NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Orbi Pro SRR60 hijacking DNS queries of wifi clients
Network setup:
1 Orbi Pro SRR60 router + 3 SRS60 satellites
PFSense firewall acting as DHCP server
Pihole DNS server
Before firmware upgrade:
All clients (including the Orbi devices) are assigned the pihole server for DNS queries.
Each client on wifi makes their DNS queries to pihole server. This is directly observable in the pihole logs and the metrics for each individual client can be seen on the pihole dashboard.
Upgraded to firmware 2.6.0.108. After firmware upgrade:
All clients (including the Orbi devices) are assigned the pihole server for DNS queries. Nothing has changed from a DHCP perspective.
Confirmed that the wifi devices are showing the pihole server as the DNS server.
However, the pihole logs now show a large increase in DNS queries from the pihole router itself, and ZERO queries from the wifi clients.
Tried doing a nslookup from a windows machine which is pointing to the pihole. Look at the pihole logs, and lo and behold, the request is coming from the Orbi router itself.
The Orbi router is intercepting the DNS requests and resubmitting them itself on behalf of the client. This is completely unacceptable and destroys the pihole metrics. I could not find anywhere in the firmware to turn this off, so the only solution was to roll back the firmware to the previous version. Having done so, the problem is instantly fixed.
netgear, this is deceptive. You are ignoring the DNS server value being sent to the clients and injecting yourself in the middle. This should at a very minimum be made transparent to users, and there should be a way to disable this behavior.
Hasn't anyone else seen this behavior? I have the log files to prove it!
owtluke wrote:Hasn't anyone else seen this behavior? I have the log files to prove it!
There are several posts and comments on this in the community already, but related to Orbi Pro WiFi 6.
owtluke wrote:This is directly observable in the pihole logs and the metrics for each individual client can be seen on the pihole dashboard. ... This is completely unacceptable and destroys the pihole metrics.
Correct. This has an impact on other systems in the data path, like a Pi-hole device. However, it's not the end of the world.
owtluke wrote:The Orbi router is intercepting the DNS requests and resubmitting them itself on behalf of the client. ... I could not find anywhere in the firmware to turn this off, so the only solution was to roll back the firmware to the previous version. Having done so, the problem is instantly fixed.
It's a new feature introduced silently to Orbi Pro and Orbi Pro WiFi 6 JohnC_V ... nothing to troubleshoot, see last part of this post. The community figured out almost everyhting going on 8-)
owtluke wrote:...You are ignoring the DNS server value being sent to the clients and injecting yourself in the middle. This should at a very minimum be made transparent to users, and there should be a way to disable this behavior.
Look here for a possible explanation what might be going on.
Having it source-IP transparent - and most would not recognize it's there. I'm not enough an iptables geek, so don't know if this could be changed easily.
3 Replies
Replies have been turned off for this discussion
owtluke wrote:Hasn't anyone else seen this behavior? I have the log files to prove it!
There are several posts and comments on this in the community already, but related to Orbi Pro WiFi 6.
owtluke wrote:This is directly observable in the pihole logs and the metrics for each individual client can be seen on the pihole dashboard. ... This is completely unacceptable and destroys the pihole metrics.
Correct. This has an impact on other systems in the data path, like a Pi-hole device. However, it's not the end of the world.
owtluke wrote:The Orbi router is intercepting the DNS requests and resubmitting them itself on behalf of the client. ... I could not find anywhere in the firmware to turn this off, so the only solution was to roll back the firmware to the previous version. Having done so, the problem is instantly fixed.
It's a new feature introduced silently to Orbi Pro and Orbi Pro WiFi 6 JohnC_V ... nothing to troubleshoot, see last part of this post. The community figured out almost everyhting going on 8-)
owtluke wrote:...You are ignoring the DNS server value being sent to the clients and injecting yourself in the middle. This should at a very minimum be made transparent to users, and there should be a way to disable this behavior.
Look here for a possible explanation what might be going on.
Having it source-IP transparent - and most would not recognize it's there. I'm not enough an iptables geek, so don't know if this could be changed easily.
There was a Beta firmware made available today -> New Firmware V2.6.2.200 for SRR60/SRS60/SRC60/RBS50Y(for Orbi Pro) Now Available! with some interesting bug fixes:
Bug Fixes:
This firmware addresses the following bugs:Fixes DNS issues that DNS request is hijacked when clients configure static DNS server
512 DHCP clients support in LAN setting
Fixes wired satellite is showed disconnected in Insight webportal
Fixes Orbi App support issue
Fixes RBS50Y configuration reset issue. It requires to upgrade this firmware twice to fix the issue.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
