Spotify Community

bsut · 2021-07-19

I have a Family Premium plan in the USA. I'm running the Spotify app version

1.1.63.568.gda8cb5ac-a on a MacBook Pro (13-inch, 2017) running macOS Big Sur 11.4. The gateway is a Ubiquiti ER-6P running v2.0.9-hotfix.2 with dnsmasq v2.85. The gateway uses DHCP to serve its own address as the dns-server, and it uses DHCPv6 to serve its own address as the name-server. My Mac and my gateway are both in mydom.ain.

Why does the app periodically query DNS for "xpui.app.spotify.com." and then for "xpui.app.spotify.com"? (Note the lack of a terminating "." which is handled as a query with "mydom.ain." appended.) Here's a typical excerpt from the syslog:

Jul 19 20:11:24 gw dnsmasq[14417]: query[A] xpui.app.spotify.com from 2600:6c01:2345:6789::abcd
Jul 19 20:11:24 gw dnsmasq[14417]: forwarded xpui.app.spotify.com to 1.0.0.1
Jul 19 20:11:24 gw dnsmasq[14417]: forwarded xpui.app.spotify.com to 1.1.1.1
Jul 19 20:11:24 gw dnsmasq[14417]: forwarded xpui.app.spotify.com to 2606:4700:4700::1001
Jul 19 20:11:24 gw dnsmasq[14417]: forwarded xpui.app.spotify.com to 2606:4700:4700::1111
Jul 19 20:11:24 gw dnsmasq[14417]: query[AAAA] xpui.app.spotify.com from 2600:6c01:2345:6789::abcd
Jul 19 20:11:24 gw dnsmasq[14417]: forwarded xpui.app.spotify.com to 1.0.0.1
Jul 19 20:11:24 gw dnsmasq[14417]: reply xpui.app.spotify.com is NXDOMAIN
Jul 19 20:11:24 gw dnsmasq[14417]: query[A] xpui.app.spotify.com.mydom.ain from 2600:6c01:2345:6789::abcd
Jul 19 20:11:24 gw dnsmasq[14417]: forwarded xpui.app.spotify.com.mydom.ain to 1.0.0.1
Jul 19 20:11:24 gw dnsmasq[14417]: reply xpui.app.spotify.com is NXDOMAIN
Jul 19 20:11:24 gw dnsmasq[14417]: query[AAAA] xpui.app.spotify.com.mydom.ain from 2600:6c01:2345:6789::abcd
Jul 19 20:11:24 gw dnsmasq[14417]: forwarded xpui.app.spotify.com.mydom.ain to 1.0.0.1
Jul 19 20:11:25 gw dnsmasq[14417]: reply xpui.app.spotify.com.mydom.ain is NXDOMAIN
Jul 19 20:11:25 gw dnsmasq[14417]: reply xpui.app.spotify.com.mydom.ain is NXDOMAIN

I see no correlated unexpected activity or failures by the app, just these odd DNS queries every 60 to 120 seconds. Each time it wants both A and AAAA records, for both "xpui.app.spotify.com." and "xpui.app.spotify.com". Some queries are served from the gateway's DNS cache, and some (like these) are forwarded to the gateway's upstream nameservers at Cloudflare.

When I query spotify.com's authoritative nameservers directly (e.g. ns1.p23.dynect.net or dns2.p07.nsone.net), I can find no records of type NS, A, or AAAA for app.spotify.com or xpui.app.spotify.com so I don't think the queries are encountering a caching problem at Cloudflare.

bsut · 2021-11-07

Great news! The last query in my logs for xpui.app.spotify.com was 2021-10-01T10:09:51.000-07:00

I guess we can call this one resolved.

View solution in original post

pranav216 · 2021-07-27

I am very interested in hearing more about this. "xpui.app.spotify.com" is the "Top Permitted Domain" on my Pi-Hole's list.

It keeps resolving to NXDOMAIN. Should I simply add it to my blacklist to short circuit the look-up?

bsut · 2021-07-28

I went one better than that:

As you suggest, I return NXDOMAIN locally for xpui.app.spotify.com.mydom.ain (when the app queries for the string with no terminating ".")

Jul 27 22:15:36 gw dnsmasq[2593]: query[AAAA] xpui.app.spotify.com.mydom.ain from 2600:6c01:2345:6789::abcd
Jul 27 22:15:36 gw dnsmasq[2593]: config xpui.app.spotify.com.mydom.ain is NXDOMAIN

I forward xpui.app.spotify.com (when the app terminates its query string) to each of the addresses for each of the eight NSs for spotify.com, which returns the expected NXDOMAIN

(I found the NSs' addresses by for n in $(dig +short -t ns spotify.com); do dig +short -t a $n ; dig +short -t aaaa $n ; done)

Jul 27 22:16:07 gw dnsmasq[2593]: query[AAAA] xpui.app.spotify.com from 2600:6c01:2345:6789::abcd
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 204.13.251.23
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 2001:500:94:1::23
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 208.78.71.23
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 204.13.250.23
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 2001:500:90:1::23
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 208.78.70.23
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 2a00:edc0:6259:7:7::4
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 198.51.45.71
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 2620:4d:4000:6259:7:7:0:3
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 198.51.44.71
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 2a00:edc0:6259:7:7::2
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 198.51.45.7
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 2620:4d:4000:6259:7:7:0:1
Jul 27 22:16:07 gw dnsmasq[2593]: forwarded xpui.app.spotify.com to 198.51.44.7
Jul 27 22:16:07 gw dnsmasq[2593]: reply xpui.app.spotify.com is NXDOMAIN

Why should I bother my upstream NS (one.one.one.one) about Spotify's orphaned code? This way they'll show up in the query stats at the NS where someone can notice and do something about it.

MattSuda · 2021-08-07

Hey @bsut @pranav216

"xpui" is the codename for the new Spotify desktop and web player UI. I'm pretty sure this domain is driving the experience.

You can read more info about the new desktop app and web player here:

Introducing a New Spotify Experience Across Desktop App and Web Player

MattSudaSpotify Star

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

bsut · 2021-08-07

Yes, that's what "xpui" is.
How could a non-existent domain drive the experience?

yummy_spot · 2021-09-15

Just commenting to say I liked your solution and borrowed it for my domain, thanks!

As of the date of this post the issue remains, at least with the Windows client I'm using:

Spotify for Windows
1.1.67.586.gbb5ef64e

bsut · 2021-11-07

Great news! The last query in my logs for xpui.app.spotify.com was 2021-10-01T10:09:51.000-07:00

I guess we can call this one resolved.

Spotify Community

Why is the app querying DNS for xpui?

Why is the app querying DNS for xpui?

Suggested posts

Let's introduce ourselves!

Help Wizard

Step 1

Just quickly...

Why is the app querying DNS for xpui?

Why is the app querying DNS for xpui?

Suggested posts

Let's introduce ourselves!