)

No.     Time        Source                Destination           Protocol Length Info
     21 2.906700    192.168.1.1           192.168.1.3           DNS      121    Standard query response PTR brynhild.archlinux.org
Domain Name System (response)

No.     Time        Source                Destination           Protocol Length Info
     22 2.906933    192.168.1.3           192.168.1.1           DNS      87     Standard query PTR 138.169.85.209.in-addr.arpa
Domain Name System (query)

That is the output of several seconds of running wireshark on my ethernet adapter. - I stripped out the MAC addresses, etc... from the output.

Offline

#4 2011-10-05 11:04:53

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: Unusual DNS Activity [Solved]

Does that keep happening if you close the browser and all other nonessential stuff?

R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#5 2011-10-05 11:12:08

jon.wulf
Member
Registered: 2009-07-03
Posts: 40

Re: Unusual DNS Activity [Solved]

Yes, I've tried closing all applications -even restarting X - as well as restarting the network service and as soon as the interface is back up, in comes the data.

Offline

#6 2011-10-05 17:39:59

jon.wulf
Member
Registered: 2009-07-03
Posts: 40

Re: Unusual DNS Activity [Solved]

I appear to have solved it. My conky script for network monitoring had begun to constantly resolve the ip's of active connections. I haven't found a work around for that yet, but #ing out that part of it has stopped the traffic.

Offline

Pages: 1

Board footer

Powered by FluxBB