This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Orbi Pro SRR60 hijacking DNS queries of wifi clients
Network setup:
1 Orbi Pro SRR60 router + 3 SRS60 satellites
PFSense firewall acting as DHCP server
Pihole DNS server
Before firmware upgrade:
All clients (including the Orbi devices) are assigned the pihole server for DNS queries.
Each client on wifi makes their DNS queries to pihole server. This is directly observable in the pihole logs and the metrics for each individual client can be seen on the pihole dashboard.
Upgraded to firmware 2.6.0.108. After firmware upgrade:
All clients (including the Orbi devices) are assigned the pihole server for DNS queries. Nothing has changed from a DHCP perspective.
Confirmed that the wifi devices are showing the pihole server as the DNS server.
However, the pihole logs now show a large increase in DNS queries from the pihole router itself, and ZERO queries from the wifi clients.
Tried doing a nslookup from a windows machine which is pointing to the pihole. Look at the pihole logs, and lo and behold, the request is coming from the Orbi router itself.
The Orbi router is intercepting the DNS requests and resubmitting them itself on behalf of the client. This is completely unacceptable and destroys the pihole metrics. I could not find anywhere in the firmware to turn this off, so the only solution was to roll back the firmware to the previous version. Having done so, the problem is instantly fixed.
@netgear, this is deceptive. You are ignoring the DNS server value being sent to the clients and injecting yourself in the middle. This should at a very minimum be made transparent to users, and there should be a way to disable this behavior.
Hasn't anyone else seen this behavior? I have the log files to prove it!
This is directly observable in the pihole logs and the metrics for each individual client can be seen on the pihole dashboard. ... This is completely unacceptable and destroys the pihole metrics.
Correct. This has an impact on other systems in the data path, like a Pi-hole device. However, it's not the end of the world.
The Orbi router is intercepting the DNS requests and resubmitting them itself on behalf of the client. ... I could not find anywhere in the firmware to turn this off, so the only solution was to roll back the firmware to the previous version. Having done so, the problem is instantly fixed.
It's a new feature introduced silently to Orbi Pro and Orbi Pro WiFi 6 @JohnC_V ... nothing to troubleshoot, see last part of this post. The community figured out almost everyhting going on 8-)
...You are ignoring the DNS server value being sent to the clients and injecting yourself in the middle. This should at a very minimum be made transparent to users, and there should be a way to disable this behavior.
Look here for a possible explanation what might be going on.
Having it source-IP transparent - and most would not recognize it's there. I'm not enough an iptables geek, so don't know if this could be changed easily.
This is directly observable in the pihole logs and the metrics for each individual client can be seen on the pihole dashboard. ... This is completely unacceptable and destroys the pihole metrics.
Correct. This has an impact on other systems in the data path, like a Pi-hole device. However, it's not the end of the world.
The Orbi router is intercepting the DNS requests and resubmitting them itself on behalf of the client. ... I could not find anywhere in the firmware to turn this off, so the only solution was to roll back the firmware to the previous version. Having done so, the problem is instantly fixed.
It's a new feature introduced silently to Orbi Pro and Orbi Pro WiFi 6 @JohnC_V ... nothing to troubleshoot, see last part of this post. The community figured out almost everyhting going on 8-)
...You are ignoring the DNS server value being sent to the clients and injecting yourself in the middle. This should at a very minimum be made transparent to users, and there should be a way to disable this behavior.
Look here for a possible explanation what might be going on.
Having it source-IP transparent - and most would not recognize it's there. I'm not enough an iptables geek, so don't know if this could be changed easily.
Bug Fixes: This firmware addresses the following bugs:
Fixes DNS issues that DNS request is hijacked when clients configure static DNS server 512 DHCP clients support in LAN setting Fixes wired satellite is showed disconnected in Insight webportal Fixes Orbi App support issue Fixes RBS50Y configuration reset issue. It requires to upgrade this firmware twice to fix the issue.
