NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RS700S new v1.0.11.6 DNS issue
After upgrading to version 1.0.11.6, my RS700S ignore my local AdGuard Home DNS response for blocking Ads.
However, reverting to version 1.0.10.8 restored the functionality of my local AdGuard Home DNS blocking ads.
How can I resolve the issue I encountered?
Thank you.
25 Replies
Hi WarmHelp_NTGR,
I have found the possible changes in the GPL source code may help.
In the screencapture of ori_RS700_prebuild/fs.install/sbin/acos_service,
we can see there is no "nameserver 1.1.1.1" in v1.0.10.8 (highlighed in green), but it created in v1.0.11.6 (highlighted in red).
Thank you.
Thank you for your effort!
Got it! The latest firmware v1.0.11.6 (public release) has added a third DNS entry in the /etc/resolv.conf, which is not present in the previous firmware v1.0.10.8.
Please check. Thank you.
(The logs are obtain from the debug page)
Reproduce Procedure - Firmware v1.0.11.6 Public Release:
Full Factory Reset, then directly go to debug.htm (debug_frame.htm) and dump the debug log.
You can see the third DNS server ip address entry is auto created by the latest firmware.
Please fix to avoid any DNS request leak to other unwanted upstream. Thanks.
==========================/etc/resolv.conf===================
nameserver 103.233.166.3
nameserver 103.233.167.3
nameserver 1.1.1.1
options single-request
Will pass this to NG for review.
Thank you.
I discovered that I had set the custom DNS address to an invalid destination. Additionally, AdGuard Home is shut down, and the RS700S can still query for the DNS query.
Thanks for keeping on this topic. (and also for the link to DNS Leak - how fun!)
If I read this statement correctly:
- The RS700 is set to Custom DNS, but by accident the IPs defined are invalid and do not point to any DNS server. Thus, it is a mystery what the RS700 will do when attempting to resolve DNS queries.
(If it were me, I would always respond "not found", but who knows. Maybe Netgear decided to default to the ISP???) - The AdGuard Home is currently off-line, and thus not available.
- Yet... it appears that the RS700 is resolving DNS queries (even when that appears impossible) ?
p.s. a link to version 1.0.11.6 just appeared in the Knowledgebase within the past 24 hours. Might be a good idea to download another copy.
I have sent you my 4th time test result in private message. Thank you.
It is a fun time to enjoy when study in the debugging process.
You read correctly.
Also, the invalid IPs are defined intentionally for the test case.
I just do some think-out-of-the-box way.
No luck, give up and go outdoor for the weekend.
p.s. I have never access to the beta firmware.
While I am willing to try beta firmware and take responsibility for myself, it is hard to get news update for the beta/release version of firmware.
Hence, I just download the latest release when my webpage monitoring tool detect RS700S firmware page have changes and notify me.
So which FW version are you currently using?
This version was in beta. Now seems to be released.
- The RS700 is set to Custom DNS, but by accident the IPs defined are invalid and do not point to any DNS server. Thus, it is a mystery what the RS700 will do when attempting to resolve DNS queries.
Thanks for the explanation. Quite a puzzle.
- Adguard Home is running on a local computer.
(Windows? Linux? Mac?) - The RS700 has Custom DNS set to only the IP of the computer running Adguard Home.
(The custom DNS does not contain any other DNS providers) - Adguard Home is set to resolve DNS using which DNS service?
- When devices connected to the network open web pages, the Adguard Home app records those devices requesting DNS for the advertisement domain name,
and records that it returned 0.0.0.0 - Yet when the RS700 is running the current firmware, the advertisements from that domain appear on multiple devices.
(when running the previous firmware, those advertisements do not appear)
Would you mind sharing the advertisement domain that is being blocked?
one wonders how the web browsers on these various devices resolve the advertisement domain into IP addresses?
When investigating DNS in the past, I have tapped the ISP connection and captured every DNS query and response. i.e.
- Insert a smart Ethernet switch between the RS700 router WAN port and the ISP device (modem, fiber ONT, etc.). for example:
o RS700 WAN port connected to switch port 1
o ISP device connected to switch port 2
o Set the smart switch to copy every packet that passes through port 1 to port 3 (both in and out)
o Connect port 3 to some device that has an Ethernet port and can run Wireshark (Windows, Linux, Mac) - Open Wireshark and set a capture filter to capture only DNS traffic, i.e. port 53
- Because the RS700 uses Network Address Translation (NAT), every DNS query will appear to come from the IP address of the RS700.
- The first thing I would look for is any DNS queries that go to any DNS server besides the one defined in Adguard Home.
(That would indicate there is some other DNS resolver on the network or that devices on the LAN are not getting DNS through the RS700)
Probably more effort than it's worth. Less trouble just wait for another firmware release.
After your comment, I attempted the 3rd time with the latest firmware version, v1.0.11.6.
I discovered that I had set the custom DNS address to an invalid destination. Additionally, AdGuard Home is shut down, and the RS700S can still query for the DNS query.
e.g.: my network range is 192.168.1.0/24, and I set the primary DNS address to 192.168.2.1 or 192.168.100.1 or else.
The DNS leak test (https://www.dnsleaktest.com) shows the DNS request is forwarded to Cloudflare.
For the MITM part to investigating DNS steps, I may not go deeper since there are many services host in my homelab.
Instead, I will look deeper to the GPL source code.
any ads domain can test here >>> https://adblock.turtlecute.org
for example: afs.googlesyndication.com
=====================================
% dig 192.168.1.1 afs.googlesyndication.com
; <<>> DiG 9.10.6 <<>> 192.168.1.1 afs.googlesyndication.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51058
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;afs.googlesyndication.com. IN A
;; ANSWER SECTION:
afs.googlesyndication.com. 177 IN A 142.250.197.98
;; Query time: 5 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Apr 25 20:41:42 HKT 2026
;; MSG SIZE rcvd: 70
So with v.11.6 FW loaded, the RS is working now with correct DNS configurations?
This was a mis-configuration of the settings?
- Adguard Home is running on a local computer.
I would like to understand how you determined that updating the firmware caused the RS700 to ignore the custom DNS settings.
(since apparently going back to the previous firmware restored the expected behavior, it appears unlikely that the custom DNS settings disappeared from the setup page.)
The function that I use with AdGuard Home is filtering advertisement domain name. The in-app ads will "gone" since the DNS response is 0.0.0.0 for these domain name. (I have turned off Private Relay function in iPhone to achieve DNS request visible to the router then to the AdGuard Home for DNS filtering)
The custom DNS settings doesn't disappeared from the setup page. The external DNS (AdGuard Home) logged blocking either in previous or latest firmware. However, in-apps ads pop up for all my family devices after upgrade to the latest firmware.
As a programmer, I have tried to compare the difference using git between GPL source code v1.0.10.8 and v1.0.11.6, and no idea why at this moment.
I will give a try on full factory reset and just test for custom DNS settings later as FURRYe38 suggested.
Thank you.
Do you perform a factory reset and setup from scratch after upgrading to v.6 FW?
> Haven't tried since re-config all settings is quite time-consuming unless it requires at last.
How do you have the RS configured for this external feature?
> Set the DNS Address with Primary DNS=192.168.1.2 and Secondary DNS=192.168.1.3 in Setup -> Internet Setup.
Using ISP detected DNS or custom DNS addresses?
> Custom DNS addresses, 192.168.1.2 is AdGuard Home (DoH to Google DNS and NextDNS), 192.168.1.3 is turned off machine for spare ip (tried turn on but no luck)
Is IPv6, protection engine, SPC or Armor enabled on the RS router?
> IPv6=OFF.
> Protection Engine=ON (tried to turn OFF and seems nothing is changed to me)
> SPC=OFF
> Armor=OFF
Brand and model# of the ISP modem or ONT that the router is connected too?
> HUAWEI EchoLife HG863
Fp you have the RS router in the modems DMZ or IPpass thru? That has a built in router already.
I presume these specific IP addresses are devices handling these two external service items?
I'd give a full on factory reset. Save off the configuration to file. Then factory reset. First try the external DNS configuration before applying that back up file.
Also please try using auto dectected DNS, then try other custom DNS like Cloudfare or Quad9. I normally use Quad9 on my RS700. Haven't noticed anything. I don't have any external adblock or DNS serivce devices after the router here.
After 2nd trial on the newer firmware but no luck, I am going to stay with previous version v1.0.10.8 until next firmware is release at this moment.
What I tried:
- upgrade to newer v1.0.11.6, the ads are pop-up again.
- then have a full factory reset, and setup the custom DNS address with 192.168.1.2 (local DNS resolver, AdGuard Home) only, and then restart my iPhone to let the DNS cache become invalid. The ads still present.
- then change the custom DNS address to Public service (
https://adguard-dns.io/en/public-dns.html
As I can connect every domain including adverting domain with new firmware, I cannot test if the DNS-blocking function for ads works with trying Cloudflare or Quad9.
Truly thank you for your assistant.
Do you perform a factory reset and setup from scratch after upgrading to v.6 FW?
How do you have the RS configured for this external feature?
Using ISP detected DNS or custom DNS addresses?
Is IPv6, protection engine, SPC or Armor enabled on the RS router?
Brand and model# of the ISP modem or ONT that the router is connected too?
