- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Orbi RBR50 + Circle frequent DNS failures
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've spent the better part of the past two weeks troubleshooting some DNS issues. They are similar to those reported recently here and probably here and related to similar reports as long as a year ago. I know my way around linux and have pored through the telnet interface looking for clues and I think I have a workaround, but am hoping some of the experts/gurus here can offer better suggestions than my hack.
I have gigabit (1G down/40M up) service from Xfinity (Comcast) and initially contacted them to try to resolve issues. My cable signal is now near perfect and I've even swapped out cable modems, but the issues persist -- because they are on the Orbi. I also have a Netgear R8500 that I used prior to getting the Orbi system.
My system: Orbi RBR50 with two satellites. House is about 3000sq ft on two floors, with the RBR 50 upstairs in a central location and the two satellites on either end of downstairs. Internet signal/speeds/etc. are great when it's working. On the latest firmware, 2.5.1.8.
About 2 weeks ago, we had a significant increase in home usage with 3 people in the house working from home for tech jobs. And that's when the issues started -- DNS locking up multiple times per day. The key symptom: if a user's computer was set to have the router serve DNS, it would fail DNS resolutions going to websites. Existing connections/conference calls/streaming video/etc. would continue with no problem.
We also have Circle enabled on the router, providing "Adult" filtering for the younger internet users in our house. Circle works by intercepting all DNS requests from managed devices. So while adults in the house could bypass the Orbi by changing DNS settings, the kids were stuck until the router was rebooted.
Eventually I found that using the GUI to "release" and "renew" DHCP solved the problem without a reboot, and after a bit more research, traced the problem to the "dnsmasq" service running on the router as part of Circle. I was (and am) able to recover the DNS by telnetting into the router and executing "/etc/init.d/dnsmasq restart".
I thought I had beat the problem by setting that line in a crontab command to execute the dnsmasq restart hourly, and in fact that worked for over 48 hours, but this morning it locked up again and I remotely rebooted it. The problem kept recurring during the day, and I found out that the reboot had wiped out my crontab customization. Blah!
I've got it set to execute every 10 minutes now. To mitigate the loss of dns cacheing, I've moved my R8500 upstream of the Orbi, so it's actually requesting the DNS from the OpenDNS servers and caching it, while the Orbi grabs it from the R8500. I want to put the Orbi into "Access Point" mode, but Circle is not yet available on the R8500 so for now I'm stuck using the Orbi for Circle, keeping both devices in Router mode (radios off on the R8500), and pointing the R8500 to the Orbi as a DMZ.
So, some questions:
- Is there any more detailed troubleshooting I can do for the dnsmasq issues? The logs seem to point to a "Page Fault" right around the time of the lockups, and given that they appear over time / with heavy usage I suspect the DNS cache may be growing too large.
- Does anyone know why a reboot overwrites my customizations to the crontab and how I can make my "hack" persist across reboots?
- I could leave the Orbi's telnet port open and telnet in remotely via my own machine's crontab to execute the reset, but that does not give me warm fuzzies from a security standpoint. Is the telnet only accessible from my side of the router (LAN) and not from the internet at large (WAN)? Does having the R8500 upstream provide any more protection/port 22 blocking, or does setting the DMZ negate that upstream protection?
- Does anyone have any other great ideas for was to permanently work around this apparent bug?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've already given up trying to get Orbi to function as a proper Router + Disney + Armor, because it's nothing but trouble. To get Orbi to a stable state, I have to disable practically everything that I could disable, including its internal DNS and DHCP client. I'm currently keeping Orbi for its WiFi capability and delegate all other router functions to DIY pfSense Router Firewall.
I went through a similar pain before I settled on the current setup, which has been holding up quite well during Stay-At-Home order.
- SB8200 -> pfSense -> Orbi AP Mode with static DNS servers and IP address
I settled on pfSense because I need a reliable Gigabit Router with enterprise class DNS resolver, DHCP, Firewall, DNS Filtering, VPN, plus a whole bunch of other features that I don't really need. If you're comfortable with installing pfSense, it's worth a shot.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've already given up trying to get Orbi to function as a proper Router + Disney + Armor, because it's nothing but trouble. To get Orbi to a stable state, I have to disable practically everything that I could disable, including its internal DNS and DHCP client. I'm currently keeping Orbi for its WiFi capability and delegate all other router functions to DIY pfSense Router Firewall.
I went through a similar pain before I settled on the current setup, which has been holding up quite well during Stay-At-Home order.
- SB8200 -> pfSense -> Orbi AP Mode with static DNS servers and IP address
I settled on pfSense because I need a reliable Gigabit Router with enterprise class DNS resolver, DHCP, Firewall, DNS Filtering, VPN, plus a whole bunch of other features that I don't really need. If you're comfortable with installing pfSense, it's worth a shot.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
Thanks... pfSense looks like a great solution but my head's spinning with all the hardware options and compatibility requirements. What hardware will support 1G speeds?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
Just an Intel Ethernet card and an old PC (4GB RAM, ~3Ghz CPU). The most important is to get the supported pfSense card, Intel Ethernet Adapter I340-T4, which I purchased on Amazon for $40. That's it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
Here is my pfSense Dashboard. You can check the hardware and Intel card in action along with all the services.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
Just found this thread, I'm having the same issue with Orbi RBR40 and 2 Satellite RBW30. Has anyone had any luck with Netgear support on this? I contacted them and they sent me a replacement satellite and router. Is there a way to manually configure DNS w/o using static IP on the Netgear admin page?
Shahab
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
@Shahab wrote: Has anyone had any luck with Netgear support on this?
Is there a way to manually configure DNS w/o using static IP on the Netgear admin page?
I'm well out of the free support period and am not going to pay for support. But this is actually a longstanding issue with dnsmasq. The problem is that the Orbi doesn't auto-detect the failure of dnsmasq, and overwrites user attempts to workaround it on a reboot.
Yes, you can temporarily set DNS to static IP, then change your DNS settings, then set DNS back to DHCP and the changed settings will "stick". If you have Circle or Armor enabled, you might have to temporarily disable them to do this. There are also ways to do it in the telnet interface for the more tech savvy.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
Simliiar issue and hope this is addressed ASAP due to those of us remote workers and the influx of stay at home workers along with kids eating up bandwidth 🙂
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
I recommend that users having problems with Orbi and DNS+Circle, open a support ticket here:
https://www.netgear.com/support/#
While you have support from NG.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
I opened a support case by calling their support line and they closed all my tickets with resolution that they've sent a new router + satellite. When you get the 1st level support on the phone, half the time is wasted by them trying to sell you their extended support plan.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
This is a reason why "unbound" becomes a popular replacement for "dnsmasq". For example, "unbound" is the new default for pfSense DNS server.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
Let us know what happens with the replacement.
Please try a factory reset and setup from scratch with the RBR and don't enable circle support after getting thru the setup wizard. You can manually setup the RBR as well. You should be able to change DNS values after the reset.
@Shahab wrote:I opened a support case by calling their support line and they closed all my tickets with resolution that they've sent a new router + satellite. When you get the 1st level support on the phone, half the time is wasted by them trying to sell you their extended support plan.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
So I just got the replacement router they sent me. The replacement router is an Orbi Mini Router RBR40, my original one was an Orbi Router RBR40. Is there a difference between these two? I wasn't able to find anything searching online.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
Does the replacement work?
@Shahab wrote:So I just got the replacement router they sent me. The replacement router is an Orbi Mini Router RBR40, my original one was an Orbi Router RBR40. Is there a difference between these two? I wasn't able to find anything searching online.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
Router is working so far, I haven't been able to get the Satellites to connect to it yet, despite several attempts. I'll be monitoring through the day to see if the connection stays up.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
I'm having the exact same issue. My DNS is locking up. If I reset the router or DNS it frees up and works again. I can ping directly to any IP address. I'm assuming if I reset the service the others are talking about it will free up. For now I've disabled Circle to see if that will solve the issue. This didn't start happening until about 2 weeks ago which is kind of strange.
Anyone have a solution?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
@kgividen wrote:I'm having the exact same issue. My DNS is locking up. If I reset the router or DNS it frees up and works again. I can ping directly to any IP address. I'm assuming if I reset the service the others are talking about it will free up. For now I've disabled Circle to see if that will solve the issue. This didn't start happening until about 2 weeks ago which is kind of strange.
Anyone have a solution?
Started about 2 weeks ago with me (OP) as well. Not sure if it was the latest firmware or just a heavy increase in load with more people working from home.
Solutions are, generally:
1. If possible, don't use your Orbi for DNS. Use another router or firewall upstream to provide DNS and DHCP services, and ony use the Orbi as an access point. Let it do what it does best (mesh routing) and don't make it do other things.
2. If you must use the Orbi as your primary/only router, minimize the DNS load you place on it. Set all computers using it to access DNS separately from the Orbi.
3. If you want to deal with lockups as they occur, logging in to the interface and doing a DHCP lease "release" and "renew" will fix the problem for a few hours/days.
4. If you want to automate step 3, use the telnet interface to set up a cron job to "/etc/init.d/dnsmasq restart" on a regular basis. 1 hour wasn't enough for me under heavy load, but 10 minutes works. Note that an orbi reboot will wipe out this customization and you'll have to repeat it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
@kgividen wrote:
One thing I noticed last time it froze up was I set the dns servers on one of my computers to point to google (tried open dns too) and it still didn’t work. I’m not sure if that’s a fluke or not.
With Circle or Armor enabled, the Orbi will intercept all DNS requests (port 53) regardless of where you point them to. For Circle, you can set a monitoring level of "none" or move your computer to "unmonitored devices" to use other DNS services... but it will still intercept DNS for any profile that is "managed".
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
I believe I'm having this same issue, posted here. A couple questions for the group:
1. By any chance would this DNS issue cause a modem to reboot randomly? With my issue, I swapped out my modem with the Netgear CM1000 but then noticed it was flaky, so I went to a new modem from Xfinity (using in bridge mode).
2. @SW_ I like your idea of separating the firewall from Orbi. Not sure I want to spin-up my own pfSense setup, but do you think I could accomplish the same decoupling of wifi and firewall with an old Asus RT-AC66U router?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi RBR50 + Circle frequent DNS failures
@enewbauer wrote:...
2. @SW_ I like your idea of separating the firewall from Orbi. Not sure I want to spin-up my own pfSense setup, but do you think I could accomplish the same decoupling of wifi and firewall with an old Asus RT-AC66U router?
...
Absolutely.
I had been running a similar setup with ASUS RT-AC87U as my upstream router until recently when I swapped it with DIY pfSense. I did the switch because the ASUS router was struggling with gigabit throughput when Parental Control is enabled, which disabled NAT HW Flow Control. The ASUS dual 1GHz CPUs were not able to keep up and would hit 100%. My new DIY pfSense with 3.2GHz CPU has no trouble with gigabit routing + NAT + Firewall + Parental Control, etc.,
Getting work/school/homework done are far more important than peak throughput at the moment. Good luck!
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more