NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

RJU064's avatar
RJU064
Aspirant
Jan 15, 2021

Orbi Pro 6 SXR80 - Firmware Update V3.2.0.108 is a Disaster

Orbi Pro 6 SXR80 running in AP Mode.   Firmware Update V3.2.0.108 is a Disaster.  Two major issues:   First Issue Updated to latest firmware V3.2.0.108 and the unit would not boot back up.  Stuc...
routerRCE9's avatar
routerRCE9
Tutor
Feb 07, 2021

Upgraded to V3.2.1.102 this morning. Can confirm that all DNS requests are still being intercepted by the Orbi:

 

root@SXR80:~# iptables -nvL -tnat
Chain PREROUTING (policy ACCEPT 2195 packets, 457K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  184 11855 REDIRECT   udp  --  br-lan *       0.0.0.0/0           !172.16.1.4           udp dpt:53 redir ports 53
 1358 91328 REDIRECT   udp  --  br3    *       0.0.0.0/0           !192.168.10.81         udp dpt:53 redir ports 53
root@SXR80:~# netstat -lntp | grep 53
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      19606/dnsmasq
tcp        0      0 :::53                   :::*                    LISTEN      19606/dnsmasq

My Orbi is in bridge mode (i.e. it's acting as an access point, not a router). There is absolutely NO reason that it should be touching packets above layer 2, much less actively intercepting and logging all DNS requests (are these logs being sent back to Netgear servers for data collection?)!

 

Netgear, this is unacceptable and unwanted behavior for a device that is meant to be used in a business setting. Please fix ASAP.

 

I tried flushing the iptables nat table and unloading the ipt_dnshijack kernel module (and others), but the only result was completely breaking DNS for everyone on wireless. The aclhijackdns process was also running but I'm not sure if it has any affect.

 

 

RJU064's avatar
RJU064
Aspirant
Feb 07, 2021

routerRCE9, thank you for confirming the DNS hijacking problem still exists in this new firmware release as I'm unable to risk an outage by testing myself in my production environment.

 

I'm very disappointed this new firmware was released to the public without addressing both major issues.  In fact, the DNS issue is not even mentioned as a "known issue" in the release notes.  At least provide notice to everyone running this device in AP Mode that this DNS problem is a known issue in this firmware release.

 

  • routerRCE9's avatar
    routerRCE9
    Tutor
    Feb 07, 2021

    No problem, I will keep checking as new updates come out.

    As a workaround, your internal DNS server should still be used for lookups as long as the Orbi is configured to use it.

    • Alvarius's avatar
      Alvarius
      Aspirant
      Feb 17, 2021

      New SXR80 owers (as of yesterday).  Got it all set up and updated to firmware V3.2.1.102 which appears to be the latest as of this writing (sounds like .108 was pulled due to the non-booting issue, I'm assuming).

      We have the system in AP mode.  We have it configured to use a static IP address and our own DNS servers.

       

      We are not able to resolve local DNS lookups on wireless despite configuring the SXR80 to use our DNS servers.

       

      This is simply NOT acceptable for a $700 product!

       

      Is there any ETA on a fix?  This should be URGENT.

       

      • hnagaraju's avatar
        hnagaraju
        NETGEAR Employee Retired
        Feb 18, 2021

        This thread has multiple questions asked. Let me try to address one by one.

         

        lets start with easier once.

        1) Netgear does not tracks or uses DNS lookups.

        On Orbi Pro. The RA feature in Orbi pro is very watered down and mainly collect things like how many satellites are connected. It does not go into user network details. Here is offical answer for Router Analytics. 

        https://kb.netgear.com/000038663/What-router-analytics-data-is-collected-and-how-is-the-data-being-used-by-NETGEAR

         

        2) Orbi pro allows user to control automatic firmware update ON/OFF.

        users can use (optional) Insight manager (first year subscription is normally included ) for setting rules for firmware update

        or use Local UI   in following page : Advance->Adminstration->Firmware update

        By default automatic firmware update is DISABLED.

         

        3) Insight Instant Mesh (currently supported on WAC540, WAC564, WAX610, etc) is good alternative for power-users who want special settings with mesh backhauls.

         

        4) We acknowledge there is issue with AP mode and static IP address used for Base and Satellites (in 102 firmware). 

        Team is coming up with a patch release soon. We have launched a beta program. If you would like to particate, please sign up for this forum to get bleeding edge software releases. Sometimes, we will have  new features and almost always bug fixes few days or weeks ahead of the offical scheduled release to support portal.

        https://community.netgear.com/t5/Orbi-Pro-Beta/bd-p/en-business-orbiprobeta

         

         

         

         

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More