FIbre Support

Hi @mockingbirdmedia 

The DNS entries about "_dns.resolver.arpa" are all part of encrypted DNS, often called DOH (DNS over HTTP). Whilst that has been around for a while now, these queries are part of a new addition to this called DDR or Discovery of Designated Resolvers. The DNS server in the router does not understand what this is about & cannot resolve the special "_dns.resolver.arpa" domain. Hence why it puts the entry in the system log. Apart from some network DNS servers such as Cloudfare, most local DNS servers probably do not understand them either. It is not a fault of the router, but a new not very widely adapted feature as yet.

Whilst you could spend a long time trying to track down the device in question & then reconfiguring to get it to work, my advice would be to simply forget it altogether & just put up with these entries in the log.

Hi @mockingbirdmedia 

I might be on to something, but I need to read up on it. I appreciate that you are not technical but "_dns.resolver.arpa" is used with Encrypted DNS. With web traffic being encrypted these days, about the only way an ISP or any other organisation can tell which websites are being visited is to look at the DNS queries which are sent unencrypted. There are gradual moves to encrypt the DNS packets, but some of this is experimental.

I would tend to think that this would have to come from a new or higher specification device in your home, maybe a Windows 11 PCs or Apple products etc, but that is just a guess.

One option you have is to just ignore them. Since disabling UPnP are you still getting those errors in the log?

Hi @mockingbirdmedia 

One of the problems here is the DNS errors are wrongly classified within the system log. If you look at the Severity column, they should appear as Info, not Error as they do. Error is for serious problems with the router itself, whereas Info is, as you would expect, just information. If that was correct, then you would be able to filter them out from the display by simply changing the Severity dropdown to "Notice or lower".

The ones that I always see is for:-

mediaforce.grapeshot.co.uk

This sounds like it might be malware or similar, but it isn't, it is an out-of-date part of various newspaper websites. That took a bit of trouble even for me to find that out.

Looking into your DNS request:-

_dns.resolver.arpa

Does not get any matches so it does not return an IP address:-

DNS Request not returning an IP address

I did try going to that site in my browser & it failed & guess what was in my system log then:-

sys log

Searching on this did come up with something suggesting it might be a new feature added to iPhones, but I can't confirm that.

Hi @mockingbirdmedia 

Tracking down which device is generating the DNS requests is not very easy. A lot of these come from websites that link off to other websites and their web addresses still have to be resolved to IP addresses by that device. I had it recently where my system log was plagued with DNS requests for some site or other, that I did not recognise at all. I proved it to a Windows PC of mine, but it was only when I did a Google search that I found that this was caused by a newspaper's website that I visited. It was my home page, so that made it even worse.

Windows PCs can be easier than most to see if it is them that are making the request. One way is to use a small pice of freeware called "DNS Query Sniffer" from Nirsoft:-

https://www.nirsoft.net/utils/dns_query_sniffer.html 

I use a piece of software called "Wireshark" myself, but unless you have a lot of networking knowledge, this is probably not the best to use.

If it is that PC, you still have to find out which application (may not be your browser or email client) is generating these requests. Even worse it could be down to some malware.

Probably the easiest way with other devices is to first make sure that the system clock on the router is correct. Then make a note of which devices have access to the router at a particular time. Even better, when doing this ensure every other device is physically turned off. Then compare all of this to the router's system log. 

The DNS server in the router puts these entries in the system log when it can't resolve any DNS requests. These are requests that are made by one or more of your devices, not the router. You will need to try and find which devices are doing this.

UPnP should be disabled as it is a security risk. This can be done from within the router's Ui by going to Access Control & Port Forwarding. It is at the top of that page.