6
AppleTV as resolver... why?
source link: https://forums.macrumors.com/threads/appletv-as-resolver-why.2333088/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
AppleTV as resolver... why?
Sep 22, 2020
Hi,
does anyone know, why there is an open/listening port 53 on my AppleTV, which can be used as DNS Server in my network, or (and that is somewhat worse) to completely bypass or ignore my pihole filters? Even though my pihole is set as the DNS in the AppleTVs network config, the pihole is not even used for these requests, which makes me think, the AppleTV is using an external resolver =/
I am having a hard time to understand this. Might it be related to this openthread-thing? If this is the case, will the small homepods show this behavior as well and act as DNS resolver, too?
((Device is a AppleTV 4k latest gen, with recent software, no beta. Attached to wired network, my piholes IP is set as DNS server in the AppleTVs network config.))
Thanks for your thoughts and ideas.
best regards.
schlupps
does anyone know, why there is an open/listening port 53 on my AppleTV, which can be used as DNS Server in my network, or (and that is somewhat worse) to completely bypass or ignore my pihole filters? Even though my pihole is set as the DNS in the AppleTVs network config, the pihole is not even used for these requests, which makes me think, the AppleTV is using an external resolver =/
I am having a hard time to understand this. Might it be related to this openthread-thing? If this is the case, will the small homepods show this behavior as well and act as DNS resolver, too?
((Device is a AppleTV 4k latest gen, with recent software, no beta. Attached to wired network, my piholes IP is set as DNS server in the AppleTVs network config.))
Thanks for your thoughts and ideas.
best regards.
schlupps
Reactions: MRrainer
How do you know that it isn't being used?Even though my pihole is set as the DNS in the AppleTVs network config, the pihole is not even used for these requests,
Sep 22, 2020
good point! i ran tcpdump on my pihole. But as i only dumped the IPv4 traffic to/from the ATVs IPv4 address, i might have to check, if the apple tv is talking DNS over IPv6 here.🤨
Can't find any reference to that specific port being open on the Apple TV, although it is listed on the common ports reference.does anyone know, why there is an open/listening port 53 on my AppleTV,
Apple TV: TCP and UDP ports and protocols used - Administrivia
Networked devices, such as your Mac, PC, and Apple TV, communicate with each other using specific communication channels known as TCP and UDP ports. Learn about the ports used by Apple TV. These network ports are used by Apple TV for communications on your network. TCP port 123 is used to...
administrivia.com
TCP and UDP ports used by Apple software products
Learn about TCP and UDP ports used by Apple products such as macOS, macOS Server, Apple Remote Desktop, and iCloud. Many of these are well-known, industry-standard ports.
support.apple.com
Reactions: schlupps
Sep 22, 2020
sure, all devices use port53 to connect to resolvers for DNS (address resolution), but offering this particular service is a little bit strange for a streaming device, right? Have no clue if this is maybe part of this openthread-stuff. If, id love to see an option to disable it.. or .. disable the DNS server part in the Apple TV at all.
Brian33
macrumors 65816
Your report is interesting, but I can't find any functioning DNS server on my Apple TV 4K (1st-gen) running TVOS 15.2.does anyone know, why there is an open/listening port 53 on my AppleTV, which can be used as DNS Server in my network, or (and that is somewhat worse) to completely bypass or ignore my pihole filters? Even though my pihole is set as the DNS in the AppleTVs network config, the pihole is not even used for these requests, which makes me think, the AppleTV is using an external resolver =/
On my Mac, I changed my System Preferences-->Network entry to hard-code the address of the ATV as the DNS server for that Mac. Thereafter, the Mac acted as one would expect if it had no access to a DNS server -- i.e., it was unable to resolve external domains with 'nslookup' or 'dns-sd' or in Firefox. (I could still resolve a few local network devices, though.)
I'm curious as to how you determined that port 53 was open on your ATV device? If there's a convenient way I'll check out my ATVs, too.
I'm not sure it's relevant, but I'm also running Pi-Hole. However, I've configured its address to be "handed out" from my DHCP server (my router) to all network clients, as opposed to being set in the ATV settings as you've done. I'll also note that both of my Apple TVs do make at least some DNS requests to my pihole, as I have seen from the pihole query logs.
Reactions: cewatts
Sep 22, 2020
hi.
In the beginning, i was sort of misleaded when assuming, that the ATV will do this resolution/DNS without contacting my pihole. Running two piholes (one device for testing, one 'productive'), i chose the wrong pihole to do the tcpdump for verification (it might have been way too late and way too less coffee ).
So i am still a little confused/worried, why my ATV is offering DNS service on open Port53, but it surely uses the configured DNS server (meaning my pihole) as upstream DNS. Sorry for this confusion!
In the beginning, i was sort of misleaded when assuming, that the ATV will do this resolution/DNS without contacting my pihole. Running two piholes (one device for testing, one 'productive'), i chose the wrong pihole to do the tcpdump for verification (it might have been way too late and way too less coffee ).
So i am still a little confused/worried, why my ATV is offering DNS service on open Port53, but it surely uses the configured DNS server (meaning my pihole) as upstream DNS. Sorry for this confusion!
with the dig command im getting a response from my ATV (192.168.3.92 in my case and it is the latest version of the 4k ATV). I did the following command and received a valid response:I'm curious as to how you determined that port 53 was open on your ATV device? If there's a convenient way I'll check out my ATVs, too.
Code:
dig macrumors.com @192.168.3.92Sep 22, 2020
checking port 53 on a Apple TV 4k 1st gen, the device did not respond to DNS requests.. seems to be a 2nd gen feature.
etchtech09
macrumors member
Jun 25, 2010
I checked my Apple TVs (both gen 1) and my HomePod but didn't get a dig response.
But, I did check my HomePod Minis and I did receive dig responses.
But, I did check my HomePod Minis and I did receive dig responses.
Reactions: schlupps
Sep 22, 2020
thanks for checking! This is interesting and it sounds, like it really is related to openthread somehow.
Brian33
macrumors 65816
I also got no response to dig on my ATV 4K 1st-gen. Yeah, interesting!checking port 53 on a Apple TV 4k 1st gen, the device did not respond to DNS requests.. seems to be a 2nd gen feature.
MRrainer
macrumors 65816
It's a good reminder to everybody to also filter outbound traffic.
Thanks for your report.
Thanks for your report.
Reactions: schlupps
Sep 22, 2020
the piholes logs were my starting point.. seeing it being flooded with huge amounts of requests from my iPhone and iPads, asking for "Wohnzimmer.openthread.thread.home.arpa" (my AppleTV4k2ndGen is named 'Wohnzimmer') made me curious/nervous in the first place.. dont know exactly, what Apple is doing here, to be honest =/ And my pihole forwarded these requests to upstream resolvers, and this is not a good idea imho.
Can it be the mDNSResponder and Bonjour?..dont know exactly, what Apple is doing here, to be honest =/ And my pihole forwarded these requests to upstream resolvers, and this is not a good idea imho.
harris.papazoglo
macrumors newbie
Dec 29, 2020
Sounds like a homekit would need this?
Sep 22, 2020
my impression is, that this new "Thread" staff is the root cause.. my 1st gen AppleTV4k is a way more noiseless device, related to the DNS based traffic around it =))
I am seeing intermittent floods (100s to 1000s of requests per second) of DNS queries originating from mdnsresponder on Macs running 12.2 to the Apple TV 4K (2nd generation) for both IPv4 and v6 on a UniFi network.
Doing a tcpdump on port 53 from the MacBook Pro (16-inch, 2019) is an endless wall of DNS queries like these:
It is pretty obvious when this occurs as the MBPs sound let a jet engine at take off with mdnsresponder eating all the CPU. Packet loss on the UniFi APs also sky rockets at the same time and its so severe AirPlay and everything else starts to drop out.
Doing a tcpdump on port 53 from the MacBook Pro (16-inch, 2019) is an endless wall of DNS queries like these:
Code:
23:05:42.482483 (proc mDNSResponder:247) IP reiya-mbp.home.lan.62141 > living-room.home.lan.domain: 44133+ AAAA? Living-Room.openthread.thread.home.arpa. (57)
23:05:42.483118 (proc mDNSResponder:247) IP reiya-mbp.home.lan.57593 > living-room.home.lan.domain: 52155+ A? Living-Room.openthread.thread.home.arpa. (57)Reactions: schlupps
Sep 22, 2020
If i interprete the dump on my DNS/Pihole correctly, the iOS devices will behave similar. Blocking these requests on DNS level will push the <appleTVsName>.openthread.thread.home.arpa pretty fast on the top of my top-blocked-requests. =/
since that appleTV is responding to DNS requests, maybe forwarding them from the DNS Pihole with a forward Zone to the AppleTV will either relax this flood, or melt down the AppleTV
ill experiment with forward zones and try to observe (and check the ATV s temperature ).
since that appleTV is responding to DNS requests, maybe forwarding them from the DNS Pihole with a forward Zone to the AppleTV will either relax this flood, or melt down the AppleTV
ill experiment with forward zones and try to observe (and check the ATV s temperature ).
satcomer
macrumors G3
Welcome to Mac! Windows users always seem to complain Macs are "chatty" on networks! It's because Apple devices that are mounted will send out to the network it's awake and ready for data! Windows doesn't tell the network when it is ready, you have to guess!
Sep 22, 2020
sure, this whole Bonjour-stuff will generate some noise on networks. But somehow i have the impression, this .openthread.thread.home.arpa thing has a new quality of noiselevel; it feels noisier than some time ago.
When opening "finder" -> network, there is an object with this particular name openthread.thread.home.arpa and this object arrived with macos monterey, i think. So, with AppleTV4k2ndGen, HomePod Mini and Monterey, Apples networking even got a little noisier =)
Now fancying a bunch of AppleTV4k2ndGen in a company to be used in conf rooms or whatever.. tough times for the infrastructure and no wonder if the WLAN feels somewhat "bottlenecked" from time to time =/
When opening "finder" -> network, there is an object with this particular name openthread.thread.home.arpa and this object arrived with macos monterey, i think. So, with AppleTV4k2ndGen, HomePod Mini and Monterey, Apples networking even got a little noisier =)
Now fancying a bunch of AppleTV4k2ndGen in a company to be used in conf rooms or whatever.. tough times for the infrastructure and no wonder if the WLAN feels somewhat "bottlenecked" from time to time =/
I’m fairly certain this must be a bug as pushing mDNSResponder to the point it’s maxing out several cores querying the Apple TV thousands of times per second seems anything but remotely normal. Sniffing for DNS packets on the router, switch, and APs trying to reproduce this it’s pretty quiet by comparison when it’s not doing this. I dread the thought of having any of the other Macs act up at the same time.
Edit: I caught it again four times today doing this. In roughly ten minutes there was over 900k DNS queries from the MBP to the AppleTV for A and AAAA records for the AppleTV’s thread address. lol
If you can packet capture iOS flooding the Apple TV with DNS queries I’d be awfully interested in the logs. Particularly what queries and responses you see just before it starts flooding as there could be some sort of bad retry logic on a malformed response. I haven’t seen that yet myself but it’s about the only good guess I’ve got.If i interprete the dump on my DNS/Pihole correctly, the iOS devices will behave similar. Blocking these requests on DNS level will push the <appleTVsName>.openthread.thread.home.arpa pretty fast on the top of my top-blocked-requests. =/
since that appleTV is responding to DNS requests, maybe forwarding them from the DNS Pihole with a forward Zone to the AppleTV will either relax this flood, or melt down the AppleTV
ill experiment with forward zones and try to observe (and check the ATV s temperature ).
Edit: I caught it again four times today doing this. In roughly ten minutes there was over 900k DNS queries from the MBP to the AppleTV for A and AAAA records for the AppleTV’s thread address. lol
Last edited: Feb 6, 2022
Do you use HomePods with the Apple TV 4K (2nd gen) as the default audio output by any chance?sure, this whole Bonjour-stuff will generate some noise on networks. But somehow i have the impression, this .openthread.thread.home.arpa thing has a new quality of noiselevel; it feels noisier than some time ago.
When opening "finder" -> network, there is an object with this particular name openthread.thread.home.arpa and this object arrived with macos monterey, i think. So, with AppleTV4k2ndGen, HomePod Mini and Monterey, Apples networking even got a little noisier =)
Now fancying a bunch of AppleTV4k2ndGen in a company to be used in conf rooms or whatever.. tough times for the infrastructure and no wonder if the WLAN feels somewhat "bottlenecked" from time to time =/
Sep 22, 2020
nope. My AppleTV 4k 2nd Gen is connected via HDMI to my Denon AVReceiver in the living room. My goood old HomePods (1st Gen) are used as default audio device for my ATV 4k 1stGen in the bedroom.Do you use HomePods with the Apple TV 4K (2nd gen) as the default audio output by any chance?
Darn I was hoping maybe I found the source of my woes on Apple TV’s paired to HomePods but I think this is just a contributing factor compounding the performance issues.nope. My AppleTV 4k 2nd Gen is connected via HDMI to my Denon AVReceiver in the living room. My goood old HomePods (1st Gen) are used as default audio device for my ATV 4k 1stGen in the bedroom.
Reactions: schlupps
SaguaroSeven
macrumors 6502
May 20, 2020
Late to the party, I guess. But the open port 53 is certainly realated with configuring Thread over HomeKit. HomePod mini also has port 53 open, whereas original HomePod does not. It seems that HomePod mini has some bug which is advertising its hostname, such as HomePod.openthread.thread.home.arpa. Apple (HomeKit) devices are requesting this lookup from the local DNS servers (usually a router or pi hole), which don't know about it. On the other hand, Apple TV 4K G2 registers itself with the router, e.g. appletv.openthread.thread.home.arpa, so that if you dig it, the router returns the ATV's IPV4 address. This is all odd because thread is all over IPV6, I believe.
Disclaimers: These devices are all on OS 15.3. I don't have IPV6 fully enabled on my network.
Disclaimers: These devices are all on OS 15.3. I don't have IPV6 fully enabled on my network.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK