Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dnsmasq using 50-100% of CPU after comcast rolled IP address

    DHCP and DNS
    3
    6
    3.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bblacey
      last edited by

      Thursday Comcast rolled my IP address and I lost connectivity so I rebooted my pfSense router running on an ALIX box.  My router has been problem-free for months however since the reboot, dnsmasq is constantly using 50% to 100% of the ALIX CPU.

      I have searched the forums but I couldn't find anything related because I have not changed the pfsense config in months, possibly years.  I am running the 2.0.2-RELEASE (i386) built on Fri Dec 7 16:30:38 EST 2012

      I have attached a screenshot that clearly shows the spike in CPU usage and here is part of a top output - I rebooted recently to see if that would clear the problem.

      
last pid: 46361;  load averages:  0.63,  0.62,  0.63                                                                                                                                up 0+05:54:04  13:27:00
40 processes:  2 running, 38 sleeping
CPU: 11.6% user,  1.6% nice, 31.4% system,  6.6% interrupt, 48.8% idle
Mem: 42M Active, 22M Inact, 36M Wired, 20K Cache, 34M Buf, 134M Free
Swap: 512M Total, 512M Free

  PID USERNAME  THR PRI NICE   SIZE    RES STATE    TIME   WCPU COMMAND
39254 nobody      1 105    0  5556K  2652K RUN    217:24 42.97% dnsmasq
13875 root        1  69    0 35532K 20992K accept   0:23  0.98% php
28904 root        1  44    0 35532K 20568K accept   0:50  0.00% php
  241 root        1  76   20  3408K  1152K kqread   0:15  0.00% check_reload_status
47764 root        1  76   20  3656K  1496K wait     0:10  0.00% sh
27075 root        1  64   20  3316K  1300K select   0:08  0.00% apinger
18425 root        1  44    0  4956K  2540K select   0:05  0.00% syslogd

      Here is how dnsmasq is launched (should be stock)

      
# ps -ax | grep dns
37325  ??  Is     0:00.11 /usr/local/sbin/dhcpleases -l /var/dhcpd/var/db/dhcpd.leases -d home -p /var/run/dnsmasq.pid -h /var/etc/hosts
39254  ??  R    214:29.86 /usr/local/sbin/dnsmasq --local-ttl 1 --all-servers --rebind-localhost-ok --stop-dns-rebind --dns-forward-max=5000 --cache-size=10000 --dhcp-hostsfile=/var/etc/hosts

      Also, in case it helps, here are the hosts that dnsmasq loads from /var/etc/hosts

      
# cat /var/etc/hosts 
127.0.0.1	localhost localhost.home
192.168.0.200	firewall.home firewall
192.168.0.102	imap.blacey.com imap
192.168.0.100	test.blacey.com test
192.168.0.2	bbl.home bbl
192.168.0.3	bblmbp.home bblmbp
192.168.0.6	laserjet1320.home laserjet1320
192.168.0.102	miniduo2.home miniduo2
192.168.0.103	miniduo1.home miniduo1
192.168.0.104	miniuni1.home miniuni1
192.168.0.105	nas4.home nas4
192.168.0.106	integra.home integra
192.168.0.107	pioneer-tv.home pioneer-tv
192.168.0.108	BBL-iPad.home BBL-iPad
192.168.0.109	eyefi.home eyefi
192.168.0.110	nas.home nas
192.168.0.111	nas2.home nas2
192.168.0.114	ds8.home ds8
192.168.0.115	vera.home vera
192.168.0.116	LagoonCam.home LagoonCam
192.168.0.117	DeckCam.home DeckCam
192.168.0.120	Sues-iPhone.home Sues-iPhone
192.168.0.121	BBLs-iPhone.home BBLs-iPhone
192.168.0.150	magicjack.home magicjack
192.168.0.201	guestroom-wap.home guestroom-wap
192.168.0.203	master-br-ape.home master-br-ape
192.168.0.215	vera2.home vera2

# dhpleases automatically entered

# dhpleases automatically entered
192.168.0.95	iPhone.home iPhone		# dynamic entry from dhcpd.leases
192.168.0.72	BBLs-iPhone.home BBLs-iPhone		# dynamic entry from dhcpd.leases
192.168.0.87	AppleTV.home AppleTV		# dynamic entry from dhcpd.leases
192.168.0.80	switch4E3677.home switch4E3677		# dynamic entry from dhcpd.leases
192.168.0.56	EPSONAA4610.home EPSONAA4610		# dynamic entry from dhcpd.leases
192.168.0.83	TIVO-6520001803CD6B8.home TIVO-6520001803CD6B8		# dynamic entry from dhcpd.leases

      And finally, here is the dnsmasq section from my config.xml file.

      
        <dnsmasq><enable><hosts><host>imap</host>
                        <domain>blacey.com</domain>
                        <ip>192.168.0.102</ip></hosts> 
                <hosts><host>test</host>
                        <domain>blacey.com</domain>
                        <ip>192.168.0.100</ip></hosts> 
                <regdhcp><regdhcpstatic></regdhcpstatic></regdhcp></enable></dnsmasq>

      I would appreciate any pointers that you can provide.

      Thanks,
      Bruce
      pfSenseCPU.png
      pfSenseCPU.png_thumb

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        Do you have anything making dnsmasq work hard - perhaps a virus issuing lots of DNS requests? A packet capture on appropriate pfSense interfaces filtering on port 53 might show up something "interesting".

        1 Reply Last reply Reply Quote 0
        • B
          bblacey
          last edited by

          Thanks for the tip - I think you might have shed light on the culprit.

          
14:10:36.789152 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.789581 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.790624 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.790996 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.792118 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.792424 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.793621 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.793917 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.795108 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.795407 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.796624 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.796919 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.798125 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.798417 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.799613 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.799908 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.801118 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.801412 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.802611 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.802906 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.804120 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.804411 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.805600 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.805897 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.807107 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.807398 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.808597 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.808890 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.810095 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.810395 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.811664 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.811955 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.813108 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.813399 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.814603 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.814930 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.816150 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.816447 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.817641 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.817945 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.819110 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.819403 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.820621 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.820917 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.822110 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.822403 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.823589 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.823885 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.825089 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.825390 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.826644 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.826939 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.828091 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.828384 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.829597 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.829892 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.831097 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.831393 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.832596 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.832891 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.834092 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.834385 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.835605 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.835900 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.837094 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.837389 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.838587 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.838885 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.840084 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.840382 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.841586 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.841882 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.843101 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.843398 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.844576 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.844906 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.846093 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.846387 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.847579 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.847873 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.849073 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.849382 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.850582 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.850882 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.852085 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.852378 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.853582 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.853874 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.855083 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.855381 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.856600 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.856894 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.858082 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.858377 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.859581 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.859876 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.861077 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.861369 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.862572 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.862866 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.864077 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.864367 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.865792 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.866119 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.867314 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.867607 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.868839 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.869131 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.870317 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.870612 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.871842 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.872141 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.873340 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.873633 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.874834 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.875136 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.876345 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.876634 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.877827 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.878124 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.879326 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.879622 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.880820 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.881114 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.882318 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.882616 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.883823 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.884121 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.885329 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.885624 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.886817 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.887115 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.888330 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.888635 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.889809 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.890104 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.891326 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.891619 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.892819 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.893111 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.894372 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.894662 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.895803 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.896113 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.897317 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.897619 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.898815 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.899109 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.900325 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.900616 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.901821 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.902114 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.903339 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.903636 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.904831 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.905130 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.906316 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.906607 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.907807 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.908097 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.909303 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.909598 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.910804 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.911097 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.912301 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.912595 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.913802 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.914095 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.915300 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.915598 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.916800 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.917092 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.918321 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.918611 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.919799 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.920091 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.921312 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.921605 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.922805 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.923097 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.924320 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.924613 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.925801 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.926108 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.927317 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.927741 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.928838 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.929136 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.930301 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.930595 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.931821 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.932114 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.933277 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.933573 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.934775 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.935116 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.936325 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.936620 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.937797 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.938093 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.939296 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.939587 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.940810 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.941104 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.942286 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.942579 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.943807 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.944102 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.945279 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.945579 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.946791 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.947084 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.948284 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.948578 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.949805 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.950100 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.951285 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.951582 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.952782 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.953079 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.954280 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.954572 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.955787 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.956092 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.957276 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.957572 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.958777 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.959072 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.960261 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.960556 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.961786 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.962084 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.963274 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.963571 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.964790 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.965730 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.966769 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.967066 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.968282 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.968582 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.969758 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.970056 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.971277 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.971569 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.972774 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.973068 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.974270 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.974568 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.975755 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.976054 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.977269 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.977565 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.978765 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.979060 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.980309 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.980605 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.981766 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.982073 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.983263 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.983553 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.984750 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.985087 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.986279 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.986584 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.987776 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.988072 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.989279 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.989576 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.990741 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.991037 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.992245 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.992544 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.993757 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.994075 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.995268 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.995572 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.996741 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.997194 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.998242 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:36.998538 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:36.999770 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.000064 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:37.001247 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.001544 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:37.002769 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.003061 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:37.004244 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.004536 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:37.005748 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.006047 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:37.007306 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.007598 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:37.008769 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.009059 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:37.010253 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.010548 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:37.011746 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.012036 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:37.013306 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.013599 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:37.014761 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.015083 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:37.016220 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.016519 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:37.017737 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.018031 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181
14:10:37.019253 IP 192.168.0.2.63188 > 192.168.0.200.53: UDP, length 53
14:10:37.019547 IP 192.168.0.200.53 > 192.168.0.2.63188: UDP, length 181

          Now, I just need to see what the root cause is on host 192.168.0.2.  Anyone aware of a Mac OS X virus that hammers DNS?

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            well first thing I would do is sniff a few packets and see what its looking for.

            Next thing I would do is block it from talking to you or anything on tcp/udp 53 until you track down what it is.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • B
              bblacey
              last edited by

              There wasn't anything particularly interesting about the DNS lookups and a reboot of the Mac OS X box seems to have solved the problem.

              Thanks for all your help and I will definitely keep an eye on it.

              1 Reply Last reply Reply Quote 0
              • B
                bblacey
                last edited by

                Just to close out the issue, all seems to be back to normal with respect to CPU usage - see the attached System CPU graphs.

                Thanks again for your help!

                firewallCPU.png
                firewallCPU.png_thumb

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.