Why are most of my domain hits a.root-servers.net?

amazingopossum · ‎12-26-2015

Most of the domain hits on my dashboard are for a.root-servers.net. There were over 7,000 hits for this in the last day, and the next highest number of hits was only in the hundreds. This is typical, but I have no idea why. Does anybody know why this would be the case?

Capture.PNG

mattwilson9090 · ‎12-27-2015

It's because something on your network is causing a DNS lookup to that domain.

Without even knowing what hardware and software is on your network it's basically impossible to speculate. A wild guess is that something on your network is running a DNS server or service of some sort that is trying to contact that DNS root server, but it could easily be something else.

Your best bet it probably to determine what device is sending the requests and go from there. You could either do that by using some sort of packet sniffer, or pointing devices one at a time (and waiting between each one) to a DNS service other than OpenDNS and waiting for the requests to slow down (there could be more than one) or stop entirely (you've found the one, or the last one). You could also do the reverse, remove all devices from OpenDNS, then add them one at a time until the requests resume. Once you've isolate the device or devices causing the traffic you can start looking at what software is installed on them and try to figure it out from there.

One word of advice. If you've blacklisted that domain you should remove it from the blacklist. That will do nothing to prevent the lookup requests in the first place, and will likely cause even more of them if whatever is sending the requests in the first place is continually getting invalid responses. Removing it from any blocking might satisfy whatever is doing the lookups and cause this large number to shrink or go away

rotblitz · ‎12-27-2015

DNS queries against the DNS root servers are typical for applications tracing down the DNS hierarchy like DNS server programs.