RBRE960: DNS problems

Question

I'm having periodic issues with DNS. This issue has occurred twice this year. The symptom is that multiple iOS apps would hang, fail, or say they need upgrading. App store would simply fail to connect. In addition, https access to any host name would result in a warning about an insecure connection , and a possible man in the middle attack. Examining the certificate shows a dummy example certificate. However, an https access to a specific host address was fine. I discovered that all DNS responses pointed to the router IP address (in my case, 192.168.64.1). The DNS server is the same. My guess is that the DNS server in the Orbi is failing and returning a bogus result. Perhaps there is a resource leak that eventually causes the application to misbehave. Rebooting the Orbi clears up the problem. Has anyone experienced similar issues?

FURRYe38 · Answer

What Firmware version is currently loaded?What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too? Be sure your using a good quality LAN cable between the modem and router. CAT6A STP is recommended.&nbsp;
&nbsp;
Are you using Auto Detected DNS on the RBR or a custom DNS configuration?
&nbsp;
Are you using the RBR DHCP IP address default of 192.168.1.1 or something different. Default DNS on any device connected to the system should be 192.168.1.1.&nbsp;
&nbsp;
&nbsp;

billie_a · Answer

Firmware V6.3.7.10It's connected to a Starlink router Model: Gen 2 running 2023.43.0.&nbsp;There isn't a cable issue. &nbsp;&nbsp;When this problem occurs, anything behind the Orbi is affected. &nbsp;Anything directly using the Starlink is unaffected.&nbsp;The internet port DNS server is 192.168.1.1 (which is the Starlink), as the gateway IP address is 192.168.1.1 and the external IP address (the Orbi address) is 192.168.1.2.&nbsp;The DNS address given out by the Orbi is 192.168.64.1 as expected. &nbsp;That is the internal IP address of the Orbi router (192.168.64.1/26, mask is 255.255.192.0). &nbsp;Note that the Orbi software isn't smart enough concerning the net mask and only gives out addresses as I it were a /24 net mask (192.168.64.start through 192.168.64.end)&nbsp;When the problem occurs, any DNS request results in an answer of 192.168.64.1, which results in Safari popping up a dialogue about site impersonation (the certificate in question is always the Orbi certificate default.example.com which is a self-signed certificate, just as is returned when connecting directly to the router through safari). &nbsp;For apps, they simply fail to connect to the sites they are requesting. &nbsp;For example, App Store will ask you to Retry connection (and never succeed), News will say there is a problem with the feed, etc.&nbsp;&nbsp;&nbsp;

FURRYe38 · Answer

Your ISP Modem already has a built in router and wifi.&nbsp;This would be a double NAT (two router) condition which isn't recommended. This would be a double NAT condition which isn't recommended. https://kb.netgear.com/30186/What-is-Double-NAThttps://kb.netgear.com/30187/How-to-fix-issues-with-Double-NATCouple of options,1. Configure the modem for transparent bridge or modem only mode. Then use the NG router in router mode. You'll need to contact the ISP for help and information in regards to the modem being bridged correctly.2. If you can't bridge the modem, disable ALL wifi radios on the modem, configure the modems DMZ/ExposedHost or IP Pass-Through for the IP address the NG router gets from the modem. https://kb.netgear.com/25891/DMZ-on-NETGEAR-routershttps://kb.netgear.com/24086/How-do-I-set-up-a-default-DMZ-server-on-my-Nighthawk-router3. Or disable all wifi radios on the modem and connect the NG router to the modem, LAN to LAN configure AP mode on the NG router. https://kb.netgear.com/20927/How-do-I-change-my-NETGEAR-router-to-AP-modeTry option #2 first...
&nbsp;
Also try updating FW as well.&nbsp;

billie_a · Answer

I realize this is a double-nat, but what does that have to do with my DNS issue? &nbsp; This is a problem every couple of months, so it seems there is simply some bug on the Netgear side, and the router needs to be rebooted more often to work around the issue. &nbsp;Changing the Starlink router to bridge mode, without wi-fi, would mean I completely lose internet access when the problem occurs, and I don't have any alternative means of definitely saying this is an Orbi issue. &nbsp;As it stands, I have another VPN &nbsp;router for work (also double-NAT'd into the Starlink router) independent of the Orbi mesh. &nbsp;When I have this Orbi problem, I can connect to the VPN router and have no issues, and I can connect directly to the Starlink Wi-Fi and have no issues. &nbsp;I have also previously had an EERO mesh powered on (again double-NAT'd to Starlink) that didn't experience these problems (the ORBI mesh was meant to replace the EERO mesh). &nbsp;Most of my ORBI nodes are hardwired, so I don't think the Starlink wi-fi is interfering (the Starlink router is about 120 meters away from the house where most of the ORBI nodes reside). &nbsp;I have a fiber connection to cover that distance, and cat5e/cat6 within the house to connect most of the ORBI nodes. &nbsp;Two nodes are not hardwired (need to run some cable between buildings). &nbsp;total of 7 nodes, primary router and 6 satellites.

FURRYe38 · Answer

Instead of using ISP DNS try setting some Cloudfare or Google DNS manually on the RBR and see if it still happens.&nbsp;
Its not NG issue. Most likely a ISP side DNS issue in there services that happen to maybe go down every so often. Double NAT is not recommended as it can cause problems like this. Nobody else is seeing this. Have seen DNS issues on Orbi systems in a very long time.&nbsp;
&nbsp;
Try option #2 as suggested.&nbsp;
Or try the Orbi in AP mode with your ISP modem in router mode.&nbsp;

Forum Discussion

RBRE960: DNS problems

8 Replies