EAP670 sending DNS request for "del" around once per second

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

EAP670 sending DNS request for "del" around once per second

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
EAP670 sending DNS request for "del" around once per second
EAP670 sending DNS request for "del" around once per second
2024-01-09 18:13:47
Model: EAP670  
Hardware Version: V1
Firmware Version: 10.1.12 build 20230922

I'm seeing these logs in my DNS server (AdGuard Home). Has anyone seen this before or know what these requests are? Both devices are EAP670 (US) v1.0 on firmware 10.1.12 build 20230922 and I'm using a software controller running in Docker. Searching Google for "TP-Link Omada del" is... not useful at all.

 

https://d.sb/ My setup: 10Gbps fiber internet, ER8411, 2 x EAP670, Mikrotik CRS312-4C+8XG-RM, Omada software controller in Docker.
  0      
  0      
#1
Options
25 Reply
Re:EAP670 sending DNS request for "del" around once per second
2024-01-10 07:00:21

  @Dan15 

 

If you search it in the AdGuard manual, maybe more helpful.

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:EAP670 sending DNS request for "del" around once per second
2024-01-10 18:17:47

  @Virgo This has nothing to do with AdGuard Home and would be the same regardless of which DNS server I'm using. The EAP670 access points are sending these DNS queries. 

https://d.sb/ My setup: 10Gbps fiber internet, ER8411, 2 x EAP670, Mikrotik CRS312-4C+8XG-RM, Omada software controller in Docker.
  0  
  0  
#3
Options
Re:EAP670 sending DNS request for "del" around once per second
2024-01-11 02:03:46

  @Dan15 

 

Do you mean 10.1.0.6/10.1.0.7 is the EAPs IP address? If use the mouse move above the icon "?" in the Response list, any info?

Just striving to develop myself while helping others.
  0  
  0  
#4
Options
Re:EAP670 sending DNS request for "del" around once per second
2024-01-11 02:07:19

  @Virgo Yeah, those two IPs are the IPs of my two EAP670 access points. The access points are the only devices requesting this strange "del" hostname. The '?' icon just shows some details about which upstream DNS server processed the request.

 

https://d.sb/ My setup: 10Gbps fiber internet, ER8411, 2 x EAP670, Mikrotik CRS312-4C+8XG-RM, Omada software controller in Docker.
  0  
  0  
#5
Options
Re:EAP670 sending DNS request for "del" around once per second
2024-01-11 02:25:19

  @Dan15 

 

What the DNS request from EAP670 means may only be seen by capturing the packets, use the wireshark to capture some packets for debugging, mirror the port connected to PC to the port connected to EAP, refer to How to Capture the Wireless Packets on MacBook | TP-Link.

 

More troubleshooting techniques are here, check it out.

Just striving to develop myself while helping others.
  0  
  0  
#6
Options
Re:EAP670 sending DNS request for "del" around once per second
2024-03-19 18:34:58

  @Dan15 Did you ever resolve this? I am seeing this as well and I can't really see why. It's only the EAP670 making the DNS query and it is very, very frequent. 

  0  
  0  
#7
Options
Re:EAP670 sending DNS request for "del" around once per second
2024-03-19 19:09:55

  @ndb217 Unfortunately I never resolved it. I haven't been able to figure out what's sending the requests.

https://d.sb/ My setup: 10Gbps fiber internet, ER8411, 2 x EAP670, Mikrotik CRS312-4C+8XG-RM, Omada software controller in Docker.
  0  
  0  
#8
Options
Re:EAP670 sending DNS request for "del" around once per second
2024-03-19 22:14:43

  @Dan15 I very clearly see my APs asking for it. Here is the packet capture of the request directly from the DNS resolver: 

 

22:08:26.844151 IP (tos 0x0, ttl 63, id 64535, offset 0, flags [DF], proto UDP (17), length 49)

    10.10.10.8.58768 > resolver1: [udp sum ok] 1484+ A? del. (21)

22:08:26.844336 IP (tos 0x0, ttl 64, id 17498, offset 0, flags [DF], proto UDP (17), length 49)

    resolver1 > 10.10.10.8.58768: [bad udp cksum 0xf056 -> 0x37a5!] 1484 NXDomain q: A? del. 0/0/0 (21)

22:08:26.860344 IP (tos 0x0, ttl 63, id 64536, offset 0, flags [DF], proto UDP (17), length 49)

    10.10.10.8.45892 > resolver1: [udp sum ok] 58840+ A? del. (21)

22:08:26.860535 IP (tos 0x0, ttl 64, id 17502, offset 0, flags [DF], proto UDP (17), length 49)

    resolver1 > 10.10.10.8.45892: [bad udp cksum 0xf056 -> 0x89e4!] 58840 NXDomain q: A? del. 0/0/0 (21)

22:08:26.876072 IP (tos 0x0, ttl 63, id 64537, offset 0, flags [DF], proto UDP (17), length 49)

    10.10.10.8.36773 > resolver1: [udp sum ok] 33065+ A? del. (21)

22:08:26.876248 IP (tos 0x0, ttl 64, id 17505, offset 0, flags [DF], proto UDP (17), length 49)

    resolver1 > 10.10.10.8.36773: [bad udp cksum 0xf056 -> 0x1233!] 33065 NXDomain q: A? del. 0/0/0 (21)

22:08:26.890649 IP (tos 0x0, ttl 63, id 64538, offset 0, flags [DF], proto UDP (17), length 49)

    10.10.10.8.35331 > resolver1: [udp sum ok] 17302+ A? del. (21)

22:08:26.890824 IP (tos 0x0, ttl 64, id 17509, offset 0, flags [DF], proto UDP (17), length 49)

    resolver1 > 10.10.10.8.35331: [bad udp cksum 0xf056 -> 0x5568!] 17302 NXDomain q: A? del. 0/0/0 (21)

22:08:31.020638 IP (tos 0x0, ttl 63, id 64697, offset 0, flags [DF], proto UDP (17), length 49)

    10.10.10.8.60413 > resolver1: [udp sum ok] 9984+ A? del. (21)

 

It is literally just doing a query for the A record "del.", which seems like a bug. My APs are both EAP670s and both are running 1.0.13. I tried 1.0.14 but I had an awful, awful experience where the weekly problem I see of a multicast storm started happening multiple times a day, so I rolled back to 1.0.13. I have a handful of EAP615-Wall that don't have either issue and never have. I am about ready to ship these EAP670s off to ebay between the DNS log nonsense and the weekly multicast storm issues that required a hard reboot, they're more trouble than they should be. 

 

  0  
  0  
#9
Options
Re:EAP670 sending DNS request for "del" around once per second
2024-03-20 01:31:22

  @ndb217 Sorry, I should have clarified. I see that the requests are coming from the APs, but I don't know if there's some setting I've enabled on the APs that is causing the requests, or if it's just some weird firmware bug. I'm not sure if the bug happens for everyone, since I couldn't find any other references to these strange DNS requests.

https://d.sb/ My setup: 10Gbps fiber internet, ER8411, 2 x EAP670, Mikrotik CRS312-4C+8XG-RM, Omada software controller in Docker.
  0  
  0  
#10
Options
Re:EAP670 sending DNS request for "del" around once per second
2024-03-20 11:27:53

  @Dan15 given what I'm seeing I don't see how this is not a bug. There is no reason to query that frequently. 

  0  
  0  
#11
Options