cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FIbre Support

Get expert support with your Fibre connection.

DNS errors and Upnp creating hundreds of pages of info.

Message 11 of 11

I decided to look at the log pages of the router after it started to run very slow and difficult to log into. anyway i wanted to ask the forum if the following logs look right as they are shown as errors?

 

so firstly dns errors below is only one page of many with constant dns errors.

 

 

many hundreds more occurances besides the ones above but also before rebooting my router to see if i could get it working better i noticed that the upnp was trying to conect with hundreds of pages of logs with the following lines.

 

dns errors pagesdns errors pages

 

then hundreds of pages can be created like the following and can only be stopped by disabling the unpn button in the access control panel.

 

upnp info pages?upnp info pages?

 

 

 

it continues to make these logs, page after page after page until i disable the upnp button located on the accesss control panel can someone clarify if this is anything to worry about. I dont have nothing on the system that requires upnp ? is this an error

0 Likes
10 REPLIES 10

KeithFrench
Community Star
Private Message TalkTalk
Message 1 of 11

With any of these domains that come up with errors, you can easily check them yourself. Copy them from the log & paste them into this website:-

 

https://toolbox.googleapps.com/apps/dig/ 

 

The _dns.resolver.arpa domain as you can see comes up with "no record found" and therefore matches the DNS server's system log entry:-

Record not foundRecord not found

 

However, both example.com & www.example.com  do resolve OK:-

Record found OKRecord found OK

It might be worth trying those two again.

 

 

 

 

 

 

 

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

Message 2 of 11

Thank you keith for the continued support and see you are doing a lot of digging into my questions, i had to do a router reboot last night and sure enough 10 pages of the upnp info started logging untill i turned the upnp off manually!! I did use that dns sniffer and tried to match it to the logs unfortunately the only thing that showed up was wpad.lan and example.com and www.example.com  which all came back as name errors in the response code.

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 3 of 11

Hi @mockingbirdmedia 

 

The DNS entries about "_dns.resolver.arpa" are all part of encrypted DNS, often called DOH (DNS over HTTP). Whilst that has been around for a while now, these queries are part of a new addition to this called DDR or Discovery of Designated Resolvers. The DNS server in the router does not understand what this is about & cannot resolve the special "_dns.resolver.arpa" domain. Hence why it puts the entry in the system log. Apart from some network DNS servers such as Cloudfare, most local DNS servers probably do not understand them either. It is not a fault of the router, but a new not very widely adapted feature as yet.

 

Whilst you could spend a long time trying to track down the device in question & then reconfiguring to get it to work, my advice would be to simply forget it altogether & just put up with these entries in the log.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 4 of 11

Hi @mockingbirdmedia 

 

I might be on to something, but I need to read up on it. I appreciate that you are not technical but "_dns.resolver.arpa" is used with Encrypted DNS. With web traffic being encrypted these days, about the only way an ISP or any other organisation can tell which websites are being visited is to look at the DNS queries which are sent unencrypted. There are gradual moves to encrypt the DNS packets, but some of this is experimental.

 

I would tend to think that this would have to come from a new or higher specification device in your home, maybe a Windows 11 PCs or Apple products etc, but that is just a guess.

 

One option you have is to just ignore them. Since disabling UPnP are you still getting those errors in the log?

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 5 of 11

Hi @mockingbirdmedia 

 

One of the problems here is the DNS errors are wrongly classified within the system log. If you look at the Severity column, they should appear as Info, not Error as they do. Error is for serious problems with the router itself, whereas Info is, as you would expect, just information. If that was correct, then you would be able to filter them out from the display by simply changing the Severity dropdown to "Notice or lower".

 

The ones that I always see is for:-

 

mediaforce.grapeshot.co.uk

 

This sounds like it might be malware or similar, but it isn't, it is an out-of-date part of various newspaper websites. That took a bit of trouble even for me to find that out.

 

Looking into your DNS request:-

 

_dns.resolver.arpa

 

Does not get any matches so it does not return an IP address:-

 

DNS Request not returning an IP addressDNS Request not returning an IP address

I did try going to that site in my browser & it failed & guess what was in my system log then:-

 

sys logsys log

Searching on this did come up with something suggesting it might be a new feature added to iPhones, but I can't confirm that.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Message 6 of 11

Good morning chris still trying to get to the bottom of the dns failures but as someone who isnt that tech savvy its not the easiest of tasks but will try to find out whats causing the errors from within my system?

0 Likes

Message 7 of 11

Hi mockingbirdmedia,

 

I can see that Keith is helping you with this, how are you getting on?

Chris

KeithFrench
Community Star
Private Message TalkTalk
Message 8 of 11

Hi @mockingbirdmedia 

 

Tracking down which device is generating the DNS requests is not very easy. A lot of these come from websites that link off to other websites and their web addresses still have to be resolved to IP addresses by that device. I had it recently where my system log was plagued with DNS requests for some site or other, that I did not recognise at all. I proved it to a Windows PC of mine, but it was only when I did a Google search that I found that this was caused by a newspaper's website that I visited. It was my home page, so that made it even worse.

 

Windows PCs can be easier than most to see if it is them that are making the request. One way is to use a small pice of freeware called "DNS Query Sniffer" from Nirsoft:-

 

https://www.nirsoft.net/utils/dns_query_sniffer.html 

 

 

I use a piece of software called "Wireshark" myself, but unless you have a lot of networking knowledge, this is probably not the best to use.

 

If it is that PC, you still have to find out which application (may not be your browser or email client) is generating these requests. Even worse it could be down to some malware.

 

Probably the easiest way with other devices is to first make sure that the system clock on the router is correct. Then make a note of which devices have access to the router at a particular time. Even better, when doing this ensure every other device is physically turned off. Then compare all of this to the router's system log. 

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes

Message 9 of 11

Cheers keith much appreciated for your response  upnp is switched off and have to do it straight away after a router reset or the pages of logs simply go mad. As for the dns issues lots of logs are during the night. i only have one ting running at night but doesnt tie in with any of the logs ? Is there a way i can link the dns failures to one deice? May i also ask is the use of port forwarding safe to use?

0 Likes

KeithFrench
Community Star
Private Message TalkTalk
Message 10 of 11

The DNS server in the router puts these entries in the system log when it can't resolve any DNS requests. These are requests that are made by one or more of your devices, not the router. You will need to try and find which devices are doing this.

 

UPnP should be disabled as it is a security risk. This can be done from within the router's Ui by going to Access Control & Port Forwarding. It is at the top of that page.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please set Accept as Solution from the 3 dot menu.
TalkTalk support and Community Stars - Who are they? 

0 Likes