NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RS500 Firmware Version 1.2.7.2 released
Get it here https://support.netgear.com/support/product/rs500 Release notes : https://kb.netgear.com/000070819/
8.8.8.8 is the IP address of the edge DNS server closest to your location. The actual DNS servers sending the DNS responses might be in a different physical location. For example in my case 8.8.8.8 is in Seattle, but the actual Google DNS servers are in Oregon. The browserleaks tool shows the IP addresses of the actual physical DNS servers being used for DNS resolution by the browser.
Another way to say this - 8.8.8.8 is the IP address of a cluster, not a specific host. The server that replies depends on your geography ( coolwifi's example), and also server load (generally the load on each server is roughly balanced in a cluster).
Lots of advantages to this approach - including failover when something goes down, and maintaining service during maintenance.
The browserleaks tool shows the IP addresses of the actual physical DNS servers being used for DNS resolution
Plus it shows who owns each server. So CrimpOn should check to make sure only Cloudflare and Google servers are listed.
The browserleaks tool shows the IP addresses of the actual physical DNS servers being used for DNS resolution by the browser.
What I cannot seem to grasp is the mechanics behind gathering this information.
When I do a debug capture of LAN/WAN and run BrowserLeaks on a web browser using a PC wired to the router, the WAN capture clearly shows DNS queries looking up goofy BrowserLeaks URLs (both IPv4 and IPv6) on the three DNS servers configured on my router (CloudFlare 1.1.1.1 and Google 8.8.8.8 & 8.8.4.4) and shows the responses coming back from those three servers to the router. It does not show DNS responses coming backfrom anywhere else. Yet, BrowserLeaks displays over 100 IPv4 addresses and claims that all of them belong to CloudFlare or Google.
Your testing on a Orbi system? RBR50 series or your RBR750 series?
This is observed with my RS500 router immediately after the latest firmware update.
And was happening on prior version as well?
This is observed with my RS500 router immediately after the latest firmware update.
My post was asking on what CrimpOn is currently using. I believe he's on Orbi system and also doesn't exhibit the 3rd DNS issue on Orbi as you first posted about with not seeing the 3rd DNS entry on the WEB UI however behind the scenes in FW is still running.
Yes, I am using an original RBR50 Orbi router, which does not exhibit that bizarre addition of a CloudFlare DNS serve. (Nor does the RBR750.) It appears (to me) that the latest RS500 firmware is flawed and there is no obvious workaround. The discussion wandered off topic with the introduction of https://browserleaks.com/dns
Those 100 ipv4 DNS server addresses are the ip's of the actual physical DNS servers used by cloudflare and Google based on your location. Cloudflare and Google do have a cluster of DNS nodes distributed throughout the world.
Okay, the previous firmware version for the RS500 router didn't exhibit this issue.
What I cannot seem to grasp is the mechanics behind gathering this information.
Here's the trick:
Browserleaks has its own authoritative DNS nameserver set up for some of its subdomains (something like xxxx.dns4.browserleaks.com). Its web page tells your browser to make background requests to a bunch of randomly generated hosts using those subdomains. This results in a flood of DNS requests, so multiple resolvers in the clusters end up servicing them.
Because the hostnames are randomly generated (on the fly), they won't be in resolver cache - so each request ends up going to the BrowserLeaks nameserver. That tells BrowserLeaks the IP addresses of the specfic resolvers in the cluster that were used.
It appears (to me) that the latest RS500 firmware is flawed and there is obvious workaround.
I don't see any replies from coolwifi on what happened when he added a third DNS resolver to his config. So it is premature to say there is a workaround.
I had replied earlier mentioning that whatever DNS I set as the third DNS server, cloudflare DNS gets automatically added as one of the additional DNS servers by the router.
Ok thank you for this latest information.
Something I have noticed on Orbi BE systems and I think AX systems as well about a year ago, noticed that when first setting up a system, DNS seemed to be Google DNS being set on the RBR web UI. I hadn't really been concerned about it as I mostly use ISP DNS or custom Quad 9. Usually DNS is set to my ISP DNS which is Sparklight. They use a 24.xx address for there DNS. Now wondering if this is something being seen across both NH and Orbi systems when setting up from factory defaults. I'll check into this with my RS and Orbi systems and see what I find.As we know there maybe a bug with your initial post about the 3rd DNS entry that is not visible from the UI. We've make NG aware of this and is under review and aware of it.
So it is premature to say there is a workaround
Crap. Sorry about the typo. Should read, "
there is NO obvious workaround.
Had hoped that filling in all three DNS server choices would "push the 1.1.1.1 out".
So looking at my RS600 today, seeing this as default as I guess I had updated FW and had not changed it since last factory reset and setup from scratch:
I'm seeing 3 user changeable DNS sections here:
After setting to Quad9 and SparkLight, it's showing here as being set:
Testing MS EDGE with browserleaks site finds the following:
Test Results Found 39 Servers, 3 ISP, 1 Location
1 from Cableone.Net which is Sparklight now.
6 from WoodyNet.Inc
Rest all from Cloudfare
All locations from Seattle.
Thanks for testing. Can you change the DNS setting to get automatically from ISP and share the DNS settings page? Looks like you have already configured cloudflare as the third DNS before updating the FW?
Just as I thought, it's picking the CF and Google DNS and not the ISP DNS when set to automatic:
Domain Name Server 1.1.1.2
8.8.8.8
1.1.1.1Was the cloudflare DNS added by the router? How about the automatic DNS setting?
Was set by the router when I select Automatic for DNS.
Same thing is happening on my RS700 as well:
Domain Name Server 1.1.1.2
8.8.8.8I've asked NG to see what is expected behavior for this setting. Prior experiences showed me auto would pick auto detected ISP DNS.
Possible that NG is putting Cloudfare in as a default setting so that DNS points to Cloudfare and the router has something to use over trying to use ISP DNS. Though something NG might put in as a user changeable option. Have a radio button for Automatic that is for auto detected ISP DNS, another option for NG Selected Cloudfare DNS, then the current radio button for user custom input DNS.
