Dynamic DNS problems on Synnology with Orbi RBR50V2 firmware 2.7.3.22

---

dbrewood wrote:

The only fix woudl be to downgrade the firmware and stop it from auto-upgrading which seems no longer possible.

 

---

There are two documented methods for preventing firmware auto-upgrade:

• Disconnect the router from the internet (temporarily).
  Manually load previous firmware.
  Enable telnet.
  Replace the file firmware_version with text where the first number is greater than any likely firmware release
  (such as V5.2.7.104)
  This will prevent auto-upgrade until the next time the router is rebooted.
  With my Orbi on a UPS, it can go 5-6 months without rebooting.  (A 4 hour power outage caused one.)
• Use an upstream router to block the URL's used for firmware upgrading.
  This, of course, makes applications such as OpenVPN and port forwarding more difficut.
  (Not impossible, just more difficult.)

Since Netgear Support has acknowledged the issue, one might thing they would be willing to provide beta firmware in advance of general release.  Sometimes beta firmware is read for test months before general release. (The QA proess for release appears to take some time.)

Thanks for the reply. 

I'm aware of the option of using telnet however the firmware (V2.7.3.22) I have when I access the beta page does not have the option of turning telnet on. So I'm unable to use that option.

If I could identify what version of the firmware did have the telnet option I'd try it.

The ISP modem/router (British Telecom Home Hub 6) can't be dumbed down and DHCP turned off so that can't be used with the Orbi in AP mode. If it was used in normal mode we'd end up with a double NAT situation I think. 

You can use your ISP modem/router to block the auto updates from happening. 

Also if you want to use the Orbi in router mode with your ISP router, configure the ISP routers DMZ for use with the Orbi router. This helps avoid Double NAT issues. Works well. 

---

dbrewood wrote:

Thanks for the reply. 

 

I'm aware of the option of using telnet however the firmware (V2.7.3.22) I have when I access the beta page does not have the option of turning telnet on. So I'm unable to use that option.

 

If I could identify what version of the firmware did have the telnet option I'd try it.

 

The ISP modem/router (British Telecom Home Hub 6) can't be dumbed down and DHCP turned off so that can't be used with the Orbi in AP mode. If it was used in normal mode we'd end up with a double NAT situation I think. 

---

---

dbrewood wrote:

If I could identify what version of the firmware did have the telnet option I'd try it.

 

The ISP modem/router (British Telecom Home Hub 6) can't be dumbed down and DHCP turned off so that can't be used with the Orbi in AP mode. If it was used in normal mode we'd end up with a double NAT situation I think. 

---

Any version prior to V2.7.3.22 has telnet on the debug page.

There may be a 'double negative' in the sentence above. For the Orbi to be in AP mode, then some other device (the BT router) must provide DHCP.

Note: we seem to have merged two issues into one post. (One from Netherlands. One from British Telecom.)

There are actually four method to handle Double NAT. 

1. Eliminate Double NAT by putting the ISP device into bridge (passthrough) mode, leaving the Orbi as the only router.
   This allows the Orbi to handle all 'router functions', such as DHCP, Port Forwarding, choosing DNS sources, assigning IP's, etc. etc.
2. Eliminate Double NAT by puting the Orbi into Access Point (AP) mode, leaving the ISP device to handle all DHCP, assigning IP's, port forwarding, Parental Controls, DNS, etc. etc. This has the benefit of allowing devices to be hard wired to the ISP router and preserves television capabilities.
3. Bypass Double NAT by putting the Orbi in the ISP device DMZ. If all user devices are connected to the Orbi, then the ISP router has only one device connected to it.
4. Live with Double NAT. If port xyz has to be forwarded to some device, Forward that port on the ISP router to the Orbi's IP, then forward that port on the Orbi to the device.  This works, but is so much effort that most users would pick 1,2, or 3 instead.

Alas the BT ISP Router does not have any option to block any web traffic alas.

The only option I could do would be to change the Orbi IP address back to the default (I changed it to match the ISP router), set it as the DMZ in the ISP modem, and turn off DHCP on the ISP modem? Is this what you mean?

---

dbrewood wrote:

Alas the BT ISP Router does not have any option to block any web traffic alas.

 

---

Which of these is your BT Home Hub 6?

https://www.bt.com/help/broadband/getting-set-up/user-guides-and-manuals-for-bt-hubs 

Yep looks like some thread merging indeed.

Thanks for those 4 suggestions.

1) is out as the ISP modem doesnt support pass though alas.

2) or 3) coukd be viable things to try. Which woukd you recommend I try first? 2) I guess?

---

CrimpOn wrote:

---

Which of these is your BT Home Hub 6?

https://www.bt.com/help/broadband/getting-set-up/user-guides-and-manuals-for-bt-hubs 

 

It's the BT Smart Hub (Type B) Fibre to the cabinet (FTTC). I have ADSL coming in .....

---

---

dbrewood wrote:

Yep looks like some thread merging indeed.

2) or 3) coukd be viable things to try. Which would you recommend I try first? 2) I guess?

---

I am no longer certain which issue we are trying to solve:

• There is a DDNS issue with the Synology NAS which is caused by Orbi V2.7.3.22 and we want to prevent the Orbi from updating to that version.
• There is some other issue we are trying to solve.

None of these Double NAT strategies will address the auto-upgrade issue.

---

CrimpOn wrote:

---

---

Any version prior to V2.7.3.22 has telnet on the debug page.

 

I had missed the above, I may look to do a downgrade and then try the telnet fix to disable updating.

 

1. Eliminate Double NAT by puting the Orbi into Access Point (AP) mode, leaving the ISP device to handle all DHCP, assigning IP's, port forwarding, Parental Controls, DNS, etc. etc. This has the benefit of allowing devices to be hard wired to the ISP router and preserves television capabilities.

---

If I went with that option would the Orbi still be able to use the Wireless mesh?

The Advanced Setting on page 10 do not have anything resembling "Block Sites"?

https://www.bt.com/content/dam/bt/help/legacy-ug/new-pdf/BT%20Smart%20Hub%20(Type%20B)%20Fibre%20to%20the%20cabinet%20(FTTC)%20user%20guide.pdf 

---

CrimpOn wrote:

---

dbrewood wrote:

Yep looks like some thread merging indeed.

2) or 3) coukd be viable things to try. Which would you recommend I try first? 2) I guess?

---

I am no longer certain which issue we are trying to solve:

• There is a DDNS issue with the Synology NAS which is caused by Orbi V2.7.3.22 and we want to prevent the Orbi from updating to that version.
• There is some other issue we are trying to solve.

None of these Double NAT strategies will address the auto-upgrade issue.

---

I'm trying to get round the DDNS issue (which is actually an issue of DNS being blocked I believe). So yes I want to bo back t the prior firmware and stop the Orbi updating.

The thought was if DNS etc was run on the ISP router it'd bypss the problems? Hence the double NAT questions I thinkl

---

dbrewood wrote:

---

I'm trying to get round the DDNS issue (which is actually an issue of DNS being blocked I believe). So yes I want to bo back t the prior firmware and stop the Orbi updating.

---

There are only two methods to prevent the Orbi from auto-updating firmware:

1. Put a router between the Orbi and the Internet and use it to block access to the Netgear update web sites.
   (Shame that the BT Advanced Settings will not do that.)
   Because this will create a Double (or Triple) NAT, the Orbi will probably be better off in AP mode.
   In your case, this leaves you with a Double NAT to get around. Does the BT Hub offer a DMZ?
2. Use telnet to change the file firmware_version in the Orbi root directory to begin with a number larger than the latest firmware.
   V2.7.3.22 is the latest, so my personal practice is to load a previous version, such as V2.7.2.104 and change the first 2 to something BIG, such as V5.7.2.104.
   Then, keep the Orbi from rebooting, which will cause it to reset the version number and promptly update firmware.
   I use a substantial UPS so that minor power outages do not cause my Orbi to reboot.

This topic is really awkward because I have no Synology NAS and cannot investigate the primary issue. I am unable to come up with any reason how the Orbi's handling of DNS could impact the NAS.  If the NAS can be set with a static IP, then surely it can be set to entirely bypass the Orbi DNS process????

---

CrimpOn wrote:

The Advanced Setting on page 10 do not have anything resembling "Block Sites"?

https://www.bt.com/content/dam/bt/help/legacy-ug/new-pdf/BT%20Smart%20Hub%20(Type%20B)%20Fibre%20to%20the%20cabinet%20(FTTC)%20user%20guide.pdf 

---

Alas not no :(

CrimpOn wrote:

There are only two methods to prevent the Orbi from auto-updating firmware:

1. Put a router between the Orbi and the Internet and use it to block access to the Netgear update web sites.
   (Shame that the BT Advanced Settings will not do that.)
   Because this will create a Double (or Triple) NAT, the Orbi will probably be better off in AP mode.
   In your case, this leaves you with a Double NAT to get around. Does the BT Hub offer a DMZ?
2. Use telnet to change the file firmware_version in the Orbi root directory to begin with a number larger than the latest firmware.
   V2.7.3.22 is the latest, so my personal practice is to load a previous version, such as V2.7.2.104 and change the first 2 to something BIG, such as V5.7.2.104.
   Then, keep the Orbi from rebooting, which will cause it to reset the version number and promptly update firmware.
   I use a substantial UPS so that minor power outages do not cause my Orbi to reboot.

This topic is really awkward because I have no Synology NAS and cannot investigate the primary issue. I am unable to come up with any reason how the Orbi's handling of DNS could impact the NAS.  If the NAS can be set with a static IP, then surely it can be set to entirely bypass the Orbi DNS process????

[Sorry I can't get the quote funcion to work on copied in content]. Option 1 is out, I don't have the funds to buy another router. The BT Hub does have the facility to assign a DMZ IP.

I have a small UPS here as well so 2. might well be viable.

The problem is that when the issue occurs if one looks to test outgoing traffic from the NAS to the outside world e.g. DDNS then test results show that communication gets as far as the Orbi and then stops (My Orbi has IP of 192.168.1.254) as you can see below. The NAS does have a static IP and is set to use it's own DNS servers (Cloudflare) but the Orbi blocks the communication:

root@mynas:~# ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=0.357 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=64 time=0.327 ms
64 bytes from 192.168.1.254: icmp_seq=3 ttl=64 time=0.423 ms
64 bytes from 192.168.1.254: icmp_seq=4 ttl=64 time=0.323 ms
64 bytes from 192.168.1.254: icmp_seq=5 ttl=64 time=0.233 ms
^C
--- 192.168.1.254 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.233/0.332/0.423/0.064 ms
root@mynas:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.1.254 icmp_seq=1 Destination Port Unreachable
From 192.168.1.254 icmp_seq=2 Destination Port Unreachable
From 192.168.1.254 icmp_seq=3 Destination Port Unreachable
From 192.168.1.254 icmp_seq=4 Destination Port Unreachable
From 192.168.1.254 icmp_seq=5 Destination Port Unreachable
From 192.168.1.254 icmp_seq=6 Destination Port Unreachable
From 192.168.1.254 icmp_seq=7 Destination Port Unreachable
^C
--- 8.8.8.8 ping statistics ---
7 packets transmitted, 0 received, +7 errors, 100% packet loss, time 8ms

root@mynas:~# ping www.google.com
PING www.google.com (142.250.187.196) 56(84) bytes of data.
From 192.168.1.254 (192.168.1.254) icmp_seq=1 Destination Port Unreachable
From 192.168.1.254 (192.168.1.254) icmp_seq=2 Destination Port Unreachable
From 192.168.1.254 (192.168.1.254) icmp_seq=3 Destination Port Unreachable
From 192.168.1.254 (192.168.1.254) icmp_seq=4 Destination Port Unreachable
From 192.168.1.254 (192.168.1.254) icmp_seq=5 Destination Port Unreachable
^C
--- www.google.com ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 7ms

root@mynas:~# nslookup www.google.com
Server:		81.139.57.100
Address:	81.139.57.100#53

Non-authoritative answer:
Name:	www.google.com
Address: 142.250.200.36
Name:	www.google.com
Address: 2a00:1450:4009:81f::2004

root@mynas:~# nslookup www.google.com 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	www.google.com
Address: 142.250.200.36
Name:	www.google.com
Address: 2a00:1450:4009:820::2004

root@mynas:~# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  192.168.1.254 (192.168.1.254)  0.352 ms  0.392 ms  0.403 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
root@mynas:~# 

---

dbrewood wrote:

---

CrimpOn wrote:

The Advanced Setting on page 10 do not have anything resembling "Block Sites"?

https://www.bt.com/content/dam/bt/help/legacy-ug/new-pdf/BT%20Smart%20Hub%20(Type%20B)%20Fibre%20to%20the%20cabinet%20(FTTC)%20user%20guide.pdf 

---

Alas not no :(

 

---

Thanks for the example. Will take some time to digest that.  I did search for how to block sites with the BT Hub 6 and the concensus is as you stated: cannot be done.  There were several comments that BT Parental Controls IS able to block sites.  That probably involves a fee.

Thanks for that. I'm now wondering if it is worth:

• Turning off WiFi on the BT Hub
• BT Hub will continue to handle port forwarding etc as it is now with the Orbi offline.
• Changing the Orbi IP back to 192.168.1.1  and connecting the Orbi in AP mode to the BT Hub. (Assuming this disables DHCP etc)

Would that allow the Orbi to function with the BT Hub handling DNS / DHCP etc. Or is that way too simple?

CrimpOn : I am having troubles to undertand the exact cause of the DNS problem. My only problem is errors in updating my Dynanic DNS on Synology.  A few times a day my Synology cannot be reached with xxx.synology.me. Also the Quickconnect does not work at that moment.  My NAS reports an error : cannot get an eternal IP adres. 

To me it looks like a DNS problem. The person in the other formum (tekguru) had figured out this is caused by Orbi.  I think he is right because of his research. And the fact that te latest Orbi firmware had a fix on DNS....? 

---

NESSHINDO wrote:

CrimpOn : I am having troubles to undertand the exact cause of the DNS problem. My only problem is errors in updating my Dynanic DNS on Synology.  A few times a day my Synology cannot be reached with xxx.synology.me. Also the Quickconnect does not work at that moment.  My NAS reports an error : cannot get an eternal IP adres. 

To me it looks like a DNS problem. The person in the other formum (tekguru) had figured out this is caused by Orbi.  I think he is right because of his research. And the fact that te latest Orbi firmware had a fix on DNS....? 

 

---

It is a DNS issue (Tekguru here) :) The annoying thing is the fix in the latest firmware was supposed to be a fix for this very same issue. In reality it breaks it for a lot of people.

From conversations on here it does look like V2.7.2.104 does havd the telnet option so I may downgrade the firmware, disconnect the internet, change the NVRAM to stop auto-updating and the re-enable the intenet. We can only see what happens,

My guess is the telnet hack is your only remaining opton.  DMZ avoids a Double NAT, but does nothing to stop the Orbi from auto-updating firmware.  Even if the ISP router could block sites, the DMZ bypasses everything in the router.

Detailed instructions can be found here: https://www.dropbox.com/s/se94mxcfzhpmi1o/Prevent%20Orbi%20from%20Updating.pdf?dl=0 

On the underlying issue, are other devices on the network able to ping outside resources?

This is another example of how frustrating Orbi firmware issues are.  My Orbi auto-updated to V2.7.3.22 and appears to function perfectly. It doesn't drop connections.  Doesn't reboot.  OpenVPN and port forwarding work.  Yet when people post about issues with V2.7.3.22 they are not making them up.

I know this is off-topic, but how did the Orbi come to have IP 192.168.1.254?

The default configuration for Netgear routers (including Orbi) is to reserve 192.168.1.1 for the router and use the remainder of the subnet for LAN devices.  Is there a device at 192.168.1.1?

Thanks, I'll try the telnet 'hack' to see if it works for me. Instructions look good! 

Other devices and the NAS can Ping out most of the time. When the Orbi DNS issue occurs it is there for maybe an hour then fixes itself, it is transient in natutre which does not help with debugging.

I changed the IP on the Orbi so it'd make it easier for me to switch from the BT Hub to the Orbi as the hub uses 192.168.1.254 as it's IP.

Unusual IP for the Orbi, but makes perfect sense.

If you have a Windows computer, it might be entertaining to check out PingInfoView from www.nirsoft.net (free). I usually keep it running in the background as a primitive check on the WAN/LAN network.  It pings every 30 seconds. I have it set to check a bunch of public DNS servers and some local devices.  (see image attached.  I rebooted Windows today because of the monthly Tuesday software update.)

My reasoning for the experiment is that (a) ICMP (ping) is based on UDP and delivery is not guaranteed on UDP packets, (b) if only one DNS server fails to respond to ICMP, maybe that particular packet got "lost" on the way there or back, (c) if every DNS server fails to respond to 2 or more consequitive pings, then there is a good chance that my Orbi internet connection has failed.  On the whole, I have found internet DNS servers more consistent than some of my security cameras and smart plugs. (sigh)

There are all sorts of options.  I log the failures to a text file and use grep to extract only the DNS failures.

There is also a hack to restore telnet to V2.7.3.22, but that does nothing to address the underlying issue.

---

NESSHINDO wrote:
Could it be that the problem may be solved when I put my Orbi in AP mode?
My ISP router has other network mask so I have to migrate all my devices to other ip adresses (fixed).

---

Certainly changing the Orbi to AP mode should remove the Orbi from any questions regarding DNS.

Can the ISP router be set to the same IP subnet as the Orbi through a management interface?

No this isn't possible. It has 192.168.2.x . Fixed in the interface...

But maybe transferring my devices to this new subnet may solve my issue.  I am gonna think about it.

CrimpOn wrote:

My guess is the telnet hack is your only remaining opton.  DMZ avoids a Double NAT, but does nothing to stop the Orbi from auto-updating firmware.  Even if the ISP router could block sites, the DMZ bypasses everything in the router.

 

Detailed instructions can be found here: https://www.dropbox.com/s/se94mxcfzhpmi1o/Prevent%20Orbi%20from%20Updating.pdf?dl=0 

 

---

Well it looks like the fix you detail has resolved the issue on the main router, or at least I've managed to go back to the older firmware without it auto-updating.

The satellites alas seem not to have the telnet option anywhere and even though I've managed to downgrade them they auto-update to version 

2.7.3.22.