@Clive_A Here's the visual of the pcap from a little over a minute. I mirrored the uplink of the SG2210MP to a free port connected to a linux host and ran tcpdump on that host for all traffic to/from the SG2210MP host IP. I then analyzed that pcap in wireshark. You can see that indeed the switch is sending DNS quries for the configured NTP host about every 8 seconds (and getting valid responses). On my 192.168.4.0/22 subnet, 6.14 is the DNS server and 4.73 is the SG2210MP switch:

The only non-DNS traffic in the capture was TLS traffic between the switch and the software controller, and ARP queries/responses.

Hi @daubstep 

Thanks for posting in our business forum.

daubstep wrote

  @Clive_A Here's the visual of the pcap from a little over a minute. I mirrored the uplink of the SG2210MP to a free port connected to a linux host and ran tcpdump on that host for all traffic to/from the SG2210MP host IP. I then analyzed that pcap in wireshark. You can see that indeed the switch is sending DNS quries for the configured NTP host about every 8 seconds (and getting valid responses). On my 192.168.4.0/22 subnet, 6.14 is the DNS server and 4.73 is the SG2210MP switch:

 

 

 

The only non-DNS traffic in the capture was TLS traffic between the switch and the software controller, and ARP queries/responses.

This is what I am looking for. That capture indicates the switch indeed sends the DNS for the NTP server you have set.

You've changed the NTP to Cloudflare now. Correct?

That does not look right to me. I've sent this to the test team. It seems that certain models experiencing this. I was not seeing this on the models I tried last time.

  @Clive_A 

> You've changed the NTP to Cloudflare now. Correct?

Yes, that is correct - I wanted to rule out anything ntp-server specific. All Omada gear should now be using Cloudflare for NTP, and indeed, I can see more rare DNS resolution from other devices for the ntp domain.

> It seems that certain models experiencing this. 

Yes, only my SG2008P and SG2210MP switches are repeatedly querying DNS every ~8 seconds for it.
(I have not recently been using my SG2005P-PD, but I assume, since it was the original offender, that it would also be doing so if currently online - but my many EAPs and my Router seem to only query rarely as expected)

Hi @daubstep 

Thanks for posting in our business forum.

daubstep wrote

  @Clive_A 

> You've changed the NTP to Cloudflare now. Correct?

Yes, that is correct - I wanted to rule out anything ntp-server specific. All Omada gear should now be using Cloudflare for NTP, and indeed, I can see more rare DNS resolution from other devices for the ntp domain.

 

> It seems that certain models experiencing this. 

Yes, only my SG2008P and SG2210MP switches are repeatedly querying DNS every ~8 seconds for it.
(I have not recently been using my SG2005P-PD, but I assume, since it was the original offender, that it would also be doing so if currently online - but my many EAPs and my Router seem to only query rarely as expected)

I have requested the dev to explain from the code level. Not sure if there is any change on the latest firmware which made it happen again. Will update you soon as I am updated.

  @Clive_A Thank you! Do you know if SG2008P v3.20 and SG2210MP v4.20 firmware is available? The SG2210MP seems to be available for v5 hardware only and SG2008P is not available at all. Unfortunately these are my two switches curently with this issue and I don't have my SG2005P-PD v1.0 running at the moment to test.

Hi  @daubstep 

daubstep wrote

  @Clive_A Thank you! Do you know if SG2008P v3.20 and SG2210MP v4.20 firmware is available? The SG2210MP seems to be available for v5 hardware only and SG2008P is not available at all. Unfortunately these are my two switches curently with this issue and I don't have my SG2005P-PD v1.0 running at the moment to test.

See the attachment.

  @Clive_A Thank you!
I updated both switches last night to the attached firmware and my controller now shows:

SG2008P v3.20: 3.20.9 Build 20250304 Rel.77614

SG2210MP v4.20: 4.20.10 Build 20250304 Rel.77614

After the update, my SG2210MP does appear to have stopped sending DNS requests for the NTP server hostname, however, my SG2008P continues to send them every ~8seconds. Figure it was worth reporting since it seems the fix is not working for the SG2008P.

Hi @daubstep 

Thanks for posting in our business forum.

daubstep wrote

  @Clive_A Thank you!
I updated both switches last night to the attached firmware and my controller now shows:

SG2008P v3.20: 3.20.9 Build 20250304 Rel.77614

SG2210MP v4.20: 4.20.10 Build 20250304 Rel.77614

 

After the update, my SG2210MP does appear to have stopped sending DNS requests for the NTP server hostname, however, my SG2008P continues to send them every ~8seconds. Figure it was worth reporting since it seems the fix is not working for the SG2008P.

 

 

Reboot it and monitor it for another day?

Let me know if it persists, I might need the Device Info exported from the switch. But will see.