Jld Ptr-91 Serial Number Lookup

0 views
Skip to first unread message

Sergei Chime

unread,
Aug 3, 2024, 4:31:48 PM8/3/24
to bilungrolno

As you probably know, DNS (Domain Name System) is sort of a phonebook for the Internet. It stores an enormous amount of information about millions of registered domains. To access its (virtual) pages, you must perform a DNS lookup of a given domain.

If we need an address for the entire zone, we omit the last digit and reverse the order of numbers. The address of our PTR record would be 128.171.35.in-addr.arpa. If we were to create a PTR record for only one address, we would use 124.128.171.35.in-addr.arpa.

By definition, a PTR record can only point to one hostname. But what if you want to have multiple PTR records for a single IP address? This could work when you have several domains registered, each pointing to the same IP address (and displaying the same website when entering an address).

Traditionally, QAs would create loads of dummy emails and send test messages to see whether the emails would get delivered to the inboxes. This method is already outdated as it contains the risk of spamming users.

Email Sandbox also checks your IP address against most common blacklists such as PSBL, Barracuda, Lashback, Spamcop, etc. This way, you can see which resources blacklisted your IP and quickly take the steps for unlisting.

Has anyone else seen this behavior with their Home Assistant setup? I noticed today that my Home Assistant server is essentially spamming my DNS server for PTR records. Somewhere to the tune of 8k per 10 minutes.
The dip in the graph is an upgrade to Ubuntu I performed. I run HASSIO through Docker.
image990484 38.2 KB

Banging my head trying to figure out what exactly is causing it. If I stop the docker service, the traffic drops immediately so it definitely looks like something in HomeAssistant. I realize this may not be a huge deal as the vast majority of the requests are being served up via the DNS cache, I am more worried about unnecessary traffic on my local network.

Oddly enough, after stopping docker and starting, it happened for a short time then no longer is occurring. Talking with a co worker, he theorized that maybe my Home Assistant server was not caching the lookups locally for some reason, but IS now. Seems plausible to me.

I could see how it would happen during the connect, but from what I could tell, it went back quite some time.(Couldnt 100% verify as the PiHole history always times out anything larger than a few days)

dly enough, after stopping docker and starting, it happened for a short time then no longer is occurring. Talking with a co worker, he theorized that maybe my Home Assistant server was not caching the lookups locally for some reason, but IS now. Seems plausible to me.

After looking at the traffic today, I still see PTR requests, but they appear to be on a very predictable 1 hour interval. My only assumption (as others are also alluding too) would be that this is some type of discovery component either of HA or one of the integrations.

Well so much for this whole thing not causing any harm. Woke up to my Nest Hello stating its offline, look in Unifi and its most definitely online. Look at the device rating and it states DNS Timeout. Go to my pihole and its as if its crashed, FTL Service is not running etc. After reboot everything is back up and running but I see the following graph and these massive numbers:
Top is Home Assistant, second place is my UDM.

Obviously the blue is HA.
image972461 32.3 KB

Went to the ubuntu machine running docker with HA and did a tcp dump and screen flies by scrolling with PTR requests. My little PiZero seems to somehow be keeping up with these requests almost without an issue the majority of the time (probably because being served up from cache) but still. If it crashes from time to time, this will start driving me crazy trying to figure this out.

Update: So, while looking at the containers in docker, I saw that AdGuardHome was running. I had installed this to test it out before deploying in another instance of HA for my parents. I had disabled the start at boot, but somehow it was re enabled. I can literally flip back and forth between enabled and disabled and watch the flood of requests go out for PTR records.

Update 2: AAND PiHole on my PiZero is making some PTR requests, but nothing in the crazy volume I saw when AdGuardHome is running with HA. This leads me to believe the problem is either AdGuardHome or having it installed along side of HA with the DNS container. After I removed AdGuardHome, the DNS container is no longer using a bunch of CPU and Net I/O is tiny compared to what it was.
image130643 6.79 KB

I was going to try and install PiHole along with HA but it wont start due to the DNS port already being in use (Maybe remnants of AGH?). Since I already run an instance of PiHole outside of my HA, I dont think I am going to look into that portion any further, but hopefully this helps anyone else that comes across this weird nuisance.

c80f0f1006
Reply all
Reply to author
Forward
0 new messages