Business Community > All Threads > SG2005P-PD Switch is the top (by >3x) DNS querier in the entire network!
< All Threads

SG2005P-PD Switch is the top (by >3x) DNS querier in the entire network!

12

SG2005P-PD Switch is the top (by >3x) DNS querier in the entire network!

14 Reply
Re:SG2005P-PD Switch is the top (by >3x) DNS querier in the entire network!
Tuesday - last edited Tuesday

  @Clive_A Here's the visual of the pcap from a little over a minute. I mirrored the uplink of the SG2210MP to a free port connected to a linux host and ran tcpdump on that host for all traffic to/from the SG2210MP host IP. I then analyzed that pcap in wireshark. You can see that indeed the switch is sending DNS quries for the configured NTP host about every 8 seconds (and getting valid responses). On my 192.168.4.0/22 subnet, 6.14 is the DNS server and 4.73 is the SG2210MP switch:

 

 

The only non-DNS traffic in the capture was TLS traffic between the switch and the software controller, and ARP queries/responses.

  0  
  0  
#12
Options
Re:SG2005P-PD Switch is the top (by >3x) DNS querier in the entire network!
Wednesday

Hi @daubstep 

Thanks for posting in our business forum.

daubstep wrote

  @Clive_A Here's the visual of the pcap from a little over a minute. I mirrored the uplink of the SG2210MP to a free port connected to a linux host and ran tcpdump on that host for all traffic to/from the SG2210MP host IP. I then analyzed that pcap in wireshark. You can see that indeed the switch is sending DNS quries for the configured NTP host about every 8 seconds (and getting valid responses). On my 192.168.4.0/22 subnet, 6.14 is the DNS server and 4.73 is the SG2210MP switch:

 

 

 

The only non-DNS traffic in the capture was TLS traffic between the switch and the software controller, and ARP queries/responses.

This is what I am looking for. That capture indicates the switch indeed sends the DNS for the NTP server you have set.

You've changed the NTP to Cloudflare now. Correct?

That does not look right to me. I've sent this to the test team. It seems that certain models experiencing this. I was not seeing this on the models I tried last time.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#13
Options
Re:SG2005P-PD Switch is the top (by >3x) DNS querier in the entire network!
Wednesday - last edited Wednesday

  @Clive_A 

> You've changed the NTP to Cloudflare now. Correct?

Yes, that is correct - I wanted to rule out anything ntp-server specific. All Omada gear should now be using Cloudflare for NTP, and indeed, I can see more rare DNS resolution from other devices for the ntp domain.

 

> It seems that certain models experiencing this. 

Yes, only my SG2008P and SG2210MP switches are repeatedly querying DNS every ~8 seconds for it.
(I have not recently been using my SG2005P-PD, but I assume, since it was the original offender, that it would also be doing so if currently online - but my many EAPs and my Router seem to only query rarely as expected)

  0  
  0  
#14
Options
Re:SG2005P-PD Switch is the top (by >3x) DNS querier in the entire network!
Wednesday

Hi @daubstep 

Thanks for posting in our business forum.

daubstep wrote

  @Clive_A 

> You've changed the NTP to Cloudflare now. Correct?

Yes, that is correct - I wanted to rule out anything ntp-server specific. All Omada gear should now be using Cloudflare for NTP, and indeed, I can see more rare DNS resolution from other devices for the ntp domain.

 

> It seems that certain models experiencing this. 

Yes, only my SG2008P and SG2210MP switches are repeatedly querying DNS every ~8 seconds for it.
(I have not recently been using my SG2005P-PD, but I assume, since it was the original offender, that it would also be doing so if currently online - but my many EAPs and my Router seem to only query rarely as expected)

I have requested the dev to explain from the code level. Not sure if there is any change on the latest firmware which made it happen again. Will update you soon as I am updated.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#15
Options
12
Related Articles
SG2005P-PD wont power a cpe210
552 0
sg2005p-pd - checking the temperature via CLI
195 0
Will SG2005P-PD work with Deco access points/router ?
398 0
SG2005P-PD does not boot up when PoE device is plugged
421 0
Powering 4 EAP215 Wireless Bridges and an SG2005P-PD
381 0
SG2005P-PD switch statistics not populated
689 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.