NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Orbi RBR50 + Circle frequent DNS failures
I've spent the better part of the past two weeks troubleshooting some DNS issues. They are similar to those reported recently here and probably here and related to similar reports as long as a year ago. I know my way around linux and have pored through the telnet interface looking for clues and I think I have a workaround, but am hoping some of the experts/gurus here can offer better suggestions than my hack.
I have gigabit (1G down/40M up) service from Xfinity (Comcast) and initially contacted them to try to resolve issues. My cable signal is now near perfect and I've even swapped out cable modems, but the issues persist -- because they are on the Orbi. I also have a Netgear R8500 that I used prior to getting the Orbi system.
My system: Orbi RBR50 with two satellites. House is about 3000sq ft on two floors, with the RBR 50 upstairs in a central location and the two satellites on either end of downstairs. Internet signal/speeds/etc. are great when it's working. On the latest firmware, 2.5.1.8.
About 2 weeks ago, we had a significant increase in home usage with 3 people in the house working from home for tech jobs. And that's when the issues started -- DNS locking up multiple times per day. The key symptom: if a user's computer was set to have the router serve DNS, it would fail DNS resolutions going to websites. Existing connections/conference calls/streaming video/etc. would continue with no problem.
We also have Circle enabled on the router, providing "Adult" filtering for the younger internet users in our house. Circle works by intercepting all DNS requests from managed devices. So while adults in the house could bypass the Orbi by changing DNS settings, the kids were stuck until the router was rebooted.
Eventually I found that using the GUI to "release" and "renew" DHCP solved the problem without a reboot, and after a bit more research, traced the problem to the "dnsmasq" service running on the router as part of Circle. I was (and am) able to recover the DNS by telnetting into the router and executing "/etc/init.d/dnsmasq restart".
I thought I had beat the problem by setting that line in a crontab command to execute the dnsmasq restart hourly, and in fact that worked for over 48 hours, but this morning it locked up again and I remotely rebooted it. The problem kept recurring during the day, and I found out that the reboot had wiped out my crontab customization. Blah!
I've got it set to execute every 10 minutes now. To mitigate the loss of dns cacheing, I've moved my R8500 upstream of the Orbi, so it's actually requesting the DNS from the OpenDNS servers and caching it, while the Orbi grabs it from the R8500. I want to put the Orbi into "Access Point" mode, but Circle is not yet available on the R8500 so for now I'm stuck using the Orbi for Circle, keeping both devices in Router mode (radios off on the R8500), and pointing the R8500 to the Orbi as a DMZ.
So, some questions:
- Is there any more detailed troubleshooting I can do for the dnsmasq issues? The logs seem to point to a "Page Fault" right around the time of the lockups, and given that they appear over time / with heavy usage I suspect the DNS cache may be growing too large.
- Does anyone know why a reboot overwrites my customizations to the crontab and how I can make my "hack" persist across reboots?
- I could leave the Orbi's telnet port open and telnet in remotely via my own machine's crontab to execute the reset, but that does not give me warm fuzzies from a security standpoint. Is the telnet only accessible from my side of the router (LAN) and not from the internet at large (WAN)? Does having the R8500 upstream provide any more protection/port 22 blocking, or does setting the DMZ negate that upstream protection?
- Does anyone have any other great ideas for was to permanently work around this apparent bug?
I've already given up trying to get Orbi to function as a proper Router + Disney + Armor, because it's nothing but trouble. To get Orbi to a stable state, I have to disable practically everything that I could disable, including its internal DNS and DHCP client. I'm currently keeping Orbi for its WiFi capability and delegate all other router functions to DIY pfSense Router Firewall.
I went through a similar pain before I settled on the current setup, which has been holding up quite well during Stay-At-Home order.
- SB8200 -> pfSense -> Orbi AP Mode with static DNS servers and IP address
I settled on pfSense because I need a reliable Gigabit Router with enterprise class DNS resolver, DHCP, Firewall, DNS Filtering, VPN, plus a whole bunch of other features that I don't really need. If you're comfortable with installing pfSense, it's worth a shot.
91 Replies
I've already given up trying to get Orbi to function as a proper Router + Disney + Armor, because it's nothing but trouble. To get Orbi to a stable state, I have to disable practically everything that I could disable, including its internal DNS and DHCP client. I'm currently keeping Orbi for its WiFi capability and delegate all other router functions to DIY pfSense Router Firewall.
I went through a similar pain before I settled on the current setup, which has been holding up quite well during Stay-At-Home order.
- SB8200 -> pfSense -> Orbi AP Mode with static DNS servers and IP address
I settled on pfSense because I need a reliable Gigabit Router with enterprise class DNS resolver, DHCP, Firewall, DNS Filtering, VPN, plus a whole bunch of other features that I don't really need. If you're comfortable with installing pfSense, it's worth a shot.
Thanks... pfSense looks like a great solution but my head's spinning with all the hardware options and compatibility requirements. What hardware will support 1G speeds?
Just an Intel Ethernet card and an old PC (4GB RAM, ~3Ghz CPU). The most important is to get the supported pfSense card, Intel Ethernet Adapter I340-T4, which I purchased on Amazon for $40. That's it.
SW_ wrote:I've already given up trying to get Orbi to function as a proper Router + Disney + Armor, because it's nothing but trouble. To get Orbi to a stable state, I have to disable practically everything that I could disable, including its internal DNS and DHCP client. I'm currently keeping Orbi for its WiFi capability and delegate all other router functions to DIY pfSense Router Firewall.
I went through a similar pain before I settled on the current setup, which has been holding up quite well during Stay-At-Home order.
- SB8200 -> pfSense -> Orbi AP Mode with static DNS servers and IP address
I settled on pfSense because I need a reliable Gigabit Router with enterprise class DNS resolver, DHCP, Firewall, DNS Filtering, VPN, plus a whole bunch of other features that I don't really need. If you're comfortable with installing pfSense, it's worth a shot.
If you're curious about my rollercoaster between Orbi Router vs. AP Mode, check out this post.
FYI, for those following this, I am in communication with Netgear support. They say:
We are already aware of this issue and our engineering team is currently working on a solution.
Just found this thread, I'm having the same issue with Orbi RBR40 and 2 Satellite RBW30. Has anyone had any luck with Netgear support on this? I contacted them and they sent me a replacement satellite and router. Is there a way to manually configure DNS w/o using static IP on the Netgear admin page?
Shahab
Shahab wrote: Has anyone had any luck with Netgear support on this?Is there a way to manually configure DNS w/o using static IP on the Netgear admin page?
I'm well out of the free support period and am not going to pay for support. But this is actually a longstanding issue with dnsmasq. The problem is that the Orbi doesn't auto-detect the failure of dnsmasq, and overwrites user attempts to workaround it on a reboot.
Yes, you can temporarily set DNS to static IP, then change your DNS settings, then set DNS back to DHCP and the changed settings will "stick". If you have Circle or Armor enabled, you might have to temporarily disable them to do this. There are also ways to do it in the telnet interface for the more tech savvy.
Simliiar issue and hope this is addressed ASAP due to those of us remote workers and the influx of stay at home workers along with kids eating up bandwidth :)
I recommend that users having problems with Orbi and DNS+Circle, open a support ticket here:
https://www.netgear.com/support/#
While you have support from NG.
I have the same issue. I upgraded my firmware to V2.3.5.30 and still no luck.
daisycat wrote:I have the same issue. I upgraded my firmware to V2.3.5.30 and still no luck.
If you're comfortable with telnet cmd, try the workaround suggested by dbwiddis :
...
Eventually I found that using the GUI to "release" and "renew" DHCP solved the problem without a reboot, and after a bit more research, traced the problem to the "dnsmasq" service running on the router as part of Circle. I was (and am) able to recover the DNS by telnetting into the router and executing "/etc/init.d/dnsmasq restart".
...
Some users have also been successful working around DNS issue with factory reset, daily reboots, or disabling Circle. YMMV.
- Here is something interesting that isn’t making a lot of sense to me. I disabled circle via the admin console. However, I didn’t reboot the router. So circle still seems to be active because I added a computer and the app on my phone notified me plus it’s blocking YouTube on my kids machines etc. and I’m able to add/remove things to profiles.
However, I’m at like day 5 or so without any outages. So I’m not sure what to think about that one. Maybe the problem had been fixed or there is some glitch that was fixed when I “disabled” circle. I’m hesitant to reboot my router but figured I’d throw this out there. It seems circle related but not sure how yet.
