Excessive DNS Requests to Avira Subdomains

Excessive DNS Requests to Avira Subdomains

Excessive DNS Requests to Avira Subdomains
Excessive DNS Requests to Avira Subdomains
2024-10-11 12:26:21 - last edited 2024-10-19 16:17:20
Model: Deco XE75 Pro  
Hardware Version:
Firmware Version: 1.2.11 Build 20240724

I have been experiencing issues with my TP-Link router ( TP-Link Deco XE75 Pro ) frequently making excessive DNS requests to Avira subdomains (*.safethings.avira.com) and also DNS root servers (a.root-servers.net) This issue can also be categorized as DNS flood, due to the number of DNS entries. The pattern of these requests aligns with the concerns previously reported by other users.

 

I appreciate the clarification regarding the use of Avira services in HomeShield and the recent software review that identified flaws in the DNS request logic. However, I would like to confirm that this issue IS NOT resolved with the latest firmware update.

 

Additionally, I would appreciate further guidance on any additional steps I can take to mitigate these mysterious and superfluous DNS requests. Except for disabling the HomeShield features, as these requests continue to occur regardless of that logic.

 

Thank you for addressing this issue.

  3      
  3      
#1
Options
4 Reply
Re:Excessive DNS Requests to Avira Subdomains
2024-10-12 03:30:33

  @CyberHavoc9017 

Hi, Thank you very much for the feedback.

Did you save any screenshots of the excessive DNS requests to Avira subdomains? 

- The previous firmware did fix this issue and I haven't seen similar feedback ever since.

(There was other feedback about excessive DNS requests but it is not only for Avira/HomeShield. The online internet detection of Deco will also need DNS inquiry to some online domains, like amazon.com,reddit.com, etc.)

 

Wait for your reply and best regards.

  1  
  1  
#2
Options
Re:Excessive DNS Requests to Avira Subdomains
2024-10-13 02:28:26

  @David-TP 

 

Thank you for your response.

 

I did save a screenshot of the excessive DNS requests to Avira subdomains during the last 24 hours.

 

That's 419 requests an hour. 7 requests a minute.

 

Despite the firmware update, I haven't noticed a reduction in these requests.

  2  
  2  
#3
Options
Re:Excessive DNS Requests to Avira Subdomains
2024-10-14 08:58:26 - last edited 2024-10-19 16:17:20

  @CyberHavoc9017 

Hi, Thank you very much for the update

I've checked with the senior engineers and the current DNS frequency is within the reasonable range, which is far from being called the DNS flood.
Ast-dual.safethings.avira.com is used for "Real-Time IoT Protection" under Network Security. To ensure the accuracy of the detection, it is necessary to keep a certain amount of DNS requests.

Thanks again and best regards.

  1  
  1  
#4
Options
Re:Excessive DNS Requests to Avira Subdomains
2024-10-19 16:12:05 - last edited 2024-10-19 21:23:31

  @David-TP 

 

I would like to get some clarification regarding certain domains that seem to generate a lot of DNS queries on my network. Specifically, I am blocking the following domains:

  • a.root-servers.net
  • *.safethings.avira.com
  • bing.com
  • youtube.com
  • www.netflix.com
  • reddit.com
  • live.com
  • *.tplinkcloud.com

 

My question is: Will blocking these domains negatively affect any essential functions, such as internet connectivity, device security, firmware update or any other TP-Link services? I’m trying to minimize unnecessary DNS queries but want to ensure I’m not breaking anything critical in the process.

 

Thanks in advance for your assistance!

  1  
  1  
#5
Options