Forums

Stories

Knowledge Base

Home Network Community > Deco > Flood of DNS requests to NTP server

< Deco

Flood of DNS requests to NTP server

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Flood of DNS requests to NTP server

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

bramdenboer

LV1

2020-06-03 13:39:04 - last edited 2022-03-22 06:35:32

Posts: 2

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2020-05-28

Flood of DNS requests to NTP server

2020-06-03 13:39:04 - last edited 2022-03-22 06:35:32

Model: Deco M9 Plus

Hardware Version: V1

Firmware Version: Deco M9 Plus(EU)_V1_200324

Hi,

Since the last firmware update, I can see a huge increase in DNS requests coming from the Deco units (M9 plus).

In fact, every second (!) on average there are multiple requests to eu.pool.ntp.org. My logs are being flooded by this.

I know this is an NTP server used for time synchronisation, but it is not normal to do this multiple times per second. More like once every hour.

A small excerpt from my Pi-Hole logs:

Jun  3 14:27:52 dnsmasq[546]: query[AAAA] eu.pool.ntp.org from 192.168.1.xxx
Jun  3 14:27:52 dnsmasq[546]: cached eu.pool.ntp.org is NXDOMAIN
Jun  3 14:27:52 dnsmasq[546]: query[A] eu.pool.ntp.org from 192.168.1.xxx
Jun  3 14:27:52 dnsmasq[546]: cached eu.pool.ntp.org is NXDOMAIN
Jun  3 14:27:53 dnsmasq[546]: query[AAAA] eu.pool.ntp.org from 192.168.1.xxx
Jun  3 14:27:53 dnsmasq[546]: cached eu.pool.ntp.org is NXDOMAIN
Jun  3 14:27:53 dnsmasq[546]: query[A] eu.pool.ntp.org from 192.168.1.xxx
Jun  3 14:27:53 dnsmasq[546]: cached eu.pool.ntp.org is NXDOMAIN
Jun  3 14:27:53 dnsmasq[546]: query[AAAA] eu.pool.ntp.org from 192.168.1.xxx
Jun  3 14:27:53 dnsmasq[546]: cached eu.pool.ntp.org is NXDOMAIN
Jun  3 14:27:53 dnsmasq[546]: query[A] eu.pool.ntp.org from 192.168.1.xxx
Jun  3 14:27:53 dnsmasq[546]: cached eu.pool.ntp.org is NXDOMAIN
Jun  3 14:27:58 dnsmasq[546]: query[AAAA] eu.pool.ntp.org from 192.168.1.xxx
Jun  3 14:27:58 dnsmasq[546]: cached eu.pool.ntp.org is NXDOMAIN
Jun  3 14:27:58 dnsmasq[546]: query[A] eu.pool.ntp.org from 192.168.1.xxx
Jun  3 14:27:58 dnsmasq[546]: cached eu.pool.ntp.org is NXDOMAIN
Jun  3 14:27:59 dnsmasq[546]: query[AAAA] eu.pool.ntp.org from 192.168.1.xxx
Jun  3 14:27:59 dnsmasq[546]: cached eu.pool.ntp.org is NXDOMAIN
Jun  3 14:27:59 dnsmasq[546]: query[A] eu.pool.ntp.org from 192.168.1.xxx
Jun  3 14:27:59 dnsmasq[546]: cached eu.pool.ntp.org is NXDOMAIN
Jun  3 14:27:59 dnsmasq[546]: query[AAAA] eu.pool.ntp.org from 192.168.1.xxx
Jun  3 14:27:59 dnsmasq[546]: cached eu.pool.ntp.org is NXDOMAIN
Jun  3 14:27:59 dnsmasq[546]: query[A] eu.pool.ntp.org from 192.168.1.xxx
Jun  3 14:27:59 dnsmasq[546]: cached eu.pool.ntp.org is NXDOMAIN

I have three Deco units installed and they are all making these silly requests.

Does anyone else experience the same?

2 Accepted Solutions

David-TP

2020-06-05 09:59:51 - last edited 2022-03-22 06:35:26

Posts: 9965

Helpful: 1306

Solutions: 851

Stories: 9

Registered: 2020-04-14

Re:Flood of DNS requests to NTP server-Solution

2020-06-05 09:59:51 - last edited 2022-03-22 06:35:26

@bramdenboer

Update:

The issue of frequent requests to the NTP server on Deco M9 plus here has been improved since firmware 1.5.x.

Please make sure the firmware of your Deco is up to date.

Thank you very much.

Deco Monthly Recap- Check What's Currently Going on With Deco TL-WA850RE V7 Adds the Support of Customizing Password and Encryption Type

Recommended Solution

jedimasterjonny

LV1

2020-07-25 07:28:19 - last edited 2020-07-28 07:53:52

Posts: 2

Helpful: 2

Solutions: 1

Stories: 0

Registered: 2020-07-20

Re:Flood of DNS requests to NTP server-Solution

2020-07-25 07:28:19 - last edited 2020-07-28 07:53:52

@bramdenboer

Furter to this if you map the incorrect domain the Deco is trying to access of eu.pool.ntp.org to the IP address for europe.pool.ntp.org in your pi-hole, the flood of requestly instantly stops, as the Decos can then sync their time successfully.

To find the IP address for the domain, on your local machine:

% dig europe.pool.ntp.org 

; <<>> DiG 9.10.6 <<>> europe.pool.ntp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27888
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;europe.pool.ntp.org.        IN    A

;; ANSWER SECTION:
europe.pool.ntp.org.    121    IN    A    194.158.196.171
europe.pool.ntp.org.    121    IN    A    84.245.9.254
europe.pool.ntp.org.    121    IN    A    85.199.214.99
europe.pool.ntp.org.    121    IN    A    91.209.94.10

;; Query time: 41 msec
;; SERVER: 192.168.68.121#53(192.168.68.121)
;; WHEN: Sat Jul 25 08:23:03 BST 2020
;; MSG SIZE  rcvd: 188

Then go to 'Local DNS Records' page on your pi-hole and add a record for eu.pool.ntp.org pointing to any of the IPs in the above list.

Obviusly this is just a filthy hack, and a stop gap until the Decos are updated to not try to NTP sync against an non-existenet domain...

Recommended Solution

18 Reply

David-TP

2020-06-05 09:59:51 - last edited 2022-03-22 06:35:26

Posts: 9965

Helpful: 1306

Solutions: 851

Stories: 9

Registered: 2020-04-14

Re:Flood of DNS requests to NTP server-Solution

2020-06-05 09:59:51 - last edited 2022-03-22 06:35:26

@bramdenboer

Update:

The issue of frequent requests to the NTP server on Deco M9 plus here has been improved since firmware 1.5.x.

Please make sure the firmware of your Deco is up to date.

Thank you very much.

Deco Monthly Recap- Check What's Currently Going on With Deco TL-WA850RE V7 Adds the Support of Customizing Password and Encryption Type

Recommended Solution

bramdenboer

LV1

2020-06-05 10:15:29

Posts: 2

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2020-05-28

Re:Flood of DNS requests to NTP server

2020-06-05 10:15:29

@TP-Link_Deco

No I haven't because I am using the Deco in Access Point mode so there is no DNS setting to change.

All my devices (including the Deco) are using my Pi-hole server as a DNS server, that is also the reason I am being able to see which DNS requests are being made from which device. Pi-hole forwards all DNS requests to the public DNS server of my ISP (or an alternative one like Google of CloudFlare DNS).

The issues probably lies within the Deco firmware itself, and this only started happening after the new firmware update. Somehow there is some kind of polling mechanism in place that queries the aforementioned NTP server far too often.

David-TP

2020-06-11 11:37:47

Posts: 9965

Helpful: 1306

Solutions: 851

Stories: 9

Registered: 2020-04-14

Re:Flood of DNS requests to NTP server

2020-06-11 11:37:47

@bramdenboer

Can you try to configure Deco works in the Router mode and check if Deco will have the same problem or not?

Deco Monthly Recap- Check What's Currently Going on With Deco TL-WA850RE V7 Adds the Support of Customizing Password and Encryption Type

jedimasterjonny

LV1

2020-07-20 21:20:19

Posts: 2

Helpful: 2

Solutions: 1

Stories: 0

Registered: 2020-07-20

Re:Flood of DNS requests to NTP server

2020-07-20 21:20:19

@bramdenboer

Came across this today.

This is because pool.ntp.org now uses europe.pool.ntp.org and not eu.ntp.org. Our Deco's are trying to NTP sync using a domain that doesn't exist.

Until TP-Link push an update to the Deco's with the correct domain, they're going to keep spamming a non-existent domain, and getting NXDOMAIN as the response.

My guess is the speed of requests is due to the fact it's failing to NTP sync because the domain is bad, so is retrying again quickly afterwards. I'm assuming once they're syncing against a valid server, they'll calm down.

jedimasterjonny

LV1

2020-07-25 07:28:19 - last edited 2020-07-28 07:53:52

Posts: 2

Helpful: 2

Solutions: 1

Stories: 0

Registered: 2020-07-20

Re:Flood of DNS requests to NTP server-Solution

2020-07-25 07:28:19 - last edited 2020-07-28 07:53:52

@bramdenboer

To find the IP address for the domain, on your local machine:

% dig europe.pool.ntp.org 

; <<>> DiG 9.10.6 <<>> europe.pool.ntp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27888
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;europe.pool.ntp.org.        IN    A

;; ANSWER SECTION:
europe.pool.ntp.org.    121    IN    A    194.158.196.171
europe.pool.ntp.org.    121    IN    A    84.245.9.254
europe.pool.ntp.org.    121    IN    A    85.199.214.99
europe.pool.ntp.org.    121    IN    A    91.209.94.10

;; Query time: 41 msec
;; SERVER: 192.168.68.121#53(192.168.68.121)
;; WHEN: Sat Jul 25 08:23:03 BST 2020
;; MSG SIZE  rcvd: 188

Then go to 'Local DNS Records' page on your pi-hole and add a record for eu.pool.ntp.org pointing to any of the IPs in the above list.

Obviusly this is just a filthy hack, and a stop gap until the Decos are updated to not try to NTP sync against an non-existenet domain...

Recommended Solution

DaveEdi

LV1

2020-07-27 21:29:39

Posts: 12

Helpful: 2

Solutions: 1

Stories: 0

Registered: 2020-02-24

Re:Flood of DNS requests to NTP server

2020-07-27 21:29:39

@jedimasterjonny

I'd spotted the obvious type in their DNS, thanks for the tip on PiHole, I've done just that. Hopefully we won't have to wait another 6 months for a firmware update but I'm not holding my breath,

Any idea if it's possible to add multiple IPs for a domain in PiHole local DNS?

Dave

David-TP

2020-07-28 07:55:45

Posts: 9965

Helpful: 1306

Solutions: 851

Stories: 9

Registered: 2020-04-14

Re:Flood of DNS requests to NTP server

2020-07-28 07:55:45

@jedimasterjonny

Hello, thanks very much for sharing this valued info in the community and we will soon investigate and fix this in the future firmware update.

Good days.

Deco Monthly Recap- Check What's Currently Going on With Deco TL-WA850RE V7 Adds the Support of Customizing Password and Encryption Type

Tikamak

LV1

2020-11-03 08:29:32

Posts: 10

Helpful: 2

Solutions: 0

Stories: 0

Registered: 2020-06-12

Re:Flood of DNS requests to NTP server

2020-11-03 08:29:32

@jedimasterjonny

How can we fix this issue if we don't have pi-hole, if we just have a simple setup:

Internet --> modem --> deco M9 plus --> home

This has been going for almost a year now ... can someone please fix this damn issue already ?

Tikamak

LV1

2020-11-03 08:33:10

Posts: 10

Helpful: 2

Solutions: 0

Stories: 0

Registered: 2020-06-12

Re:Flood of DNS requests to NTP server

2020-11-03 08:33:10

@TP-Link_Deco

What is the ETA on the firmware that corrects the ntp address ?

How can we fix it if we don't have a pi-hole ?

#10

Tikamak

LV1

2020-11-03 08:42:18

Posts: 10

Helpful: 2

Solutions: 0

Stories: 0

Registered: 2020-06-12

Re:Flood of DNS requests to NTP server

2020-11-03 08:42:18

I'd like to share that i set the primary DNS to google's 8.8.8.8 and 8.8.4.4 (secondary) and this fixed the problem for me.

In order to do that here's the documentation: https://www.tp-link.com/en/support/faq/1855/

#11

bramdenboer

LV1

2020-06-03 13:39:04 - last edited 2022-03-22 06:35:32

Posts: 2

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2020-05-28

Information

Helpful: 0

Replies: 18

Flood of DNS requests to NTP server

Flood of DNS requests to NTP server

Information

Voters 0

Tags