NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Southpaw32's avatar
Southpaw32
Guide
Feb 19, 2021
Solved

Orbi doesn't fall over to 2nd or 3rd DNS

I have a couple of Raspberry Pi's running PiHole for my DNS. The setup works great, but the other day the first PiHole machine got unplugged, and my devices weren't able to reach the network, despite...
  • Southpaw32's avatar
    Southpaw32
    Mar 05, 2021

    So I think I figured things out.

    One of my RPi is setup as my DHCP server, and when I looked the DNSMasq .conf file it was only passing on the IP address of the DNS servers for that RPi, not the addresses for the RPi PiHole severs.

     

    I edited the .conf file, and replaced 8.8.8.8, etc with the local pihole IPs, and for the first time ever I have all three of my RPis showing blocked traffic!

     

     

     

CrimpOn's avatar
CrimpOn
Guru - Experienced User
Feb 20, 2021

Well, this is not working out as I anticipated.  I have two Raspberry Pi's running Pi-hole.

My "test" Orbi is connected to my regular Orbi and configured as a router.

It is set to use the two Pi's as DNS servers. (192.168.1.27 and 192.168.1.30).

 

I have a Windows PC connected to the test Orbi (ethernet). When I open a web browser, what seems to happen is that all DNS requests are sent by the Orbi to both Pi-holes. What appears to be happening is that the Orbi behaves as Windows 10 seems to behave. If DNS requests cannot be satisfied from the Pi-hole cache, they are sent to all DNS resolvers.

 

I will perform another test tomorrow where DNS server #1 is taken off-line to see if DNS requests still go to DNS server #2.

 

Not sure what to make of all this.  So far, it is not confirming your experience.

 

More tomorrow.....

CrimpOn's avatar
CrimpOn
Guru - Experienced User
Feb 20, 2021

There is another way to verify Orbi DNS behavior: capture WAN traffic.

If Orbi has two defined  DNS servers (perhaps Google and Open DNS), a WAN traffic capture should show whether Orbi queries one or both of them.  Will try that tomorrow as well.

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Feb 20, 2021

    Another puzzle.  Used the debug feature to capture WAN/LAN traffic while I opened a series of web pages that had not been opened in a while (avoid Windows and Orbi cache).  Test Orbi set to use 1.1.1.1 and two Pi-holes.  The WAN packet capture shows the Orbi sending queries to all three up-stream DNS servers at the same time, with all three responding.

     

    i.e.

    DNS 1.1.1.1

    Internet

    Production Orbi Router (LAN 192.168.1.1)

    Pi-hole1 (192.168.1.27)

    Pi-hole2 (192.168.1.30)

    Test Orbi Server (192.168.1.81) (LAN side 10.0.0.1, configured to use 3 DNS servers)

    Test Windows PC (10.0.0.2) Set to use DHCP provided DNS server, which is 10.0.0.1

     

    The goal was to reproduce and document the Orbi DNS failure. These results are not encouraging.  There seem to be two additional avenues to explore, but I am not certain how to go about it:

    1. I had thought that "losing" one of the DNS servers would cause it to be "marked" somehow and forgotten (no longer used). I shut off one of the Pi's, waited a few minutes, and then turned it back on.  New debug log shows the Orbi continuing to query all three servers.
    2. Perhaps the Orbi treats DNS servers attached to the LAN side differently than on the WAN side.  Exploring this is much more complicated as it involves several production Orbi restarts, which the family will not enjoy.

     

    This exercise has made me realize that using Pi-hole to filter DNS queries works only if every DNS server the Orbi uses is a Pi-hole.  Servers are not primary, failover1, failover2.  They are all equal and all used every time.

     

    • Southpaw32's avatar
      Southpaw32
      Guide
      Mar 03, 2021

      Here is a look at my Pi setup. I have three now. (it's kind of an addiction.)

      They are listed in order of how they appear in the DNS in my Orbi.

      I recently added the RPi4, and made it the main DNS, demoting RPi3 to second.

      Only my NAS, Orbi and the RPi4 are hitting the RPi3.

      Nothing is using the ZeroPi.

       

      I can't imagine that if all three were being hit every time, that the other two wouldn't show some queries or blocks.

       

      • CrimpOn's avatar
        CrimpOn
        Guru - Experienced User
        Mar 03, 2021

        The "in-line" image will not appear until a forum moderator approves it.  (Using the "Browse" button in the lower left make images available instantly.)

         

        Since I was able to capture WAN packets of the Orbi doing simultaneous DNS queries on all DNS servers, the only remaining possibility is that DNS servers on the LAN side of the Orbi may be treated differently.  After stringing ethernet cables around the room to move two Pi-holes from the 192.168 Orbi to the 10.0 Test Orbi, I realized that these Pi's have static IP's for eth0.  Have to stop and research now (a) did I set these Pi's up with static IP's or did Pi-hole? and (b) how do I move the damn things from one IP subnet to another (and back). 

         

        Or, I can wait until people are asleep and fiddle with the family Orbi

        • reset the DNS servers to local Pi-hole (I have been using Pi-hole only for "my" devices; not for everybody)
        • set up packet capture
        • run some tests
        • save the debug file
        • put everything back the way it was