![](https://seccdn.libravatar.org/avatar/77cb4da5f72bc176182dcc33f03a18f3.jpg?s=120&d=mm&r=g)
On 2017-01-08 05:00, Lew Wolfgang wrote:
On 01/07/2017 07:23 PM, Carlos E. R. wrote:
Hi,
I see every few minutes this in the log:
<3.4> 2017-01-08 03:45:55 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 03:51:49 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 03:55:55 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 04:01:49 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 04:06:49 minas-tirith dnsmasq 2962 - - message repeated 2 times: [ Maximum number of concurrent DNS queries reached (max: 150)] <3.4> 2017-01-08 04:09:19 minas-tirith dnsmasq 2962 - - Maximum number of concurrent DNS queries reached (max: 150) <3.4> 2017-01-08 04:09:48 minas-tirith dnsmasq 2962 - - message repeated 3 times: [ Maximum number of concurrent DNS queries reached (max: 150)]
The machine is a laptop, idling, with Leap 42.2 recently upgraded from 13.1.
I have no idea where to look for culprits. :-?
Malware infection? I once had a compromised Internet-facing server that flagged itself by making excessive DNS queries to Google.
But it is not facing Internet. And the occurrences are rhythmic, not continuous.
Are there any additional dnsmasq log entries? Maybe turn on log-queries and see what it's doing?
No, the entries are those of above, but many more. Good idea, I'll see about log verbosity. I have just switched on the laptop and see no occurrences yet. # For debugging purposes, log each DNS query as it passes through # dnsmasq. log-queries I tried the setting with "host google.es", and it happened: <3.6> 2017-01-08 17:23:33 minas-tirith systemd 1 - - Reloading DNS caching server.. <3.6> 2017-01-08 17:23:33 minas-tirith systemd 1 - - Reloaded DNS caching server.. <3.6> 2017-01-08 17:23:33 minas-tirith dnsmasq 2962 - - read /etc/hosts - 20 addresses <3.6> 2017-01-08 17:24:01 minas-tirith systemd 1 - - Stopping DNS caching server.... <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 2962 - - exiting on receipt of SIGTERM <3.6> 2017-01-08 17:24:01 minas-tirith systemd 1 - - Stopped DNS caching server.. <3.6> 2017-01-08 17:24:01 minas-tirith systemd 1 - - Starting DNS caching server.... <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3576 - - dnsmasq: syntax check OK. <3.6> 2017-01-08 17:24:01 minas-tirith systemd 1 - - Started DNS caching server.. <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - started, version 2.71 cachesize 2000 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - compile time options: IPv6 GNU-getopt no-DBus i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - DBus support enabled: connected to system bus <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - asynchronous logging enabled, queue limit is 5 messages <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.4.4#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.8.8#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - reading /etc/resolv.conf <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.4.4#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 8.8.8.8#53 <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - using nameserver 127.1.1.1#53 <3.4> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - ignoring nameserver ::1 - local interface <3.6> 2017-01-08 17:24:01 minas-tirith dnsmasq 3580 - - read /etc/hosts - 20 addresses <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 ... <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.4.4 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 8.8.8.8 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - forwarded google.es to 127.1.1.1 <3.4> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - Maximum number of concurrent DNS queries reached (max: 150) <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - query[A] google.es from 127.0.0.1 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - cached google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - message repeated 6 times: [ reply google.es is 216.58.211.227] <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - message repeated 14 times: [ reply google.es is 216.58.211.227] <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.208.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - reply google.es is 216.58.211.227 <3.6> 2017-01-08 17:24:07 minas-tirith dnsmasq 3580 - - message repeated 111 times: [ reply google.es is 216.58.211.227] and later: <10.6> 2017-01-08 17:25:10 minas-tirith sshd 3773 - - pam_unix(sshd:session): session opened for user cer by (uid=0) <4.6> 2017-01-08 17:25:10 minas-tirith systemd-logind 2211 - - New session 74 of user cer. <3.6> 2017-01-08 17:25:10 minas-tirith systemd 1 - - Started Session 74 of user cer. <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 8.8.4.4 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 8.8.8.8 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 ... <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 127.1.1.1 <3.4> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - Maximum number of concurrent DNS queries reached (max: 150) <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[AAAA] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - cached conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - forwarded conncheck.opensuse.org to 8.8.4.4 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - query[A] conncheck.opensuse.org from 127.0.0.1 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - cached conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - cached hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply conncheck.opensuse.org is <CNAME> <3.6> 2017-01-08 17:25:20 minas-tirith dnsmasq 3580 - - reply hydra.opensuse.org is 195.135.221.150 What is going on? -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)