Benoit Panizzon <benoit.panizzon <at> imp.ch> writes:
Heyo!
Any others who are being affected?
It looks like our customers Netgear routers (known ones: WNR3500Lv2,
WNDR4500)
are asking our DNS Server for the A record of: time-g.netgear.com or
time-
a.netgear.com
Instead of an A record reply, they get a CNAME as answer with additional information the A record of that CNAME. That is what netgear has
published on
their DNS Servers.
Those routers are not happy with that reply and just start sending
several
hundred requests per second for A time-g.netgear.com resulting in
considerable
load and traffic on our DNS caches. Some customers have already
transfered
35GB of DNS traffic, only since today midnight.
I have contacted netgear technical support. The issue is yet unknown to
them.
They got my pcap files to analyze
Any others observing that behaviour of netgear products? Any know
remedies?
Mit freundlichen Grüssen
Benoit Panizzon
Netgear in the Netherlands/Belgium first denied a problem and needed more complains before escalating it L3 suppport. Seems later L3 support reported this issue should have been resolved from firmware version 1.0.1.6. This is for the WNDR4500 model. Somehow i don't think the problem has been resolved. Did anybody received a solution yet? Maybe beta firmware?
For the WNR3500Lv2 model is new firmware available. Short copy paste from the release notes (16 may 2013):
WNR3500Lv2 Firmware Version 1.2.0.18 •Fixed DNS Flood issue, the router would be triggered to send lots of DNS queries to the DNS server under some conditions.