WAX204 keeps asking DNS for http.fw.updates1.netgear.com :-(
My firewall prevents the WAX204 from reaching the Internet (and vice versa).
I have turned off 'Router Auto Firmware Update'.
Nevertheless, every 5 (or so seconds) it asks DNS for 'A? http.fw.updates1.netgear.com.' and for 'AAAA? http.fw.updates1.netgear.com.'.
WHY ???? It's not a lot of bandwidth... but it is just NOISE... and entirely POINTLESS...
...apart from anything else, there hasn't been an update since July 2022 !!!!
Chris
PS: I'm not really looking for an answer. But there doesn't seem to be any way to contact anyone at NETGEAR, and maybe, just maybe, somebody there gives a damn about product improvement ??
Re: WAX204 keeps asking DNS for http.fw.updates1.netgear.com :-(
I'd agree its a bit rediculous. My pihole sees it all the time. And it tends to go in streaks. Sometimes I'll so 20K requests in a day and the next barely any. Not sure of the rhyme/reason behind it.
Nevertheless, every 5 (or so seconds) it asks DNS for 'A? http.fw.updates1.netgear.com.' and for 'AAAA? http.fw.updates1.netgear.com.'.
My guess is this is how they implemented the Internet connectivity check.
Querying the SOA from these subdomains unveils
> set type=soa
> fw.updates1.netgear.com ...
netgear.com primary name server = a1-189.akam.net responsible mail addr = hostmaster.akamai.com serial = 1560989452 refresh = 10800 (3 hours) retry = 3600 (1 hour) expire = 2592000 (30 days) default TTL = 900 (15 mins) > http.fw.updates1.netgear.com
...
http.fw.updates1.netgear.com canonical name = http.fw.updates1.netgear.com.edgekey.net http.fw.updates1.netgear.com.edgekey.net canonical name = e70.g.akamaiedge.net
g.akamaiedge.net primary name server = n0g.akamaiedge.net responsible mail addr = hostmaster.akamai.com serial = 1725581200 refresh = 1000 (16 mins 40 secs) retry = 1000 (16 mins 40 secs) expire = 1000 (16 mins 40 secs) default TTL = 1800 (30 mins) >
So both these subdomains are configured to enforce -effective- DNS queries every 15 resp. 30 minutes, avoiding some local DNS caching....
Re: WAX204 keeps asking DNS for http.fw.updates1.netgear.com :-(
I guess it could be checking for Internet Connectivity... but it is in AP Mode, so I don't see why it should be checking.
I run a Cacheing DNS server inside the firewall. Being able to connect to that doesn't say much about being able to connect to the world outside !
For devices which don't need to connect to the outside world, my Cacheing DNS is configured to only respond to queries about the internal network. So, each time the WAX204 asks for 'http.fw.updates1.netgear.com' it gets a 'REFUSED' response.
I had a closer look at http.fw.updates1.netgear.com:
[root@cerberus ~]# dig http.fw.updates1.netgear.com ; <<>> DiG 9.18.28 <<>> http.fw.updates1.netgear.com .... ;; QUESTION SECTION: ;http.fw.updates1.netgear.com. IN A
;; ANSWER SECTION: http.fw.updates1.netgear.com. 900 IN CNAME http.fw.updates1.netgear.com.edgekey.net. http.fw.updates1.netgear.com.edgekey.net. 900 IN CNAME e70.g.akamaiedge.net. e70.g.akamaiedge.net. 20 IN A 23.215.135.39
So the effective TTL is 20s. So asking every 5s or so would prompt my Cacheing DNS to refresh itself roughly once every four queries !
Just for fun I arranged for my Cacheing DNS to return the IP of my firewall for 'http.fw.updates1.netgear.com'. With a TTL of 1800. The result is:
the DNS queries slowed to every 10s.
the WAX204 tried to connect HTTPS-wise every 10s -- receiving a straight RST response to its SYN !
...this with 'Router Auto Firmware Update' disabled.
-------------------------
I note that, in stark contrast, the WAX204 does not check the NTP server very often.
I have seen it ask shortly after a reboot. After that, I have seen nothing for 90 mins. One day I will run a long enough test to find out what the interval actually is.
If my firewall drops all DNS packets from the WAX204, it shows: 'Internet: Not Connected' in red (on its 'BASIC>Home' page). If my DNS responds but says 'Refused', the WAX204 shows the same.
Just for fun I arranged to serve a dummy address for http.fw.updates1.netgear.com, with a 2 hour TTL. The WAX204 promptly started to try to connect to that address TCP/HTTPS. It got no response at all, and timed out after 2 minutes and some 5 failed attempts to open a TCP connection. It then immediately asked DNS for http.fw.updates1.netgear.com again... despite the 2 hour TTL !!!
Getting a response from DNS did not persuade the WAX204 that it was connected to the Internet.
However, after getting an address for http.fw.updates1.netgear.com it then asked for www.netgear.com. When my DNS gave it an address for that, the WAX204 promptly did some ICMP echo requests to that address. NOW the status changed to 'Internet STATUS: GOOD' !!
So there are a number of reallystupid things going on here:
it is asking for http.fw.updates1.netgear.com despite 'Router Auto Firmware Update' being disabled. [And this is nothing to do with any Internet Connectivity Check.]
if it doesn't get an address for http.fw.updates1.netgear.com:
it keeps asking every 10s or so.
it does not ask for www.netgear.com, despite needing it for the Internet Connectivity Check.
if it does get an address for http.fw.updates1.netgear.com:
it promptly tries to connect, despite 'Router Auto Firmware Update' being disabled.
if it fails to connect, it immediately asks DNS for http.fw.updates1.netgear.com again, ignoring the TTL, and tries to connect again (even if the address is the same).
if it gets an address for www.netgear.com, it does its Internet Connectivity Check -- ICMP to that address. It repeats the address lookup (ignoring the TTL) and ICMP roughly every 4 to 5 minutes.
if it does not get an address for www.netgear.com, it retries every 4 to 5 minutes.
it tries to get the address for www.netgear.com, etc even in AP Mode.
it persists in looking for updates with this high sense of urgency, even though updates are infrequent !! Compare this with the once a day check of NTP and the 5 minutes between Internet Connectivity Checks.
