Update: Stuart kindly dropped me a note regarding Apple’s fix for this.ย  See the end of the article for his response.

This evening while randomly working on articles for Installing Cats, I was watching DNS requests from tcpdump running in a terminal window and noticed something quite odd: a DNS request every three seconds for a PTR record as follows:

The first question was: “What the heck is making this DNS query?” Second: “Why is it so persistent?” Thirdly: “What the hell is with that bizarre address?”

  1. mdnsResponder service is the origin of these repeated reverse-lookup requests.
  2. mdns (multicast dns) / Bonjour is trying to see if you’re using a buggy router/adsl/cable modem by sending out these ill-formed reverse-lookup requests and seeing what response it gets back. Unforunately, many routers crash and do not respond to this request. Thus, mdns will repeat the request over and over again incessantly.
  3. Explained in the last point. Address is meant to “diagnose” whether the router will respond to the “test” query in a poor or proper manner.

How did I stop mdns from continue to repeat its “test” dns request? I turned off AirPort for a few moments, waited for the mdnsResponder_Helper service to die off (in Activity Monitor), and then turned my WiFi card back on. mDns was kind enough to quit sending out these repeated queries.

The interesting thing is that I was using OpenDNS as my only DNS server. OpenDNS does handle mdns’ dnsbugtest queries fine, so I’m not sure what happened and why OpenDNS stopped responding to the requests. Perhaps they were just too fast? And instead of responding with a simple NXDOMAIN, it decided I was doing something malicious and deserved no response at all.

Either way, as a fallback plan, I’ve added my router’s dns’ ip into the DNS servers list within Network Preferences (under a new, custom Location where I’m specifying all settings, most of which are copied from the default Automatic location). If OpenDNS once again decides to not respond to the dnsbugtest queries, my router and ISP’s DNS servers should provide a second chance at mDns getting the response it’s looking for.

Read more about the technology of multicast DNS and Apple’s Bonjour service, created by the brilliant Stuart Cheshire.

From Stuart Cheshire on Sept. 16:

“[The repeated dnsbugtest requests] was a just bug, fixed and checked in back in March, and finally delivered to customers yesterday in 10.5.5.

The bug was that when mDNSResponder sent its DNS request to IP address X, and the response was sent back with source IP address Y, mDNSResponder would ignore the response as suspect and try again. Why people think it’s okay to reply with the wrong source IP address I don’t know, but they do, so now we accept those packets.”

This is good news for those who keep their Mac’s patched with the latest updates.ย  Thanks Stuart.





Leave a Reply

Your email address will not be published. Required fields are marked *