[dns-operations] Best Resources for Deep Dive Understanding of DNS

Alexander Neilson alexander at neilson.net.nz
Wed Jan 7 09:49:55 UTC 2015

> On 7/01/2015, at 10:07 pm, sthaug at nethelp.no wrote:
>> I am seeing a lot of them (9,997) with Transaction ID of 0x04d2. This seems to be something odd (but again I still need to learn a lot more about the decisions implementations make with their queries) but it gives me a feeling of a hard coded request.
> ...
>> I believe this may be a hard coded query from TP Link routers (only supposition at this point) but it seems logical. We use mostly TP Link routers around the network and behind the 321 query IP Address is a cluster of them and a hand check of the addresses in the list indicates they are TP Link devices as well. I will try set our reference router up in the lab and run a test against it to confirm.
> Hard coded query ID indeed - 0x04d2 = 1234 :-)

I need to get better with my hexadecimal math / counting

> Seeing quite a bit of it here too, interspersed with queries for
> www.tp-link.com with the same query ID - seems to support your theory.

I will hit up my Supplier to ask for a reply from TP-Link for why they do this. Seems like an unnecessary frequency of query ~30 seconds. Its not an issue for us because we are so small, but for someone like you, if you host for all the prefixes then it could be significant.

> Steinar Haug, AS 2116

thanks for the corroboration.


Alexander Neilson AS132304 AS45831

More information about the dns-operations mailing list