Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: omfowler
omfowler Author
User level: Level 1
15 points

Continual DNS queries to akamaiedge.net

I have a relatively fresh install of Mountain Lion on a new MBP Retina.


I recently installed iStat Menus to keep an eye on resource usage and noticed that there is around 70KB of network activity every 15 minutes or so. It's pretty continual and lasts for around 5 minutes. This is with no user/foreground applications running.


I was curious about what the traffic was, so I installed Wireshark to take a look at the traffic. I left a capture running for a while until I grabbed the activity in question.


Looking at the capture decode, it looks like the traffic is made up entirely of DNS queries to e3191.c.akamaiedge.net over TCP. The queries come from the Mac, and valid, non-error responses come back from my router. Then the same query is made again. Over and over.


It's not a big problem, but it does suggest that there's a bug with some piece of code. I still don't know what's triggering the requests: something in OS X itself or some third-party code.


Has anyone seen behavior like this or have any idea what it might be about? How about a way to narrow down the offending software?


Curiosly,

Oscar

MacBook Pro with Retina display

Posted on Aug 19, 2012 9:28 AM

Reply
Question marked as Best reply
User profile for user: Ruadh2
Ruadh2
User level: Level 1
16 points

Posted on Feb 12, 2017 5:26 PM

The instructions in the link no longer apply since Yosemite. See this thread How to disable Bonjour service advertising in Yosemite

View in context
11 replies
User profile for user: omfowler
omfowler Author
User level: Level 1
15 points

Aug 19, 2012 10:12 AM in response to Linc Davis

Unfortunately, "lsof -i" doesn't show anything useful. I assume this is because the connections are only up temporarily in order to make the query, after which they're immediately torn down again.


I ran the command while the described network activity was in progress and just see this (none of these are the DNS traffic):


$ lsof -i

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

SystemUIS 278 omf 6u IPv4 0x6ac3ab0520698871 0t0 UDP *:*

SystemUIS 278 omf 8u IPv4 0x6ac3ab0534df22d9 0t0 TCP localhost:65415->localhost:5204 (ESTABLISHED)

SystemUIS 278 omf 11u IPv4 0x6ac3ab0543a675f9 0t0 TCP localhost:65416->localhost:5204 (ESTABLISHED)

SystemUIS 278 omf 12u IPv4 0x6ac3ab054392d789 0t0 TCP localhost:65417->localhost:5204 (ESTABLISHED)

NetworkBr 282 omf 5u IPv4 0x6ac3ab051f9e81c9 0t0 UDP *:*

ubd 22317 omf 20u IPv4 0x6ac3ab0534fa45f9 0t0 TCP *:57279 (LISTEN)

ubd 22317 omf 21u IPv6 0x6ac3ab0521ebd899 0t0 TCP *:57279 (LISTEN)



I ran Wireshark at the same time and saw the same continuous DNS queries for the Akamai CDN.


Even if lsof did show the DNS query TCP connection, I doubt it would identify anything other than some core system process. In most cases, the application would make a query to the OS, and the OS would execute the query. As far as I know, lsof will only show which process established the connection, not which process initiated the query.

Reply
User profile for user: omfowler
omfowler Author
User level: Level 1
15 points

Aug 19, 2012 11:11 AM in response to omfowler

I have a better idea of what's happening:


Every once in a while, I can't get on the Internet at home with my iOS devices. Every time this happens, clearing out the DNS cache on my home router fixes the problem. It has something to do with the DNS resolution for the Akamai CDN Apple uses, but I haven't taken the time to figure out exactly what's getting "stuck".


While observing this continual-DNS-query issue on my MBP, I tried clearing the DNS cache on my home router and the traffic (queries) coming from the MBP immediately stopped.


Whatever the issue is, it seems to be related to the same Akamai DNS weirdness I've seen in the past.


The continual-DNS-query behavior is still a bug, I'd say, but at least I can dig into why clearing the router's DNS cache seems to fix the problem.

Reply
User profile for user: Flectabis
Flectabis
User level: Level 1
4 points

Oct 7, 2012 5:17 AM in response to omfowler

anything more on that topic? (idealy: how to disable the lookups)

i often have to dig through pcap dumps and every time i see on of these queries it annoys me because they are completely useless. it's like asking a directory service for your moms phone number every ten minutes but only actually calling her once a year.

make it go awaaaay o.O

Reply
User profile for user: Community User
Community User

Jul 13, 2013 12:31 PM in response to omfowler

Apple uses Akamai for its content distribution (App Store downloads, Software-Updates, Xportect,...) and the DNS request you see is Akamai's technology to figure out what's the closest server to you to speed things up. So this is no bug or some hidden "home calling" feature which will threaten your privacy. There is no content or Usage Statistics in those messages. It's nothing bad, OS X is just very noisy.


Second. Some of those DNS request are probably part of DNS-SD. A Zero-Configuration mechanism. Look here: http://en.wikipedia.org/wiki/Zero_configuration_networking#Service_discovery


I think they are those PTR dr._dns-sd._udp.lan request with also a huge akamaiedge reply.


You can disable this feature, here:

http://support.apple.com/kb/HT3789#

Reply

Continual DNS queries to akamaiedge.net

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up