What can cause excessive amount of _dns-sd queries?
John.Manson at mail.house.gov
Thu Aug 23 15:34:00 UTC 2012
In our case, 90% of the dns-sd queries were for the 192.168 network.
These are from 1 client:
DNS C db._dns-sd._udp.0.158.168.192.in-addr.arpa. Internet PTR ?
DNS C dr._dns-sd._udp.0.158.168.192.in-addr.arpa. Internet PTR ?
DNS C lb._dns-sd._udp.0.158.168.192.in-addr.arpa. Internet PTR ?
DNS C cf._dns-sd._udp.0.158.168.192.in-addr.arpa. Internet TXT ?
DNS C b._dns-sd._udp.0.9.168.192.in-addr.arpa. Internet PTR ?
(IPs redacted to protect the innocent)
Notice the 5 different queries in quick succession. This is typical.
We tried 2 approaches.
In named.conf, created a zone def for 168.192.in-addr.arpa as a master using the db file db.bogus which contains the soa and ns info only.
This config caused the dns server to return Name Error which encouraged the clients to try more frequently.
The second approach was to change the zone def from master to forward and forward only with the forwarder IP of, in our case, 18.104.22.168.
Added this IP to the blackhole statement to the Options section.
Now the dns server returns Server Fail and the client backs off for a while before trying again.
This configuration does not stop them but does slow them down quite a bit.
Have not tried this on an appliance.
More information about the bind-users