On Hagezi's github the following was posted (
https://github.com/hagezi/dns-blocklists/issues/4651)
"The DNS flood can be reduced somewhat if you have the option of configuring the cache TTL (time to live) for blocked domains in the DNS. I use a blocked TTL of 3600 sec. so that a new request to the DNS is only made after 1 hour if a domain is blocked, unless the client ignores the TTL.
Flooding the DNS is a typical tracker behaviour when the tracker is blocked. Some trackers then go wild and make requests every second."
Is it possible to adjust TTL in Diversion?
You could use /jffs/configs/dnsmasq.conf.add to set local-ttl=3600 and see how it goes.
I tried dave’s suggestion, but I was still seeing DNS flooding from that domain.
What finally fixed it for good was adding the following to
/jffs/configs/dnsmasq.conf.add:
Code:
address=/minerva.devices.a2z.com/0.0.0.0 #stop_dns_flood_ipv4#
address=/minerva.devices.a2z.com/::1 #stop_dns_flood_ipv6#
address=/global.telemetry.insights.video.a2z.com/0.0.0.0 #stop_dns_flood_ipv4#
address=/global.telemetry.insights.video.a2z.com/::1 #stop_dns_flood_ipv6#
local-ttl=3600 #dnsmasq_cache_ttl#
neg-ttl=3600 #NXDOMAIN_cache_ttl#
At first, I only added this:
Code:
address=/minerva.devices.a2z.com/0.0.0.0 #stop_dns_flood_ipv4#
address=/minerva.devices.a2z.com/::1 #stop_dns_flood_ipv6#
local-ttl=3600 #dnsmasq_cache_ttl#
neg-ttl=3600 #NXDOMAIN_cache_ttl#
Then I restarted dnsmasq:
Right after that, a different domain started flooding DNS:
global.telemetry.insights.video.a2z.com
So I added that domain to the same file, as shown above. After that, the flooding stopped.
Explaining what I did as simple as i can:
==========================
address=/minerva.devices.a2z.com/0.0.0.0
If a device asks for this domain over IPv4, the router answers locally with a fake IP instead of forwarding the request to the internet. That stops repeat lookups from going upstream.
address=/minerva.devices.a2z.com/::1
Same idea, but for IPv6.
Same thing for IPv6. The router replies with its own loopback address, which prevents IPv6 lookups from hammering dnsmasq.
local-ttl=3600
Tells dnsmasq to cache these blocked answers for one hour. If a device keeps asking every few seconds, dnsmasq just reuses the cached response instead of processing it again.
neg-ttl=3600
This applies to “nothing exists here” answers (NXDOMAIN).
Dnsmasq will cache those “doesn’t exist” responses for
1 hour, instead of rechecking them constantly. In another word, this caches NXDOMAIN for
IPv4 and IPv6 negative responses, but since these are AAAA queries without an explicit block, dnsmasq handles them as “NODATA” and they still appear in logs occasionally. Result "flood is dramatically reduced", but not completely gone for AAAA queries, that's why i have
address=/minerva.devices.a2z.com/::1 as showing above.
In short, I'm not just blocking the domain but teaching the router to answer it once and shut up about it for an hour.
That’s why DNS flood dropped from nonstop spam to occasional entries.
