• SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Router performing crippling "DNSKEY" look-ups out of the blue

C

CB7

Occasional Visitor
Hi,

Sometimes, out of nowhere as I really cannot put a clock or any preceding event to it, the router suddenly starts sending out thousands of queries for "." (without quotes, so literally just a dot).
The type is "DNSKEY, plain DNS" and, probably due to the sheer volume of them (we're talking tens of thousands of requests suddenly), they take about 20 seconds to complete - each! The CPU load on the router skyrockets and DNS resolution comes to a halt (as well as services ceasing to respond).

... But why is it doing that? Digging deeeeep in my memory, I believe the . DNSKEY is to find root servers. But why on earth does it send tens of thousands of requests for it and all at once? It supposed to request it and then cache it for a while. Not try to resolve it thousands and thousands of time. To be clear: the requests come from the router itself, not from a client on the network.

Anyone got any idea? :) Google is not being overly helpful.
I'm running Merlin on an AX3000-V2 with AdGuard Home running as the DNS service. Attached some screenshots.

Thanks!
 

Attachments

  • QueryLogExcerpt.png
    QueryLogExcerpt.png
    96.8 KB · Views: 10
  • Tally.png
    Tally.png
    6.4 KB · Views: 10
Make sure DNSSEC is turned off on the WAN page. I can’t think of any other reason why the router would be making DNSKEY requests. Unless AdGuardHome is doing it to itself.
 
  • Like
Reactions: CB7
dave14305 said:
Make sure DNSSEC is turned off on the WAN page. I can’t think of any other reason why the router would be making DNSKEY requests. Unless AdGuardHome is doing it to itself.
Click to expand...
Thanks - if that's the "Enable DNSSEC support" one you're referring to: that one is indeed already disabled. Right above that, I do have the DNS server set to the router itself (so AGH) - would it be better to change that to an external service? (I mean, it still shouldn't be sending tens of thousands of DNSKEY-requests; but at least it won't cripple itself over it.) I assume that won't affect DNS Director for all other clients on the network.
 
What are the upstream servers for AGH? Maybe these queries are caught in a DNS loop.
 
You must log in or register to reply here.

Similar threads

C
Router can't resolve DNS [Fixed]
Replies
8
Views
549
CB7
C
P
DNS Director (Global redirection = router, User defined 1 = pihole) not sending anything to user defined 1
Replies
11
Views
430
bennor
B
V
AI mesh and Pihole DNS spam: what I found out and where I’m stuck
Replies
17
Views
389
ZebMcKayhan
Z
L
"Maximum number of concurrent DNS queries" with strange lb._dns-sd._udp. ... .in-addr.arpa reverse DNS queries (has Pi running Adguard Home + Unbound)
Replies
2
Views
1K
loveleeyoungae
L
X
RT-AX58U sudden DNS problem - URGENT
Replies
14
Views
2K
dave14305
dave14305
Similar threads
Thread starter Title Forum Replies Date
B Tutorial Automatically Reboot Asus Router on Network Failures Asuswrt-Merlin 15
M Reverting to single router from mesh Asuswrt-Merlin 2
A VPN settings missing in newer Merlin firmwares on my router Asuswrt-Merlin 13
CaptnDanLKW Router to Router Routing help Asuswrt-Merlin 11
Viktor Jaep OpenVPN Client Connection through existing OpenVPN Router Connection causes DISCONNECT Asuswrt-Merlin 29
P DNS Director (Global redirection = router, User defined 1 = pihole) not sending anything to user defined 1 Asuswrt-Merlin 11
M Unknown MAC address filling up router log- Amazon Fire TV Cube Asuswrt-Merlin 9
C Router can't resolve DNS [Fixed] Asuswrt-Merlin 8
F Cannot Connect to Router WiFi Directly but is OK with Ubuquity Wired Wireless AP's Asuswrt-Merlin 6
E Unable to add GT-AX11000 as an AiMesh node to GT-BE98 PRO router Asuswrt-Merlin 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 403 (members: 11, guests: 392)
Top