NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RS700S new v1.0.11.6 DNS issue
After upgrading to version 1.0.11.6, my RS700S ignore my local AdGuard Home DNS response for blocking Ads. However, reverting to version 1.0.10.8 restored the functionality of my local AdGuard Ho...
Thanks for the explanation. Quite a puzzle.
- Adguard Home is running on a local computer.
(Windows? Linux? Mac?) - The RS700 has Custom DNS set to only the IP of the computer running Adguard Home.
(The custom DNS does not contain any other DNS providers) - Adguard Home is set to resolve DNS using which DNS service?
- When devices connected to the network open web pages, the Adguard Home app records those devices requesting DNS for the advertisement domain name,
and records that it returned 0.0.0.0 - Yet when the RS700 is running the current firmware, the advertisements from that domain appear on multiple devices.
(when running the previous firmware, those advertisements do not appear)
Would you mind sharing the advertisement domain that is being blocked?
one wonders how the web browsers on these various devices resolve the advertisement domain into IP addresses?
When investigating DNS in the past, I have tapped the ISP connection and captured every DNS query and response. i.e.
- Insert a smart Ethernet switch between the RS700 router WAN port and the ISP device (modem, fiber ONT, etc.). for example:
o RS700 WAN port connected to switch port 1
o ISP device connected to switch port 2
o Set the smart switch to copy every packet that passes through port 1 to port 3 (both in and out)
o Connect port 3 to some device that has an Ethernet port and can run Wireshark (Windows, Linux, Mac) - Open Wireshark and set a capture filter to capture only DNS traffic, i.e. port 53
- Because the RS700 uses Network Address Translation (NAT), every DNS query will appear to come from the IP address of the RS700.
- The first thing I would look for is any DNS queries that go to any DNS server besides the one defined in Adguard Home.
(That would indicate there is some other DNS resolver on the network or that devices on the LAN are not getting DNS through the RS700)
Probably more effort than it's worth. Less trouble just wait for another firmware release.
After your comment, I attempted the 3rd time with the latest firmware version, v1.0.11.6.
I discovered that I had set the custom DNS address to an invalid destination. Additionally, AdGuard Home is shut down, and the RS700S can still query for the DNS query.
e.g.: my network range is 192.168.1.0/24, and I set the primary DNS address to 192.168.2.1 or 192.168.100.1 or else.
The DNS leak test (https://www.dnsleaktest.com) shows the DNS request is forwarded to Cloudflare.
For the MITM part to investigating DNS steps, I may not go deeper since there are many services host in my homelab.
Instead, I will look deeper to the GPL source code.
any ads domain can test here >>> https://adblock.turtlecute.org
for example: afs.googlesyndication.com
=====================================
% dig 192.168.1.1 afs.googlesyndication.com
; <<>> DiG 9.10.6 <<>> 192.168.1.1 afs.googlesyndication.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51058
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;afs.googlesyndication.com. IN A
;; ANSWER SECTION:
afs.googlesyndication.com. 177 IN A 142.250.197.98
;; Query time: 5 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Apr 25 20:41:42 HKT 2026
;; MSG SIZE rcvd: 70
So with v.11.6 FW loaded, the RS is working now with correct DNS configurations?
This was a mis-configuration of the settings?
RS always work, but the 3rd trial result indicates that may have DNS leak to other destination.
and seems not user-level mis-configuration of the settings.
However, since I rollback v1.0.10.8, just consider this case for reference only.
Thank you.
