Yikes! How frequent are the black holed queries in comparison?
About 10-20 min after restarting dnsmasq, and then it is non-stop for a few min - didn't count that one.
If you run top on the router, presumably it's dnsmasq that's using all the CPU?
It seems to be bouncing between these processes: {diversion} /bin/sh /opt/bin/diversion, dnsmasq --log-async, and networkmap --bootwait.
At first, I was watching CPU usage through the GUI, but I stopped doing that so I could get a more objective view using top. When I noticed Diversion climbing the list, I initially thought it might be related to me actively viewing or tailing the dnsmasq log. To test that, I paused the log (Ctrl+C), and almost immediately Diversion dropped back down and CPU usage returned to normal. As soon as I unpause it, CPU spikes again and Diversion shoots back up the list.
What’s interesting is that I don’t see any spikes at all when filtering entries via 0.0.0.0.
That said, this isn’t a constant thing. If it were happening 100% of the time, my router would’ve melted by now
. It shows up roughly every 10 minutes. Sometimes it stops on its own, and other times it just keeps running nonstop for who knows how long.
On a side note, I previously had divstats installed, and the query count for that domain was around 1.5 million in just two days. That honestly caught my attention pretty fast. I ended up uninstalling divstats because I was worried that, as the database grows, it could turn into a bigger problem over time.
That’s actually what pushed me toward handling the filtering directly through dnsmasq.conf.add instead.
EDIT:
When filtering using 0.0.0.0 and/or ::1, there are no CPU spikes at all—even while I’m actively viewing or tailing the log through Diversion.
If you don't use IPv6 you can put in dnsmasq.conf.add the following:
filter-AAAA
It filters out all IPv6 addresses returned, not sure if that would include NXDOMAIN from IPv6 queries !!!???
The real problem is the device that is generating all these queries ... where are they coming from ???
Can you 'kill' the app that is responsible ???
PS. Sorry for cross posting ... I will butt out !!!
I really don't really use ipv6 but i'll consider this option.
Spoke too soon [
]:
Final hack.
address=/xx.prod.service.minerva.devices.a2z.com/
local=/xx.prod.service.minerva.devices.a2z.com/
These entries will filter out all queries that include "xx.prod.service.minerva.devices.a2z.com" in the query.
This should match your insane client.
Repeat the pattern with anything else it is trying to query infintely.
address=/<whatever>/
local=/<whatever>/
I will really butt out now !!!!!
That's the first thing I have tried, but i opted in doing
minerva.devices.a2z.com to cover more sub-domains just in case.
