How to turn of DNS interception/proxy on WRVS4400N

Unanswered Question
Jul 10th, 2009
User Badges:

Hi,


i just replaced my previous router with a WRVS4400N, Firmware Version: V1.1.13-ETSI , and largely it's great. However I really need to stop it from intercepting DNS requests.


I'm running it in router mode with all public address pace, but due to the DNS interception:

1) it's breaking my reverse DNS, which is set up correctly on my ISPs DNS servers

2) it's not letting me query specific external DNS servers.


This is a huge issue as I'm a DNS admin and regularly need to test specific DNS servers, so the router intercepting my requets and providing an answer form some other DNS server is a huge issue.


So is there any way I can prevent this behaviour?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David Carr Fri, 07/10/2009 - 07:33
User Badges:
  • Silver, 250 points or more

I am looking at your post and trying to figure out what exactly you have going on here.  The wrvs4400n does not have dns interception on it.  Could you please elaborate a little bit more on your situation.  Thank You.

scramworks Fri, 07/10/2009 - 07:55
User Badges:

That's odd because it's acting as though it does.


Internally if I look up the IP address of the router I get the following response:

$ host 81.6.206.1
1.206.6.81.in-addr.arpa domain name pointer www.routerlogin.com.

and a failed response for any of the other reverse DNS entries at my ISP, but if I do the same look up externally I get:

$ host 81.6.206.1
1.206.6.81.in-addr.arpa domain name pointer gw.scramworks.net.


Likewise I can do things like the following:

$ host cisco.com 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

cisco.com has address 198.133.219.25


Which simply shouldn't work, I'll check with my ISP in case they've started doing something odd that coincided with my changing router.

David Carr Fri, 07/10/2009 - 08:27
User Badges:
  • Silver, 250 points or more

I do have a question for you on this.  You stated that you have the router in router mode.  If that is the case the firewall on the router is disabled and all it is doing is forwarding traffic.  If you have it in gateway mode then the firewall is enabled and might pose an issue.  Let me know what mode it is in if you dont mind.  Thank You.

scramworks Fri, 07/10/2009 - 09:05
User Badges:

It's in router mode.

Under Advanced Routing, Operation Mode,

the radio button next to Router is checked.

David Carr Fri, 07/10/2009 - 09:08
User Badges:
  • Silver, 250 points or more

Yeah you may be getting the dns interception from something else in the network.  With it in router mode the firewall is disabled.  Keep me posted on what you turn up on it.  Thank You.

scramworks Fri, 07/10/2009 - 10:11
User Badges:

Hi I shoved my old Zyxel back into place and DNS behaved as expected, put the WRVS4400N back in and DNS oddness returned.


Have reset it back to factory defaults and reconfigured and tried with both router and gateway mode and same thing.


I get the same result with the internet cable disconnected including by asking non-existant servers, which wouldn't be reachable anyway as it was done when the ADSL link was disconnected.


So as far as I can work out the problems definately the router, I've done the lookups from both Windows XP, 7 and OpenBSD machines, and I've done an rndc flush on the LAN side name server. But given I get the same result when specifying external servers (with the adsl link unplugged) I think it's safe to say it's not an issue with the local DNS server.


Here's the output when the internet cable was unplugged from the router:


$ host -v 81.6.206.1 1.1.1.1
Trying "1.206.6.81.in-addr.arpa"
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57071
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;1.206.6.81.in-addr.arpa.       IN      PTR

;; ANSWER SECTION:
1.206.6.81.in-addr.arpa. 3600   IN      PTR     www.routerlogin.com.


Just as a thought, no idea if it's relevant, I'm also having quite a problem blocking in bound traffic whilst allowing outbound.

David Carr Fri, 07/10/2009 - 13:15
User Badges:
  • Silver, 250 points or more

Hey scramworks, I consulted with one of our escalation engineers and he stated they are aware of the problem and are working towards a solution.  There is no estimated time of a fix on the issue.  He stated that if you would like further assistance on this issue that you can call our S-TAC and they can escalate the case to their escalation.  Thank You.  The support Stac's number is 866-606-1866.

scramworks Mon, 07/13/2009 - 12:01
User Badges:

Hi,


Thanks for the update. I'll stop trying to work out how to turn it off for now then. At least I know it's not soemthing I'd done.

jboemaars Wed, 07/15/2009 - 08:12
User Badges:

Hi All,


Just had the same problem when upgraded to 1.13. DNS for external sites didn't work any more.


I'm running SBS2008, so the server handles DNS and DHCP requests, instead of the router.


Downgraded to version 1.03 and the problem is solved for now..


Regards,



Jaap

scramworks Wed, 07/15/2009 - 12:45
User Badges:

I'll give down grading a try then, though as the release notes for the newer firmware states that it resolves an issue with IPv6 that's not really ideal.


But then as currently the router stops forwarding DNS requests once or twice a day, only restarting after I reload the firewall conifg (just clicking save on the firewall tab) it's hardly usable as is.


I'll report back if it works for me as well.


Thanks for the tip.

scramworks Sun, 07/19/2009 - 06:27
User Badges:

Down grading to 1.03 did indeed solve the problem. No more DNS interception and no more having to restart the firewall component to get DNS working again at regular intervals.

gbrambila Fri, 08/21/2009 - 16:19
User Badges:

I have the same problem with firmware  V 1.1.13, i can´t use OpenDNS service, any news about the solution?


Thanks.

David Carr Mon, 08/31/2009 - 14:35
User Badges:
  • Silver, 250 points or more

I am not sure of the eta of the newest firmware which should address this issue.

Actions

This Discussion

Related Content