NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

billie_a's avatar
billie_a
Aspirant
Oct 04, 2023

RBRE960: DNS problems

I'm having periodic issues with DNS. This issue has occurred twice this year. The symptom is that multiple iOS apps would hang, fail, or say they need upgrading. App store would simply fail to connect...
billie_a's avatar
billie_a
Aspirant
Oct 04, 2023

Firmware V6.3.7.10

It's connected to a Starlink router Model: Gen 2 running 2023.43.0.

 

There isn't a cable issue.  

 

When this problem occurs, anything behind the Orbi is affected.  Anything directly using the Starlink is unaffected.

 

The internet port DNS server is 192.168.1.1 (which is the Starlink), as the gateway IP address is 192.168.1.1 and the external IP address (the Orbi address) is 192.168.1.2.

 

The DNS address given out by the Orbi is 192.168.64.1 as expected.  That is the internal IP address of the Orbi router (192.168.64.1/26, mask is 255.255.192.0).  Note that the Orbi software isn't smart enough concerning the net mask and only gives out addresses as I it were a /24 net mask (192.168.64.start through 192.168.64.end)

 

When the problem occurs, any DNS request results in an answer of 192.168.64.1, which results in Safari popping up a dialogue about site impersonation (the certificate in question is always the Orbi certificate default.example.com which is a self-signed certificate, just as is returned when connecting directly to the router through safari).  For apps, they simply fail to connect to the sites they are requesting.  For example, App Store will ask you to Retry connection (and never succeed), News will say there is a problem with the feed, etc.

 

 

 

FURRYe38's avatar
FURRYe38
Guru - Experienced User
Oct 05, 2023

Your ISP Modem already has a built in router and wifi. This would be a double NAT (two router) condition which isn't recommended. This would be a double NAT condition which isn't recommended. https://kb.netgear.com/30186/What-is-Double-NAT
https://kb.netgear.com/30187/How-to-fix-issues-with-Double-NAT
Couple of options,
1. Configure the modem for transparent bridge or modem only mode. Then use the NG router in router mode. You'll need to contact the ISP for help and information in regards to the modem being bridged correctly.
2. If you can't bridge the modem, disable ALL wifi radios on the modem, configure the modems DMZ/ExposedHost or IP Pass-Through for the IP address the NG router gets from the modem. https://kb.netgear.com/25891/DMZ-on-NETGEAR-routers
https://kb.netgear.com/24086/How-do-I-set-up-a-default-DMZ-server-on-my-Nighthawk-router
3. Or disable all wifi radios on the modem and connect the NG router to the modem, LAN to LAN configure AP mode on the NG router.
https://kb.netgear.com/20927/How-do-I-change-my-NETGEAR-router-to-AP-mode
Try option #2 first...

 

Also try updating FW as well. 

  • billie_a's avatar
    billie_a
    Aspirant
    Oct 21, 2023

    I realize this is a double-nat, but what does that have to do with my DNS issue?   This is a problem every couple of months, so it seems there is simply some bug on the Netgear side, and the router needs to be rebooted more often to work around the issue.  Changing the Starlink router to bridge mode, without wi-fi, would mean I completely lose internet access when the problem occurs, and I don't have any alternative means of definitely saying this is an Orbi issue.  As it stands, I have another VPN  router for work (also double-NAT'd into the Starlink router) independent of the Orbi mesh.  When I have this Orbi problem, I can connect to the VPN router and have no issues, and I can connect directly to the Starlink Wi-Fi and have no issues.  I have also previously had an EERO mesh powered on (again double-NAT'd to Starlink) that didn't experience these problems (the ORBI mesh was meant to replace the EERO mesh).  Most of my ORBI nodes are hardwired, so I don't think the Starlink wi-fi is interfering (the Starlink router is about 120 meters away from the house where most of the ORBI nodes reside).  I have a fiber connection to cover that distance, and cat5e/cat6 within the house to connect most of the ORBI nodes.  Two nodes are not hardwired (need to run some cable between buildings).  total of 7 nodes, primary router and 6 satellites.

    • FURRYe38's avatar
      FURRYe38
      Guru - Experienced User
      Oct 21, 2023

      Instead of using ISP DNS try setting some Cloudfare or Google DNS manually on the RBR and see if it still happens. 

      Its not NG issue. Most likely a ISP side DNS issue in there services that happen to maybe go down every so often. Double NAT is not recommended as it can cause problems like this. Nobody else is seeing this. Have seen DNS issues on Orbi systems in a very long time. 

       

      Try option #2 as suggested. 

      Or try the Orbi in AP mode with your ISP modem in router mode. 

    • CrimpOn's avatar
      CrimpOn
      Guru - Experienced User
      Oct 21, 2023
      billie_a wrote:

      I realize this is a double-nat, but what does that have to do with my DNS issue?

      It is not clear (to me) that the Double NAT has anything to do with this DNS issue. (I appear to be alone on the forum with the belief that fixation on Double NAT distracts attention from more likely causes.)

       

      I agree with FURRYe38 that it would be worth specifying the DNS servers in the Orbi router setup, rather than accepting the servers that Starlink suggests with the DHCP response?  I personally use Google DNS and Cloudflare.  The Orbi DNS queries every DNS server on the list.  Of course, if the problem occurs every month or so, it may take some patience to determine if this makes a difference (or not).

       

      If Safari (i.e. Mac/iPad/iPhone) is the device most often affected, perhaps it would be worth setting static DNS entries on the device itself.  This will bypass the Orbi DNS resolution entirely.

       

      billie_a wrote:

      The DNS address given out by the Orbi is 192.168.64.1 as expected.

      This is not what I would have expected at all.  In router mode, the Orbi insists of defining the LAN subnet to be different than the WAN subnet.  In theory, Netgear could have chosen any of the 192.168.x.x subnets, but the Orbi routers I have seen choose for the router to define 10.0.0.x as the LAN subnet. My guess is that you have chosen to define the Orbi LAN interface as 192.168.64.1 (which is certainly acceptable.  Or, maybe the 960 router is "different" from other Orbi routers. I don't have one to experiment on.)

       

      I believe there is a typo in the description of the subnet mask.  A /26 mask would be 255.255.255.192, not 255.255.192.0.  Although the user certainly can elect to restrict the size of the subnet to 62 hosts IPs, I see no particular reason to go out of the way to do this.  Who cares if the LAN IP subnet has the capacity for 255 devices and only some of them are unused?  Nothing in this LAN subnet can communicate with devices "in the other part" that are hidden behind some other router.

       

       

       

      • billie_a's avatar
        billie_a
        Aspirant
        Oct 28, 2023

        Indeed. It is setup as a /18 network mask, 255.255.192.0.  I'll try a public DNS and see how it goes.  The issue only happens once every few months or so.