Orbi WiFi 7 RBE973
Reply

Re: Orbi RBR50 + Circle frequent DNS failures

dbwiddis
Star

Orbi RBR50 + Circle frequent DNS failures

I've spent the better part of the past two weeks troubleshooting some DNS issues.  They are similar to those reported recently here and probably here and related to similar reports as long as a year ago.  I know my way around linux and have pored through the telnet interface looking for clues and I think I have a workaround, but am hoping some of the experts/gurus here can offer better suggestions than my hack.

 

I have gigabit (1G down/40M up) service from Xfinity (Comcast) and initially contacted them to try to resolve issues.  My cable signal is now near perfect and I've even swapped out cable modems, but the issues persist -- because they are on the Orbi.  I also have a Netgear R8500 that I used prior to getting the Orbi system.  

 

My system:  Orbi RBR50 with two satellites.  House is about 3000sq ft on two floors, with the RBR 50 upstairs in a central location and the two satellites on either end of downstairs.  Internet signal/speeds/etc. are great when it's working.   On the latest firmware, 2.5.1.8.

 

About 2 weeks ago, we had a significant increase in home usage with 3 people in the house working from home for tech jobs.  And that's when the issues started -- DNS locking up multiple times per day.  The key symptom:  if a user's computer was set to have the router serve DNS, it would fail DNS resolutions going to websites.  Existing connections/conference calls/streaming video/etc. would continue with no problem.

 

We also have Circle enabled on the router, providing "Adult" filtering for the younger internet users in our house.  Circle works by intercepting all DNS requests from managed devices.   So while adults in the house could bypass the Orbi by changing DNS settings, the kids were stuck until the router was rebooted.

 

Eventually I found that using the GUI to "release" and "renew" DHCP solved the problem without a reboot, and after a bit more research, traced the problem to the "dnsmasq" service running on the router as part of Circle.  I was (and am) able to recover the DNS by telnetting into the router and executing "/etc/init.d/dnsmasq restart".

 

I thought I had beat the problem by setting that line in a crontab command to execute the dnsmasq restart hourly, and in fact that worked for over 48 hours, but this morning it locked up again and I remotely rebooted it.  The problem kept recurring during the day, and I found out that the reboot had wiped out my crontab customization.  Blah!

 

I've got it set to execute every 10 minutes now.   To mitigate the loss of dns cacheing, I've moved my R8500 upstream of the Orbi, so it's actually requesting the DNS from the OpenDNS servers and caching it, while the Orbi grabs it from the R8500.  I want to put the Orbi into "Access Point" mode, but Circle is not yet available on the R8500 so for now I'm stuck using the Orbi for Circle, keeping both devices in Router mode (radios off on the R8500), and pointing the R8500 to the Orbi as a DMZ. 

 

So, some questions:

  • Is there any more detailed troubleshooting I can do for the dnsmasq issues?  The logs seem to point to a "Page Fault" right around the time of the lockups, and given that they appear over time / with heavy usage I suspect the DNS cache may be growing too large.
  • Does anyone know why a reboot overwrites my customizations to the crontab and how I can make my "hack" persist across reboots?
  • I could leave the Orbi's telnet port open and telnet in remotely via my own machine's crontab to execute the reset, but that does not give me warm fuzzies from a security standpoint.  Is the telnet only accessible from my side of the router (LAN) and not from the internet at large (WAN)?   Does having the R8500 upstream provide any more protection/port 22 blocking, or does setting the DMZ negate that upstream protection?
  • Does anyone have any other great ideas for was to permanently work around this apparent bug?

 

 

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 1 of 92

Accepted Solutions
SW_
Prodigy
Prodigy

Re: Orbi RBR50 + Circle frequent DNS failures

I've already given up trying to get Orbi to function as a proper Router + Disney + Armor, because it's nothing but trouble.  To get Orbi to a stable state, I have to disable practically everything that I could disable, including its internal DNS and DHCP client.  I'm currently keeping Orbi for its WiFi capability and delegate all other router functions to DIY pfSense Router Firewall.

 

I went through a similar pain before I settled on the current setup, which has been holding up quite well during Stay-At-Home order.

 

  • SB8200 -> pfSense -> Orbi AP Mode with static DNS servers and IP address

 

I settled on pfSense because I need a reliable Gigabit Router with enterprise class DNS resolver, DHCP, Firewall, DNS Filtering, VPN, plus a whole bunch of other features that I don't really need.  If you're comfortable with installing pfSense, it's worth a shot.

View solution in original post

Message 2 of 92

All Replies
SW_
Prodigy
Prodigy

Re: Orbi RBR50 + Circle frequent DNS failures

I've already given up trying to get Orbi to function as a proper Router + Disney + Armor, because it's nothing but trouble.  To get Orbi to a stable state, I have to disable practically everything that I could disable, including its internal DNS and DHCP client.  I'm currently keeping Orbi for its WiFi capability and delegate all other router functions to DIY pfSense Router Firewall.

 

I went through a similar pain before I settled on the current setup, which has been holding up quite well during Stay-At-Home order.

 

  • SB8200 -> pfSense -> Orbi AP Mode with static DNS servers and IP address

 

I settled on pfSense because I need a reliable Gigabit Router with enterprise class DNS resolver, DHCP, Firewall, DNS Filtering, VPN, plus a whole bunch of other features that I don't really need.  If you're comfortable with installing pfSense, it's worth a shot.

Message 2 of 92
dbwiddis
Star

Re: Orbi RBR50 + Circle frequent DNS failures

Thanks... pfSense looks like a great solution but my head's spinning with all the hardware options and compatibility requirements.  What hardware will support 1G speeds?

Message 3 of 92
SW_
Prodigy
Prodigy

Re: Orbi RBR50 + Circle frequent DNS failures

Just an Intel Ethernet card and an old PC (4GB RAM, ~3Ghz CPU).  The most important is to get the supported pfSense card, Intel Ethernet Adapter I340-T4, which I purchased on Amazon for $40.  That's it.

Message 4 of 92
SW_
Prodigy
Prodigy

Re: Orbi RBR50 + Circle frequent DNS failures

Here is my pfSense Dashboard.  You can check the hardware and Intel card in action along with all the services.

 

pfSense Firewall Router.png

Message 5 of 92
Shahab
Apprentice

Re: Orbi RBR50 + Circle frequent DNS failures

Just found this thread, I'm having the same issue with Orbi RBR40 and 2 Satellite RBW30.   Has anyone had any luck with Netgear support on this?  I contacted them and they sent me a replacement satellite and router.   Is there a way to manually configure DNS w/o using static IP on the Netgear admin page?

Shahab

Model: RBW30|Orbi AC2200 Tri-band WiFi Add-on Satellite
Message 6 of 92
dbwiddis
Star

Re: Orbi RBR50 + Circle frequent DNS failures


@Shahab wrote: Has anyone had any luck with Netgear support on this? 
 Is there a way to manually configure DNS w/o using static IP on the Netgear admin page?

I'm well out of the free support period and am not going to pay for support.  But this is actually a longstanding issue with dnsmasq.  The problem is that the Orbi doesn't auto-detect the failure of dnsmasq, and overwrites user attempts to workaround it on a reboot.

 

Yes, you can temporarily set DNS to static IP, then change your DNS settings, then set DNS back to DHCP and the changed settings will "stick".    If you have Circle or Armor enabled, you might have to temporarily disable them to do this.   There are also ways to do it in the telnet interface for the more tech savvy. 

 

Message 7 of 92
ssgtweasel
Guide

Re: Orbi RBR50 + Circle frequent DNS failures

Simliiar issue and hope this is addressed ASAP due to those of us remote workers and the influx of stay at home workers along with kids eating up bandwidth 🙂

Message 8 of 92
FURRYe38
Guru

Re: Orbi RBR50 + Circle frequent DNS failures

I recommend that users having problems with Orbi and DNS+Circle, open a support ticket here:

https://www.netgear.com/support/#

While you have support from NG. 

@Blanca_O 

Message 9 of 92
Shahab
Apprentice

Re: Orbi RBR50 + Circle frequent DNS failures

I opened a support case by calling their support line and they closed all my tickets with resolution that they've sent a new router + satellite.  When you get the 1st level support on the phone, half the time is wasted by them trying to sell you their extended support plan.

Message 10 of 92
SW_
Prodigy
Prodigy

Re: Orbi RBR50 + Circle frequent DNS failures

This is a reason why "unbound" becomes a popular replacement for "dnsmasq".   For example, "unbound" is the new default for pfSense DNS server.

Message 11 of 92
FURRYe38
Guru

Re: Orbi RBR50 + Circle frequent DNS failures

Let us know what happens with the replacement. 


Please try a factory reset and setup from scratch with the RBR and don't enable circle support after getting thru the setup wizard. You can manually setup the RBR as well. You should be able to change DNS values after the reset. 


@Shahab wrote:

I opened a support case by calling their support line and they closed all my tickets with resolution that they've sent a new router + satellite.  When you get the 1st level support on the phone, half the time is wasted by them trying to sell you their extended support plan.


 

Message 12 of 92
Blanca_O
NETGEAR Moderator

Re: Orbi RBR50 + Circle frequent DNS failures

Hi @dbwiddis

 

We are looking into this issue and would like to request for debug logs. I will send you a private message for more information. 
 

Regards,
Blanca
Community Team

Message 13 of 92
Blanca_O
NETGEAR Moderator

Re: Orbi RBR50 + Circle frequent DNS failures

Hi @Shahab

 

Please send me a private message with the support case number by clicking on this link

 

Regards,
Blanca
Community Team

Message 14 of 92
Shahab
Apprentice

Re: Orbi RBR50 + Circle frequent DNS failures

So I just got the replacement router they sent me.   The replacement router is an Orbi Mini Router RBR40, my original one was an Orbi Router RBR40.  Is there a difference between these two? I wasn't able to find anything searching online.

 

Model: RBR20|Orbi AC2200 Tri-band WiFi Router
Message 15 of 92
FURRYe38
Guru

Re: Orbi RBR50 + Circle frequent DNS failures

Does the replacement work?


@Shahab wrote:

So I just got the replacement router they sent me.   The replacement router is an Orbi Mini Router RBR40, my original one was an Orbi Router RBR40.  Is there a difference between these two? I wasn't able to find anything searching online.

 


 

Message 16 of 92
Shahab
Apprentice

Re: Orbi RBR50 + Circle frequent DNS failures

Router is working so far, I haven't been able to get the Satellites to connect to it yet, despite several attempts.   I'll be monitoring through the day to see if the connection stays up.

Message 17 of 92
kgividen
Guide

Re: Orbi RBR50 + Circle frequent DNS failures

I'm having the exact same issue.  My DNS is locking up.  If I reset the router or DNS it frees up and works again.  I can ping directly to any IP address.  I'm assuming if I reset the service the others are talking about it will free up.  For now I've disabled Circle to see if that will solve the issue.  This didn't start happening until about 2 weeks ago which is kind of strange.

 

Anyone have a solution?

Model: RBR50|Orbi AC3000 Tri-band WiFi Router
Message 18 of 92
Shahab
Apprentice

Re: Orbi RBR50 + Circle frequent DNS failures

Earlier up in the post, one of the members lists how to telnet to the router & reset/change the dnsmasq settings. Are you able to manually set DNS servers on the Orbi administration page, if so, try that.
Message 19 of 92
dbwiddis
Star

Re: Orbi RBR50 + Circle frequent DNS failures


@kgividen wrote:

I'm having the exact same issue.  My DNS is locking up.  If I reset the router or DNS it frees up and works again.  I can ping directly to any IP address.  I'm assuming if I reset the service the others are talking about it will free up.  For now I've disabled Circle to see if that will solve the issue.  This didn't start happening until about 2 weeks ago which is kind of strange.

 

Anyone have a solution?


Started about 2 weeks ago with me (OP) as well. Not sure if it was the latest firmware or just a heavy increase in load with more people working from home.   

 

Solutions are, generally:

1. If possible, don't use your Orbi for DNS.   Use another router or firewall upstream to provide DNS and DHCP services, and ony use the Orbi as an access point.  Let it do what it does best (mesh routing) and don't make it do other things.

2. If you must use the Orbi as your primary/only router, minimize the DNS load you place on it.   Set all computers using it to access DNS separately from the Orbi.

3. If you want to deal with lockups as they occur, logging in to the interface and doing a DHCP lease "release" and "renew" will fix the problem for a few hours/days.

4. If you want to automate step 3, use the telnet interface to set up a cron job to "/etc/init.d/dnsmasq restart" on a regular basis.  1 hour wasn't enough for me under heavy load, but 10 minutes works.  Note that an orbi reboot will wipe out this customization and you'll have to repeat it.

Message 20 of 92
kgividen
Guide

Re: Orbi RBR50 + Circle frequent DNS failures

Thanks for the suggestions. I’ll do some more troubleshooting and maybe offload the dns. One thing I noticed last time it froze up was I set the dns servers on one of my computers to point to google (tried open dns too) and it still didn’t work. I’m not sure if that’s a fluke or not. I’m starting to think this has more to do with circle. It’s strange though because I haven’t had an issue for 2 years until two weeks ago and hadn’t upgrade firmware for some time. I’ve now upgraded the firmware but it happened again today. I guess we will see if disabling circle makes a difference too.
Message 21 of 92
dbwiddis
Star

Re: Orbi RBR50 + Circle frequent DNS failures


@kgividen wrote:
One thing I noticed last time it froze up was I set the dns servers on one of my computers to point to google (tried open dns too) and it still didn’t work. I’m not sure if that’s a fluke or not. 

With Circle or Armor enabled, the Orbi will intercept all DNS requests (port 53) regardless of where you point them to.  For Circle, you can set a monitoring level of "none" or move your computer to "unmonitored devices" to use other DNS services... but it will still intercept DNS for any profile that is "managed".

Message 22 of 92
kgividen
Guide

Re: Orbi RBR50 + Circle frequent DNS failures

Ok. That makes sense. I don’t have armor installed/enabled so I think the culprit is Circle. I’m guessing something changed with the service a couple of weeks ago. I’ve enabled telnet on the router and debug logs so I can check a few things when it freezes. But for now I’ve disabled Circle so we will see if that prevents another dns freeze.
Message 23 of 92
enewbauer
Guide

Re: Orbi RBR50 + Circle frequent DNS failures

I believe I'm having this same issue, posted here. A couple questions for the group:

 

1. By any chance would this DNS issue cause a modem to reboot randomly? With my issue, I swapped out my modem with the Netgear CM1000 but then noticed it was flaky, so I went to a new modem from Xfinity (using in bridge mode).

 

2. @SW_ I like your idea of separating the firewall from Orbi. Not sure I want to spin-up my own pfSense setup, but do you think I could accomplish the same decoupling of wifi and firewall with an old Asus RT-AC66U router? 

 

Thanks.

 

 

Message 24 of 92
SW_
Prodigy
Prodigy

Re: Orbi RBR50 + Circle frequent DNS failures


@enewbauer wrote:

...

2. @SW_ I like your idea of separating the firewall from Orbi. Not sure I want to spin-up my own pfSense setup, but do you think I could accomplish the same decoupling of wifi and firewall with an old Asus RT-AC66U router? 

...

 


 

Absolutely.

 

I had been running a similar setup with ASUS RT-AC87U as my upstream router until recently when I swapped it with DIY pfSense.  I did the switch because the ASUS router was struggling with gigabit throughput when Parental Control is enabled, which disabled NAT HW Flow Control.  The ASUS dual 1GHz CPUs were not able to keep up and would hit 100%.  My new DIY pfSense with 3.2GHz CPU has no trouble with gigabit routing + NAT + Firewall + Parental Control, etc.,

 

Getting work/school/homework done are far more important than peak throughput at the moment.  Good luck!

Message 25 of 92
Top Contributors
Discussion stats
  • 91 replies
  • 12768 views
  • 31 kudos
  • 10 in conversation
Announcements

Orbi WiFi 7