EAP670 sending DNS request for "del" around once per second
I'm seeing these logs in my DNS server (AdGuard Home). Has anyone seen this before or know what these requests are? Both devices are EAP670 (US) v1.0 on firmware 10.1.12 build 20230922 and I'm using a software controller running in Docker. Searching Google for "TP-Link Omada del" is... not useful at all.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Virgo This has nothing to do with AdGuard Home and would be the same regardless of which DNS server I'm using. The EAP670 access points are sending these DNS queries.
- Copy Link
- Report Inappropriate Content
Do you mean 10.1.0.6/10.1.0.7 is the EAPs IP address? If use the mouse move above the icon "?" in the Response list, any info?
- Copy Link
- Report Inappropriate Content
@Virgo Yeah, those two IPs are the IPs of my two EAP670 access points. The access points are the only devices requesting this strange "del" hostname. The '?' icon just shows some details about which upstream DNS server processed the request.
- Copy Link
- Report Inappropriate Content
What the DNS request from EAP670 means may only be seen by capturing the packets, use the wireshark to capture some packets for debugging, mirror the port connected to PC to the port connected to EAP, refer to How to Capture the Wireless Packets on MacBook | TP-Link.
More troubleshooting techniques are here, check it out.
- Copy Link
- Report Inappropriate Content
@Dan15 Did you ever resolve this? I am seeing this as well and I can't really see why. It's only the EAP670 making the DNS query and it is very, very frequent.
- Copy Link
- Report Inappropriate Content
@ndb217 Unfortunately I never resolved it. I haven't been able to figure out what's sending the requests.
- Copy Link
- Report Inappropriate Content
@Dan15 I very clearly see my APs asking for it. Here is the packet capture of the request directly from the DNS resolver:
22:08:26.844151 IP (tos 0x0, ttl 63, id 64535, offset 0, flags [DF], proto UDP (17), length 49)
10.10.10.8.58768 > resolver1: [udp sum ok] 1484+ A? del. (21)
22:08:26.844336 IP (tos 0x0, ttl 64, id 17498, offset 0, flags [DF], proto UDP (17), length 49)
resolver1 > 10.10.10.8.58768: [bad udp cksum 0xf056 -> 0x37a5!] 1484 NXDomain q: A? del. 0/0/0 (21)
22:08:26.860344 IP (tos 0x0, ttl 63, id 64536, offset 0, flags [DF], proto UDP (17), length 49)
10.10.10.8.45892 > resolver1: [udp sum ok] 58840+ A? del. (21)
22:08:26.860535 IP (tos 0x0, ttl 64, id 17502, offset 0, flags [DF], proto UDP (17), length 49)
resolver1 > 10.10.10.8.45892: [bad udp cksum 0xf056 -> 0x89e4!] 58840 NXDomain q: A? del. 0/0/0 (21)
22:08:26.876072 IP (tos 0x0, ttl 63, id 64537, offset 0, flags [DF], proto UDP (17), length 49)
10.10.10.8.36773 > resolver1: [udp sum ok] 33065+ A? del. (21)
22:08:26.876248 IP (tos 0x0, ttl 64, id 17505, offset 0, flags [DF], proto UDP (17), length 49)
resolver1 > 10.10.10.8.36773: [bad udp cksum 0xf056 -> 0x1233!] 33065 NXDomain q: A? del. 0/0/0 (21)
22:08:26.890649 IP (tos 0x0, ttl 63, id 64538, offset 0, flags [DF], proto UDP (17), length 49)
10.10.10.8.35331 > resolver1: [udp sum ok] 17302+ A? del. (21)
22:08:26.890824 IP (tos 0x0, ttl 64, id 17509, offset 0, flags [DF], proto UDP (17), length 49)
resolver1 > 10.10.10.8.35331: [bad udp cksum 0xf056 -> 0x5568!] 17302 NXDomain q: A? del. 0/0/0 (21)
22:08:31.020638 IP (tos 0x0, ttl 63, id 64697, offset 0, flags [DF], proto UDP (17), length 49)
10.10.10.8.60413 > resolver1: [udp sum ok] 9984+ A? del. (21)
It is literally just doing a query for the A record "del.", which seems like a bug. My APs are both EAP670s and both are running 1.0.13. I tried 1.0.14 but I had an awful, awful experience where the weekly problem I see of a multicast storm started happening multiple times a day, so I rolled back to 1.0.13. I have a handful of EAP615-Wall that don't have either issue and never have. I am about ready to ship these EAP670s off to ebay between the DNS log nonsense and the weekly multicast storm issues that required a hard reboot, they're more trouble than they should be.
- Copy Link
- Report Inappropriate Content
@ndb217 Sorry, I should have clarified. I see that the requests are coming from the APs, but I don't know if there's some setting I've enabled on the APs that is causing the requests, or if it's just some weird firmware bug. I'm not sure if the bug happens for everyone, since I couldn't find any other references to these strange DNS requests.
- Copy Link
- Report Inappropriate Content
@Dan15 given what I'm seeing I don't see how this is not a bug. There is no reason to query that frequently.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2693
Replies: 25
Voters 0
No one has voted for it yet.