Bye bye "a.root-servers.net" from my TP-Link router


#1

Since I running Pi-hole I watching the Dashboard page quiet often. Very interesting are the top permitted domains. There was this a.root-server.net on the top with about 2800 requests a day, every 30s one. The requests were coming from my 2nd router a TP-link. Googling didn’t help much, some people knew about but no solutions. Blocking it may causes the device going nuts?, well I decided to flash firmware to DD-wrt and its over now, no requests anymore and the router works as good or better than before, so why is tp-link doing it? cheers


#2

Was it root-server or root-servers.net ?

The a.root-servers.net is actually a root server, managed by VeriSign (real deal).

If your stock firmware was calling that domain, well, that was kind of a good thing.

Why ? Well because that is the “signature” of a DNS server that was actually querying the IP of the root servers (for some internal stuff like maybe a built in DNS server, a service monitoring thing, or maybe something else).

Having that request show up in your logs was not something that should be alarming. Might be a bad way to check for service status or whatever but by no means, alarming.

IF however the domain was without the s, then yeah, something very fishy was going on there … (the root-server.net is owned by a company in Honduras and that is definitely not a valid root server).


#3

Good morning @RamSet, thanks for your opinion.
it was a.root-servers.net , sorry for typo. Agree it was looking for some stuff, I set the DNS statically but it still was trying to contact for whatever reason. May it’s checking for outside world connectivity every 30 sec? I’m not using any DDNS services either. Yes the requests were not alarming but it seems only tp-link router doing this as my other non tp-link routers are quiet. Personally I feel better with a quiet router but that’s everyone’s own decision. Next target my tvbox( [api.ibm.xtify.com]
cheers and have a nice day


#4

I had an issue with a TP Link device…a wifi extender that was making an obscenely high number of requests to ntp servers and a.root-servers.net
See this thread here

In the end I got rid of the TP-Link device.


#5

Mine is quiet now not a pips, try other firmware, ddwrt, tomato …cheers


#6

unfortunately the device I had had no capability to flash custom firmware / I couldn’t find anything compatible.