Orbi WiFi 7 RBE973
Reply

Re: Orbi RBR50 + Circle frequent DNS failures

FURRYe38
Guru

Re: Orbi RBR50 + Circle frequent DNS failures

Lets create a new post and lets go from there. There maybe ISP or other issues going on since you don't have Circle enabled. 


@Shahab wrote:

After doing the firmware update and factory reset yesterday, now my internet connection drops all together.

 

Shahab


 

Message 51 of 92
Shahab
Apprentice

Re: Orbi RBR50 + Circle frequent DNS failures

Hi,

I have Charter and I verified that isn't an ISP issue by connecting via ethernet to the cable modem.

 

Shahab

Message 52 of 92
FURRYe38
Guru

Re: Orbi RBR50 + Circle frequent DNS failures

Thats good. Please start a new post and we'll go from there. Hopefully we can help you figure this next problem out. 

Message 53 of 92
Smge1lc
Guide

Re: Orbi RBR50 + Circle frequent DNS failures

I am debating the switch to the voxel firmware. Any body find any down side?
Message 54 of 92
FURRYe38
Guru

Re: Orbi RBR50 + Circle frequent DNS failures

I haven't seen any downsides to Voxels FW. Only thing is that if there is a bug problem on the NG FW that Voxel can't change, you'll have to wait for NG to fix the bug in there FW code. Voxel only changes or can only made changes to FW thats open to developers like Voxel. If code is closed then only NG can make changes there. 

If you don't like Voxels FW, you can easily revert back to stock FW by loading stock FW on the RBS first, then RBR, factory reset and setup from scratch and you'll be back on stock FW. 

 

If you do see issues with his FW, he's very open to discussion of it and if he can fix it, he will. He's very open to suggestions and such. 

 


@Smge1lc wrote:
I am debating the switch to the voxel firmware. Any body find any down side?

 

Message 55 of 92
Shahab
Apprentice

Re: Orbi RBR50 + Circle frequent DNS failures

Contacted phone support again just now,agent asked what entries I had in my logs, for ex. if there were any DoS attack entries.  I told him I saw the following entries repeatedly:

[DoS Attack: ACK Scan] from source: 104.129.195.15, port 443, Friday, April 03, 2020 16:40:26

He then had me make the following changes:

Disable Port Scan and DoS Protection based on seeing DoS attack log entries
changed MTU from 1500 to 1472
Disable SIP ALG

Said that the DoS attacks were coming from the Cable Modem.  Not sure if this opens me up to some vulnerability.

 

Shahab

Message 56 of 92
FURRYe38
Guru

Re: Orbi RBR50 + Circle frequent DNS failures

Let us know if this changes what your seeing with your system. Work any better? 

IF your on a cable ISP service, the MTU value should be 1500. Check with your ISP provider to see what MTU you should be using. 

If what NG set for you is working, then keep it. 

The attacks are coming from the internet side of the modem. 

Do a whois look up on those IP addresses and they will show you who is attempting to attack you. 

Have your ISP change the WAN IP address to something different. However the attack could continue at a later point. 


@Shahab wrote:

Contacted phone support again just now,agent asked what entries I had in my logs, for ex. if there were any DoS attack entries.  I told him I saw the following entries repeatedly:

[DoS Attack: ACK Scan] from source: 104.129.195.15, port 443, Friday, April 03, 2020 16:40:26

He then had me make the following changes:

Disable Port Scan and DoS Protection based on seeing DoS attack log entries
changed MTU from 1500 to 1472
Disable SIP ALG

Said that the DoS attacks were coming from the Cable Modem.  Not sure if this opens me up to some vulnerability.

 

Shahab


 

Message 57 of 92
dbwiddis
Star

Re: Orbi RBR50 + Circle frequent DNS failures


@FURRYe38 wrote:

The attacks are coming from the internet side of the modem. 

Do a whois look up on those IP addresses and they will show you who is attempting to attack you. 

Anyone with any firewall will see these things all the time.  There are bots out on the net scanning every commonly used port on every IP all the time looking for vulnerabilities.  The "DoS Attack" isn't going to be effective at a DoS at one ping every few seconds, and port scanning just looks for open ports.  Unless you've intentionally opened up a port for something these are generally harmless as well.

 

Disabling the protection doesn't really change things, you just don't see the log messages, so if you actually are the subject of an attack you won't know who it is.   Many times these things give false alarms.

 

Normal internet users shouldn't need to worry about being attacked like this. If you run a home office and deal with sensitive information, than you would do well to have a separate firewall handling these things.

 

Bottom line:  "mostly harmless" to disable that protection. Just don't also check the box to "respond to ping on internet port" because that is like putting out a homing beacon to hackers.

Message 58 of 92
FURRYe38
Guru

Re: Orbi RBR50 + Circle frequent DNS failures

Sometimes the attack can be overwhelming to the RBR and some have posted seeing problems or performance issues when this happens. ISPs can help change the IPs on the WAN side which some have said that helps. 


I agree, mostly bots and junk coming in from the WAN side and is mostly just logging of the attacks.

 

Users can also help performances by disabling some of the logging features that the RBR collects as well. Under Advaned tab/Admin/Logs.

I only have selected:

Connections to the Web-based interface of this Router
Router operation (startup, get time etc)

Users can pick and choose what they want the RBR to collect. 

 

Message 59 of 92
kgividen
Guide

Re: Orbi RBR50 + Circle frequent DNS failures

Since disabling circle I haven’t had any problems now for over a week. DNS, dhcp and so on are working fine. I still haven’t rebooted the router and circle seems to still be “working” by blocking certain sites and devices when I want and that is totally weird but I’m pretty sure in my case having circle enabled caused the issue. I’m going to try either a separate circle or something similar that is not running on the router because otherwise it’s working great. Even with many devices streaming video all at the same time.
Message 60 of 92
FURRYe38
Guru

Re: Orbi RBR50 + Circle frequent DNS failures

Good to hear. 

What FW version are you currently using?


@kgividen wrote:
Since disabling circle I haven’t had any problems now for over a week. DNS, dhcp and so on are working fine. I still haven’t rebooted the router and circle seems to still be “working” by blocking certain sites and devices when I want and that is totally weird but I’m pretty sure in my case having circle enabled caused the issue. I’m going to try either a separate circle or something similar that is not running on the router because otherwise it’s working great. Even with many devices streaming video all at the same time.

 

Message 61 of 92
kgividen
Guide

Re: Orbi RBR50 + Circle frequent DNS failures

I have firmware V2.5.1.8. I even paused my sons computer today Via the circle app on my phone so the circle service is still “running” but is disabled in the admin panel. I’m wondering if there is possibly a second service that is controlled by that option. It’s strange.
Message 62 of 92
FURRYe38
Guru

Re: Orbi RBR50 + Circle frequent DNS failures

Ya, not sure. I don't use Circle and users are seeing some bad behaviors with it. I would be careful using it. If it works for you, fine. If you start to see issues or other problems.  Disable it or do a factory reset in the RBR and setup from scratch and be sure to NOT enable Circle. NG is aware of the problem with Circle. No idea wihen it will be fixed. I presume upon next FW update or maybe even no update and just chagned on the Circle service side of things. It doesn't seem to be a FW problem. We can only hope. 


@kgividen wrote:
I have firmware V2.5.1.8. I even paused my sons computer today Via the circle app on my phone so the circle service is still “running” but is disabled in the admin panel. I’m wondering if there is possibly a second service that is controlled by that option. It’s strange.

 

Message 63 of 92
dbwiddis
Star

Re: Orbi RBR50 + Circle frequent DNS failures


@kgividen wrote:
I have firmware V2.5.1.8. I even paused my sons computer today Via the circle app on my phone so the circle service is still “running” but is disabled in the admin panel. I’m wondering if there is possibly a second service that is controlled by that option. It’s strange.

That is odd, but does give some insight.  Many times DHCP and DNS are closely intertwined (enabling DHCP does allow the upstream router to give a computer information on the DNS server(s) to use.)   

 

Earlier in my troubleshooting (when I thought the problem was from my ISP) I had wanted to change my DNS servers away from the DHCP-provided Comcast servers to one of the other options out there (Google, Cloudflare, OpenDNS, Level3).  With Cirle enabled, the "DNS Servers" portion of the dialogue was grayed out.  A bit of web searching revealed one had to go through the following sequence to change these servers:

1. Disable Circle

2. Enable static IP.   This "ungreyed" the DNS server blocks.

3. Change DNS servers

4. Re-enable dynamic/DHCP IP.

5. Re-enable Circle.

 

One would not think that DHCP had anything to do with DNS, but with Circle enabled they clearly are associated.  I'm thinking that "turning Circle off" may leave in the IP/MAC mapping that allows blocking, while removing the feature where all DNS packets are intercepted.

 

It would be interesting to see if the DNS-level site blocking is still active even with Circle "disabled"... e.g., can one visit an "adult" website from a computer filtering adult DNS...

Message 64 of 92
Shahab
Apprentice

Re: Orbi RBR50 + Circle frequent DNS failures

This is the link that the Netgear support rep sent me: https://kb.netgear.com/19957/What-does-Disable-Port-Scan-and-DoS-Protection-do.  Not sure what's going on with my router, the past 3 weeks or so, have been having daily issues with my connection, it's been very frustrating. 

 

Shahab

Message 65 of 92
SW_
Prodigy
Prodigy

Re: Orbi RBR50 + Circle frequent DNS failures

@Shahab, I shared your frustration because I had been through that rollercoaster rides.  If you have an old router lying around, dust it off and switch Orbi to AP mode, decouple Orbi from routing chores.  You could switch it back once this lockdown/COVID-19 ordeal is over.

Message 66 of 92
Smge1lc
Guide

Re: Orbi RBR50 + Circle frequent DNS failures

So by shutting off Circle and setting the DNS to 1.1.1.1 and 8.8.8.8, up time for the Orbi router has been nearly 95%, with the remaining 5% a combo of things I could think of other reasons for the issue, .ie changes I may have made on the router setup.

 

I am having a strange issue in that my chrome browsers largely on Windows 10 devices are failing to recognize a site and give me an illegal name error (clearly a DNS issues), but a reload of the page will send me back to where I was navigating.   This includes chrome on my Samsung phone.

 

Strangely, the computers that are setup where the DNS is set to my pi-hole have not given me this issue.

 

I don't know what to think.  I was going to install Vexel's firmware, but I'll take the 95% uptime over unknown issues anyday, at least in these times where I have 5 family members screaming if the "stupid wi-fi sucks" is down.

 

 

 

Message 67 of 92
FURRYe38
Guru

Re: Orbi RBR50 + Circle frequent DNS failures

You might try Voxels FW. It's stable and I have not seen any DNS issues on his FW. Ever. 

Someting to consider. 

At least your system seems working better now. 

 

 


@Smge1lc wrote:

So by shutting off Circle and setting the DNS to 1.1.1.1 and 8.8.8.8, up time for the Orbi router has been nearly 95%, with the remaining 5% a combo of things I could think of other reasons for the issue, .ie changes I may have made on the router setup.

 

I am having a strange issue in that my chrome browsers largely on Windows 10 devices are failing to recognize a site and give me an illegal name error (clearly a DNS issues), but a reload of the page will send me back to where I was navigating.   This includes chrome on my Samsung phone.

 

Strangely, the computers that are setup where the DNS is set to my pi-hole have not given me this issue.

 

I don't know what to think.  I was going to install Vexel's firmware, but I'll take the 95% uptime over unknown issues anyday, at least in these times where I have 5 family members screaming if the "stupid wi-fi sucks" is down.

 

 

 


 

Message 68 of 92
SW_
Prodigy
Prodigy

Re: Orbi RBR50 + Circle frequent DNS failures


@Smge1lc wrote:

Strangely, the computers that are setup where the DNS is set to my pi-hole have not given me this issue.

Since you've already setup Pi-Hole, keep Orbi in rotuer mode, but disable DNS/DHCP services on Orbi.  Let Pi-Hole handle both DNS and DHCP services.

Message 69 of 92
dbwiddis
Star

Re: Orbi RBR50 + Circle frequent DNS failures

The lockup is an underlying problem with dnsmasq, which freezes under high load, not perticularly the Orbi or Circle per se.

The problem here is that using Circle forces all DNS through dnsmasq, increasing the load. Any solution redirecting a lot of DNS traffic away from dnsmasq on the Orbi helps.

The problem with the firmware is that it fails to recognize the problem and self-heal. Easier to point fingers.

Ultimately getting DNS off the Orbi onto an upstream router or firewall or external DNS resolver like the circle hardware or a PiHole, should work.
Message 70 of 92
FURRYe38
Guru

Re: Orbi RBR50 + Circle frequent DNS failures

Have you tried Voxels FW by chance yet? 


@dbwiddis wrote:
The lockup is an underlying problem with dnsmasq, which freezes under high load, not perticularly the Orbi or Circle per se.

The problem here is that using Circle forces all DNS through dnsmasq, increasing the load. Any solution redirecting a lot of DNS traffic away from dnsmasq on the Orbi helps.

The problem with the firmware is that it fails to recognize the problem and self-heal. Easier to point fingers.

Ultimately getting DNS off the Orbi onto an upstream router or firewall or external DNS resolver like the circle hardware or a PiHole, should work.

 

Message 71 of 92
Shahab
Apprentice

Re: Orbi RBR50 + Circle frequent DNS failures

My issues have changed ever since I got the replacement Orbi router and didn't enable Circle.  Multiple times a day my connection will drop all together.   Every day I call Netgear support and ask for my ticket to be escalated to Level 2 support and I just have the Level 1 guys make incremental changes to a setting or 2 which don't end up making any difference.   Yesterday, they had me call Charter and ask them to reset my cable modem/clear the IP pool to address the DoS/Ack scans showing up in the logs, after the reset, don't see those entries anymore.

Some of the changes made yesterday:

Changed MTU size to 1472 from 1500
Enabled IPv6, set to Auto

 

Previous changes:

Disable SIP ALG

Disable Port Scan and DoS Protection

 

I really hate to spend money to go out and buy a new router, but it seems that's the best option at this time.  Any ideas on how to escalate to higher level support @ Netgear?

Message 72 of 92
FURRYe38
Guru

Re: Orbi RBR50 + Circle frequent DNS failures

So when this happens do you see the top ring LED on the RBR turn PINK? 

Do both wired and wireless connections stop at the same time when this happens? 

IPv6 should be disabled if you don't have native IPv6 support from your ISP. 

SIP ALG should be enabled. 

Be sure your using good quality LAN cable between the ISP Modem and RBR. CAT 6 is recommended. Swap out. 

 

Have the ISP check the signal and line quality UP to the modem. 
Be sure there are not coax cable line splitters in the between the modem and ISP service box. 
Be sure your using good quality RG6 coax cable up to the modem. 

 

Try downgrading the FW to v30 on the RBR as a last resort as well. 

 

All this might be an indication that your ISP modem could be faulty as well. If two different Orbi systems are experiencing the same problem. Something to consider asking the ISP to change out for something newer if possible. 

 

I would post a new post since this thread is in regards to Circle causing problems which seems to be temporarily fixed if users disable Circle. Which you have done and still continue to see problems which seem to point to something else. 


@Shahab wrote:

My issues have changed ever since I got the replacement Orbi router and didn't enable Circle.  Multiple times a day my connection will drop all together.   Every day I call Netgear support and ask for my ticket to be escalated to Level 2 support and I just have the Level 1 guys make incremental changes to a setting or 2 which don't end up making any difference.   Yesterday, they had me call Charter and ask them to reset my cable modem/clear the IP pool to address the DoS/Ack scans showing up in the logs, after the reset, don't see those entries anymore.

Some of the changes made yesterday:

Changed MTU size to 1472 from 1500
Enabled IPv6, set to Auto

 

Previous changes:

Disable SIP ALG

Disable Port Scan and DoS Protection

 

I really hate to spend money to go out and buy a new router, but it seems that's the best option at this time.  Any ideas on how to escalate to higher level support @ Netgear?


 

 

 

Message 73 of 92
SW_
Prodigy
Prodigy

Re: Orbi RBR50 + Circle frequent DNS failures


@SW_ wrote:

I've already given up trying to get Orbi to function as a proper Router + Disney + Armor, because it's nothing but trouble.  To get Orbi to a stable state, I have to disable practically everything that I could disable, including its internal DNS and DHCP client.  I'm currently keeping Orbi for its WiFi capability and delegate all other router functions to DIY pfSense Router Firewall.

 

I went through a similar pain before I settled on the current setup, which has been holding up quite well during Stay-At-Home order.

 

  • SB8200 -> pfSense -> Orbi AP Mode with static DNS servers and IP address

 

I settled on pfSense because I need a reliable Gigabit Router with enterprise class DNS resolver, DHCP, Firewall, DNS Filtering, VPN, plus a whole bunch of other features that I don't really need.  If you're comfortable with installing pfSense, it's worth a shot.


 

If you're curious about my rollercoaster between Orbi Router vs. AP Mode, check out this post.

Message 74 of 92
dbwiddis
Star

Re: Orbi RBR50 + Circle frequent DNS failures

FYI, for those following this, I am in communication with Netgear support.  They say:

 

We are already aware of this issue and our engineering team is currently working on a solution. 

Message 75 of 92
Top Contributors
Discussion stats
  • 91 replies
  • 12767 views
  • 31 kudos
  • 10 in conversation
Announcements

Orbi WiFi 7