DNS Spam Issue #54

New issue

Closed

opened 2026-02-20 08:19:43 -05:00 by deekerman · 12 comments

deekerman commented 2026-02-20 08:19:43 -05:00

Owner

Copy link

Originally created by @ShowSysDan on GitHub (Jan 13, 2025).

Originally assigned to: @ym on GitHub.

I run a network that doesn't have internet with a Mikrotik router in the middle. the inline image below is what I found after a day or two of running JetKVM. The JetKVM device is the .177 making requests to port 53 on the router gateway.

The active connections in on the bottom left of the image, usually we are between 300-500 active connections through the firewall, 25-27k of DNS requests from one little device seems a bit much.

For now I disabled the switch port the JetKVM is connected to and all of those 25k connections cleared out as they timed out.

I understand the device calls home to update firmware, so it would be nice to either just give up if it can't reach out after a bit, or if there was a setting to tell the device that it can't possibly reach out so don't even try.
 

Originally created by @ShowSysDan on GitHub (Jan 13, 2025). Originally assigned to: @ym on GitHub. I run a network that doesn't have internet with a Mikrotik router in the middle. the inline image below is what I found after a day or two of running JetKVM. The JetKVM device is the .177 making requests to port 53 on the router gateway. The active connections in on the bottom left of the image, usually we are between 300-500 active connections through the firewall, 25-27k of DNS requests from one little device seems a bit much. For now I disabled the switch port the JetKVM is connected to and all of those 25k connections cleared out as they timed out. I understand the device calls home to update firmware, so it would be nice to either just give up if it can't reach out after a bit, or if there was a setting to tell the device that it can't possibly reach out so don't even try.   

deekerman closed this issue 2026-02-20 08:19:44 -05:00

deekerman commented 2026-02-20 08:19:44 -05:00

Author

Owner

Copy link

@exegeteio commented on GitHub (Jan 25, 2025):

@ShowSysDan I saw a similar problem, but all of the requests were NTP related. Can you confirm if you saw the same behavior?

@exegeteio commented on GitHub (Jan 25, 2025): @ShowSysDan I saw a similar problem, but all of the requests were NTP related. Can you confirm if you saw the same behavior? <img width="982" alt="Image" src="https://github.com/user-attachments/assets/97e8ce23-ae5e-4577-b31c-98e72d16248b" />

deekerman commented 2026-02-20 08:19:44 -05:00

Author

Owner

Copy link

@kashalls commented on GitHub (Jan 29, 2025):

Is this a clean session (where you logged in and are just sitting infront of a screen?) or have you used the kvm a little bit?

Sitting at / locally, I see the normal MDNS, SRTCP, STUN and other traffic on my local ethernet. Same thing for remote cloud.

@kashalls commented on GitHub (Jan 29, 2025): Is this a clean session (where you logged in and are just sitting infront of a screen?) or have you used the kvm a little bit? Sitting at `/` locally, I see the normal MDNS, SRTCP, STUN and other traffic on my local ethernet. Same thing for remote cloud. 

deekerman commented 2026-02-20 08:19:44 -05:00

Author

Owner

Copy link

@yferszt commented on GitHub (Jan 29, 2025):

I have observed that just having the JetKVM connected to the network is enough to have the DNS spam issue. Just verified it.
Setup: Isolated VLAN without access to DNS or Internet.

@yferszt commented on GitHub (Jan 29, 2025): I have observed that just having the JetKVM connected to the network is enough to have the DNS spam issue. Just verified it. Setup: Isolated VLAN without access to DNS or Internet. 

deekerman commented 2026-02-20 08:19:44 -05:00

Author

Owner

Copy link

@kashalls commented on GitHub (Jan 29, 2025):

I have observed that just having the JetKVM connected to the network is enough to have the DNS spam issue. Just verified it. Setup: Isolated VLAN without access to DNS or Internet.

That seems like a setup issue then... Considering that it should only be using the IP provided by the DHCP Server (which looks like its your own router).

Codebase wise, this lines up with what the kvm tries to do and register with the cloud service by default. A better behavior would be to only start up if configured with a cloud address.

See: https://github.com/jetkvm/kvm/blob/main/cloud.go#L121C25-L121C29, and the auto-updater + oidc.

@kashalls commented on GitHub (Jan 29, 2025): > I have observed that just having the JetKVM connected to the network is enough to have the DNS spam issue. Just verified it. Setup: Isolated VLAN without access to DNS or Internet. That seems like a setup issue then... Considering that it should only be using the IP provided by the DHCP Server (which looks like its your own router). Codebase wise, this lines up with what the kvm tries to do and register with the cloud service by default. A better behavior would be to only start up if configured with a cloud address. See: https://github.com/jetkvm/kvm/blob/main/cloud.go#L121C25-L121C29, and the auto-updater + oidc.

deekerman commented 2026-02-20 08:19:44 -05:00

Author

Owner

Copy link

@Nevexo commented on GitHub (Jan 29, 2025):

A better behavior would be to only start up if configured with a cloud address.

https://github.com/jetkvm/kvm/pull/27

@Nevexo commented on GitHub (Jan 29, 2025): > A better behavior would be to only start up if configured with a cloud address. https://github.com/jetkvm/kvm/pull/27

deekerman commented 2026-02-20 08:19:44 -05:00

Author

Owner

Copy link

@yferszt commented on GitHub (Jan 29, 2025):

That seems like a setup issue then... Considering that it should only be using the IP provided by the DHCP Server (which looks like its your own router).

I am not sure what you mean with that. The JetKVM spams my own gateway with DNS queries.

Configuration:
JetKVM uses DHCP and gets 192.168.192.100
I did not configure any cloud services on the JetKVM.
Gateway: 192.168.192.1

Additionaly I think that the NTP is hardcoded in the JetKVM. In my opinion JetKVM should have 2 modes. Mode 1 is getting all settings from DHCP. Mode 2 shoud let us specify all network parameters.

@yferszt commented on GitHub (Jan 29, 2025): > That seems like a setup issue then... Considering that it should only be using the IP provided by the DHCP Server (which looks like its your own router). I am not sure what you mean with that. The JetKVM spams my own gateway with DNS queries. Configuration: JetKVM uses DHCP and gets 192.168.192.100 I did not configure any cloud services on the JetKVM. Gateway: 192.168.192.1 Additionaly I think that the NTP is hardcoded in the JetKVM. In my opinion JetKVM should have 2 modes. Mode 1 is getting all settings from DHCP. Mode 2 shoud let us specify all network parameters.

deekerman commented 2026-02-20 08:19:44 -05:00

Author

Owner

Copy link

@Nevexo commented on GitHub (Jan 29, 2025):

Additionaly I think that the NTP is hardcoded in the JetKVM. In my opinion JetKVM should have 2 modes. Mode 1 is getting all settings from DHCP. Mode 2 shoud let us specify all network parameters.

Yeah lots of discussion around this, it'll get some form of manual network config options soon, and it certainly shouldn't have the NTP servers hardcoded like it does.

@Nevexo commented on GitHub (Jan 29, 2025): > Additionaly I think that the NTP is hardcoded in the JetKVM. In my opinion JetKVM should have 2 modes. Mode 1 is getting all settings from DHCP. Mode 2 shoud let us specify all network parameters. Yeah lots of discussion around this, it'll get some form of manual network config options soon, and it certainly shouldn't have the NTP servers hardcoded like it does.

deekerman commented 2026-02-20 08:19:44 -05:00

Author

Owner

Copy link

@yferszt commented on GitHub (Jan 29, 2025):

Yeah lots of discussion around this, it'll get some form of manual network config options soon, and it certainly shouldn't have the NTP servers hardcoded like it does.

That would be great.

@yferszt commented on GitHub (Jan 29, 2025): > Yeah lots of discussion around this, it'll get some form of manual network config options soon, and it certainly shouldn't have the NTP servers hardcoded like it does. That would be great.

deekerman commented 2026-02-20 08:19:44 -05:00

Author

Owner

Copy link

@kashalls commented on GitHub (Jan 29, 2025):

That seems like a setup issue then... Considering that it should only be using the IP provided by the DHCP Server (which looks like its your own router).

I am not sure what you mean with that. The JetKVM spams my own gateway with DNS queries.

Your default deny rule prevents any DNS from being resolved, at all. That's all I meant by it.

@kashalls commented on GitHub (Jan 29, 2025): > > That seems like a setup issue then... Considering that it should only be using the IP provided by the DHCP Server (which looks like its your own router). > > I am not sure what you mean with that. The JetKVM spams my own gateway with DNS queries. Your default deny rule prevents any DNS from being resolved, at all. That's all I meant by it.

deekerman commented 2026-02-20 08:19:44 -05:00

Author

Owner

Copy link

@yferszt commented on GitHub (Jan 29, 2025):

Your default deny rule prevents any DNS from being resolved, at all. That's all I meant by it.

Yes, this is how I test new devices on my network. Block all and see how they behave and where they try to go.

@yferszt commented on GitHub (Jan 29, 2025): > Your default deny rule prevents any DNS from being resolved, at all. That's all I meant by it. Yes, this is how I test new devices on my network. Block all and see how they behave and where they try to go.

deekerman commented 2026-02-20 08:19:44 -05:00

Author

Owner

Copy link

@apalrd commented on GitHub (Feb 12, 2025):

I think we should reduce the sleep time down from 1 hour to something in the range of 5 seconds. The time task isn't dependent on the network being 'up', so the first attempt will always fail. If we delay 1 hour on failure, we will never get time for the first hour.

Failure can also be due to any number of network reasons and not necessarily the network blocking the request.

@apalrd commented on GitHub (Feb 12, 2025): I think we should reduce the sleep time down from 1 hour to something in the range of 5 seconds. The time task isn't dependent on the network being 'up', so the first attempt will always fail. If we delay 1 hour on failure, we will never get time for the first hour. Failure can also be due to any number of network reasons and not necessarily the network blocking the request.

deekerman commented 2026-02-20 08:19:44 -05:00

Author

Owner

Copy link

@dontcrash commented on GitHub (Jul 21, 2025):

This was closed complete, but wondering if there has been a regression.

App: 0.4.6
System: 0.2.5

@ym

@dontcrash commented on GitHub (Jul 21, 2025): This was closed complete, but wondering if there has been a regression. App: 0.4.6 System: 0.2.5 <img width="560" height="154" alt="Image" src="https://github.com/user-attachments/assets/854331d5-0841-45f9-aef7-69b10d18ea95" /> @ym

deekerman referenced this issue 2026-02-20 08:19:52 -05:00

Stuck at "Loading video stream..." #61

deekerman referenced this issue 2026-02-20 08:20:11 -05:00

Remote Access #84

deekerman referenced this issue 2026-02-20 08:20:11 -05:00

Remote Access #84

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

dependabot/npm_and_yarn/ui/vitejs/plugin-react-swc-4.2.3

dependabot/npm_and_yarn/ui/vite-tsconfig-paths-6.1.1

dependabot/npm_and_yarn/ui/framer-motion-12.34.3

dependabot/npm_and_yarn/ui/tailwind-merge-3.5.0

dependabot/npm_and_yarn/ui/multi-d88693a43a

dependabot/go_modules/github.com/pion/webrtc/v4-4.2.9

dependabot/npm_and_yarn/ui/inlang/cli-3.1.6

dependabot/npm_and_yarn/ui/eslint-plugin-react-refresh-0.5.2

dependabot/go_modules/golang.org/x/sys-0.41.0

dependabot/go_modules/golang.org/x/crypto-0.48.0

dependabot/npm_and_yarn/ui/zustand-5.0.11

dependabot/go_modules/github.com/prometheus/procfs-0.20.1

dependabot/npm_and_yarn/ui/inlang/sdk-2.7.0

dependabot/go_modules/github.com/gin-gonic/gin-1.12.0

dependabot/go_modules/golang.org/x/net-0.51.0

dependabot/github_actions/actions/upload-artifact-7

dependabot/npm_and_yarn/ui/npm_and_yarn-e66adb831b

feat/signed-releases

dependabot/go_modules/github.com/prometheus/common-0.67.5

fix/ipv6-readiness

fix/failsafe-tolerance

fix/failscafe-tolerance

debug/native-logs

fix/retry-sleep-mode-check

copilot/add-copilot-instructions-file

chore/es-lint-redux

fix/deploy-cloud-app

release-cloud-app/0.4.9

release-cloud-app/0.4.8

release-cloud-app/0.4.5

release-cloud-app/0.4.4

release-cloud-app/0.4.3

release-cloud-app/0.4.2

release-cloud-app/0.4.1

release-cloud-app/0.4.0

release-cloud-app/0.3.9

release-cloud-app/0.3.8

fix/prevent-video-restart-loop

fix/en-as-default

backports/ota-und-cgo

e2e-tests

release/049

feat/audio-support-metrics

fix/usb-gadget-init-rebind

feat/lldp

feat/usb-reset

feat/audio-support

fix/hdmi-mutex

main

feat/auto-reload-fe

feat/jsonrpc-typings

feat/ocr

chore/show-codec

chore/golangci-lint-additional

refactor/jsonrpc-kbd

misc/0.4.6-with-old-deps

feat/static-ip-ui

cursor/refactor-uselocation-to-prevent-re-renders-f026

cursor/remove-uselocation-from-devices-id-tsx-7751

chore/eslint-prettier-setup

feat/tls-config

feat/metrics-optin

feat/tls

release/0.5.4-dev202602080922

release/0.5.3

release/0.5.3-dev202602061404

release/0.5.3-dev202601281951

release/0.5.2-dev202601071426

release/0.5.2

release/0.5.2-dev202601070105

release/0.5.2-dev202601070032

release/0.5.2-dev202601061215

release/0.5.2-dev202601051816

release/0.5.2-dev202512291946

release/0.5.1-dev202512211114

release/0.5.1

release/0.5.1-dev202512181840

release/0.5.1-dev202512181609

release/0.5.1-dev202512181144

release/0.5.0-dev202512051510

release/0.5.0

0.5.0-dev202511271013

0.5.0-dev202511271020

release/0.5.0-dev202511211223

release/0.5.0-dev20251120

release/0.4.9

release/0.4.8

release/0.4.7

challenge-base

release/0.4.6

release/0.4.5

release/0.4.5-rc2

release/0.4.5-rc1

release/0.4.4

release/0.4.3

release/0.4.2

release/0.4.1

release/0.4.0

release/0.3.9

release/0.3.8

Labels

Clear labels   

component/keyboard-layout

  

component: cloud

  

component: device screen

  

component: extensions

  

component: hid/keyboard

  

component: hid/mouse

  

component: network

  

component: timesync

  

component: ui

  

component: updater

  

component: usb

  

component: usb/hid

  

component: usb/storage

  

component: video

  

component: webrtc

  

component: webserver

  

need-more-details

  

status: working-in-progress

  

wontfix

No labels

component/keyboard-layout

component: cloud

component: device screen

component: extensions

component: hid/keyboard

component: hid/mouse

component: network

component: timesync

component: ui

component: updater

component: usb

component: usb/hid

component: usb/storage

component: video

component: webrtc

component: webserver

need-more-details

status: working-in-progress

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/kvm#54

No description provided.