I'm posting this here just in case somebody else also noticed this on their routers. I've only noticed this morning a continuous usage from my CPU threads this past weeks which made me question what is happening. After further analysis, it was the dnsmasq that was eating it up so I enabled logquries in the configuration.
And I saw that I was being flooded for DNS query for apd-pcdnwxlogin.teg.tencent-cloud.net. In my case it's actually not DNS Rebind warning but a NXDOMAIN response since I already blocked it via AdBlock a few months ago (this was when I first noticed those DNS query but only floods during that time few seconds then stops, this time it was almost continuous).
Doing a nslookup for apd-pcdnwxlogin.teg.tencent-cloud.net yields to 0.0.0.1 (I've tried via 1.1.1.1, 8.8.8.8 and 9.9.9.9 all returning the same invalid IP)
Further investigation, out of a total of almost 25 devices that connects to my network, it was only one of devices that is triggering this. It was my own Android device. Below are the details so far of my investigation.
And I think it's the only device that has WeChat installed. I'll be updating this post as I investigate further. So far, after doing a "Force Stop" I haven't seen the DNS query flooding.
Should they ban allowing configuring Public DNS to assign such addresses? Anyway, the actual issue is, why is WeChat flooding the DNS query with it. Now I think the app is a torjan horse hahahaha
And I did saw the other user with the Raspberry Pi, and I think there are 2 or 3 more users having the same issue for the same domain.
Actually after reviewing the router stats for the past months, I think it has been happening in the background without me being the wiser. When I first noticed the DNS Rebinding issue, my router was restarting from time to time. That's when I used AdBlock to block it, so I thought I fixed it but issue was just hidden due to the fact it's now a NXDOMAIN. So it's not showing on the regular logs.
But your DNS resolver will still be flooded with request.. see my post before yours.. I noticed that my CPU overall usage (4 cpu core router) was always peaking at 25% which means out of the 4 cores always 1 of the core is almost 100% usage.
When I enabled 'logqueries' in the dhcp, that's when I saw dnsmasq is being flooded by the DNS request but my DNS is already returning NXDOMAIN.
Some apps after getting an NXDOMAIN will try again over and over until it actually gets an IP. Others might try to keep connecting to 0.0.0.0 because it was actually a positive response.
Since you were already returning NXDOMAIN and it was still trying to connect, why don't you try returning 0.0.0.0 and see it it stops trying over and over?
I didn't post here to find a solution on the NXDOMAIN or DNS REBIND flooding.. i posted here as an FYI to others who might encounter it. And I'm saying that specific to the DOMAIN mentioned, it was the WeChat app that was the culprit. And seeing how the it's doing the flooding, I think the app is like a trojan horse and I've uninstalled it as I feel it's a dubious app doing such a thing.