Currently Being ModeratedAug 19, 2012 10:12 AM (in response to Linc Davis)
Unfortunately, "lsof -i" doesn't show anything useful. I assume this is because the connections are only up temporarily in order to make the query, after which they're immediately torn down again.
I ran the command while the described network activity was in progress and just see this (none of these are the DNS traffic):
$ lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
SystemUIS 278 omf 6u IPv4 0x6ac3ab0520698871 0t0 UDP *:*
SystemUIS 278 omf 8u IPv4 0x6ac3ab0534df22d9 0t0 TCP localhost:65415->localhost:5204 (ESTABLISHED)
SystemUIS 278 omf 11u IPv4 0x6ac3ab0543a675f9 0t0 TCP localhost:65416->localhost:5204 (ESTABLISHED)
SystemUIS 278 omf 12u IPv4 0x6ac3ab054392d789 0t0 TCP localhost:65417->localhost:5204 (ESTABLISHED)
NetworkBr 282 omf 5u IPv4 0x6ac3ab051f9e81c9 0t0 UDP *:*
ubd 22317 omf 20u IPv4 0x6ac3ab0534fa45f9 0t0 TCP *:57279 (LISTEN)
ubd 22317 omf 21u IPv6 0x6ac3ab0521ebd899 0t0 TCP *:57279 (LISTEN)
I ran Wireshark at the same time and saw the same continuous DNS queries for the Akamai CDN.
Even if lsof did show the DNS query TCP connection, I doubt it would identify anything other than some core system process. In most cases, the application would make a query to the OS, and the OS would execute the query. As far as I know, lsof will only show which process established the connection, not which process initiated the query.
Currently Being ModeratedAug 19, 2012 10:20 AM (in response to omfowler)
I realized I should've used "sudo" after posting this, so I tried again and I do see the DNS query connection. It comes from the process mDNSRespo running as "_mdnsresponder". I imagine a standard DNS query initiated by any process would end up being handled by mDNSResponder?
Currently Being ModeratedAug 19, 2012 11:11 AM (in response to omfowler)
I have a better idea of what's happening:
Every once in a while, I can't get on the Internet at home with my iOS devices. Every time this happens, clearing out the DNS cache on my home router fixes the problem. It has something to do with the DNS resolution for the Akamai CDN Apple uses, but I haven't taken the time to figure out exactly what's getting "stuck".
While observing this continual-DNS-query issue on my MBP, I tried clearing the DNS cache on my home router and the traffic (queries) coming from the MBP immediately stopped.
Whatever the issue is, it seems to be related to the same Akamai DNS weirdness I've seen in the past.
The continual-DNS-query behavior is still a bug, I'd say, but at least I can dig into why clearing the router's DNS cache seems to fix the problem.
Currently Being ModeratedOct 7, 2012 5:17 AM (in response to omfowler)
anything more on that topic? (idealy: how to disable the lookups)
i often have to dig through pcap dumps and every time i see on of these queries it annoys me because they are completely useless. it's like asking a directory service for your moms phone number every ten minutes but only actually calling her once a year.
make it go awaaaay o.O
Currently Being ModeratedJul 13, 2013 12:31 PM (in response to omfowler)
Apple uses Akamai for its content distribution (App Store downloads, Software-Updates, Xportect,...) and the DNS request you see is Akamai's technology to figure out what's the closest server to you to speed things up. So this is no bug or some hidden "home calling" feature which will threaten your privacy. There is no content or Usage Statistics in those messages. It's nothing bad, OS X is just very noisy.
Second. Some of those DNS request are probably part of DNS-SD. A Zero-Configuration mechanism. Look here: http://en.wikipedia.org/wiki/Zero_configuration_networking#Service_discovery
I think they are those PTR dr._dns-sd._udp.lan request with also a huge akamaiedge reply.
You can disable this feature, here:
More Like This
- Retrieving data ...
- This solved my question - 10 points
- This helped me - 5 points