New Router, OpenDNS sometimes reports IP different from my own

Comments

20 comments

  • Avatar
    jimmyandrews

    I have a forum thread open at Linksys as well, here: http://community.linksys.com/t5/Wireless-Routers/EA6500-intermittent-issues-with-OpenDNS/td-p/891047

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "I think that has something to do with the router settings and isn't my primary focus of this question (but is secondary)."

    No, it is the primary issue.  Start with filling the DNS 3 entry on your router with one of 208.67.222.220 or 208.67.220.222.  That should be it.

    0
    Comment actions Permalink
  • Avatar
    jimmyandrews

    You didn't read my post then, been there, done that, said it in the post.  That is why it is a secondary problem at this point.

    0
    Comment actions Permalink
  • Avatar
    jimmyandrews

    Sorry, didn't mean to be so snappy.  But these rogue IPs are really starting to make me scratch my head.  Thank you for looking at the post and I appreciate any advice given.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    No worries, you didn't say that you used these IP addresses.

    Post the complete plain text output of the following diagnostic command:

    nslookup -type=txt debug.opendns.com.

    0
    Comment actions Permalink
  • Avatar
    jimmyandrews

    True, I didn't realize OpenDNS had more than the two they posted.  In any event, here are some results.

    ___-=Behaving Properly:=-___

    Server:  AndrewsHome
    Address:  10.10.10.1

    Non-authoritative answer:
    debug.opendns.com       text =

            "server 9.ash"
    debug.opendns.com       text =

            "flags 20 0 2F6 0"
    debug.opendns.com       text =

            "originid 20178101"
    debug.opendns.com       text =

            "actype 2"
    debug.opendns.com       text =

            "bundle 5816061"
    debug.opendns.com       text =

            "source 96.32.61.5:46163"

     

    ___-=Misbehaving=-___(eg. bouncing between those public 192 addresses)

    Server:  AndrewsHome
    Address:  10.10.10.1

    *** AndrewsHome can't find debug.opendns.com.: Non-existent domain

    ___-=END=-___

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    In the first example you're using OpenDNS, their Ashburn/Virginia data center, through your router at 10.10.10.1, and your public IP address 96.32.61.5 is registered with OpenDNS network ID 20178101.

    In the second example you still send your DNS query to your router at 10.10.10.1, but this doesn't use OpenDNS at all yet, but may send the DNS query to another DNS service.  Only OpenDNS can resolve the domain debug.opendns.com.  Therefore you get "AndrewsHome can't find debug.opendns.com.: Non-existent domain".

    So, the question is, what happened to your router or to your internet connection between the two command outputs?

    I took a look into your router's user guide from http://support.linksys.com/en-us/support/routers/EA6500/download

    Just by chance, do you have dual-WAN, i.e. two different internet connections?  What does the router status page say for the one and the other scenario?

    Also, I can see that this router supports IPv6 connectivity.  Ensure that you have disabled this, because you can register only an IPv4 address at OpenDNS yet, so your settings do not take effect when using IPv6.  You may have non-OpenDNS IPv6 resolver addresses configured (or obtained automatically) which causes your DNS queries to go to a different service, as in your second command output.

    Further, do you have VPN passthrough enabled in your router?  This may be another reason for not using OpenDNS consistently.

    And what consequences does this have on your computer?  Post the following command output twice from your Windows computer, one for each scenario:

    ipconfig /all

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    And while reviewing my own response: If you changed your router's DNS settings on the LAN DHCP side of the router as you did, your DNS queries should not be going to 10.10.10.1 at all, but the router would propagate the three OpenDNS resolver addresses via DHCP to the connected devices, and you would not see:

    Server:  AndrewsHome
    Address:  10.10.10.1

    but instead you would see e.g.:

    Server:  resolver1.opendns.com
    Address:  208.67.222.222

    Do you have the TCP/IP settings manually configured on your computer?  If so, you must use only OpenDNS resolver addresses for DNS, never 10.10.10.1.

    Therefore yes, post the "ipconfig /all" output for either situation.

    0
    Comment actions Permalink
  • Avatar
    Kristy Patullo

    We've also been seeing an issue with Linksys's recent firmware where the router does not respect the DNS settings you add to it.  You can tell if this issue is affecting you by confirming that under Connectivity-->Local Network you have added OpenDNS's DNS settings to DNS 1-DNS 3 but when you check Troubleshooting-->Status you see your internet service provider's DNS for DNS1-DNS3.  Even though you have OpenDNS configured your router is not respecting those settings.  You can check your firmware version using the instructions here: http://support.linksys.com/en-us/support/ccc/CONNECTIVITY

    In the cases that we have seen with this issue rolling back the firmware allowed OpenDNS to work properly, directions to rollback your firmware can be found here: 

    http://support.unblock-us.com/customer/portal/articles/1593108-linksys-smartwifi-routers---firmware-rollback

     

    0
    Comment actions Permalink
  • Avatar
    jimmyandrews

    Excellent information, thank you rotblitz and Kristy.  Kristy, you are correct about the DHCP DNS settings on the Linksys routers.  I actually have a tandem post on the Linksys forums for this issue and the info I'm getting from them is exactly that, the DHCP DNS settings are not being passed to the clients (which I have subsequently complained about), and that is apparently by design.  I have looked at my modem's config and it uses one of Google's DNS servers and 2 of Charters.  I think way back when I got the modem, I configured that myself.  But now with firmware updates pushed from Charter, those options are locked from being changed.

    On my Netgear router, I was able to override the ISP DNS settings (from the DHCP of the ISP), so I never had an issue with OpenDNS regardless if the local DHCP DNS was configured for the gateway or the OpenDNS servers directly.  On Linksys, this setting seems to be a hybrid of an override of the ISP DNS and local DHCP DNS, leaning more towards the ISP portion.  But when I look over the detailed config, those pesky DNS settings on the modem keep showing up regardless of what I set in the Linksys config.  I am working through a couple of troubleshooting steps with some of the community members over there to try and gather more information.

    My client DNS is set to pull from DHCP.  I do have IPv6 activated and was planning on turning it off anyhow because Charter does not support it.  I do use VPN at times for work and I know how the OpenDNS Updater program reacts to that and it behaves as I would expect.

    I have also enabled logging on OpenDNS to see if there is anything in those logs that could shed some light on the issue.  The first day of logs didn't show anything standing out.

    Right now, it seems as if that Linksys firmware could be to blame.  My biggest concern still is why these particular IP addresses?

    I'll get you the ipconfig output in a few.  Thanks for all your help!

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "the DHCP DNS settings are not being passed to the clients"

    Oops, then the existence of this option is totally useless, good for nothing.  :(

    Therefore the fall-back to an older firmware version where this still worked is apparently the way to go until Linksys/Cisco will have fixed it if they want to do so at all.

    I think I do not need your "ipconfig /all" anymore then.

    0
    Comment actions Permalink
  • Avatar
    jimmyandrews

    ipconfig /all attached.




    ipconfig_normal.txt
    0
    Comment actions Permalink
  • Avatar
    rotblitz

    In your active internet connection "Wireless LAN adapter Wi-Fi":

    DNS Servers . . . . . . . . . . . : 10.10.10.1


    As I said and as expected, this contains your router's IP address, but should contain OpenDNS resolver addresses which you configured on the router, propagated by your router as DHCP server.  The router doesn't do its DHCP job orderly.  A true bug of the firmware.

    Under these circumstances your only option to use OpenDNS is to configure the OpenDNS resolver addresses directly on the end user devices.
    https://support.opendns.com/forums/21618384

    Regarding your currently inactive connection "Ethernet adapter VirtualBox Host-Only Network", this can be disruptive for your use of OpenDNS when it becomes active, e.g. for using a VPN.

    0
    Comment actions Permalink
  • Avatar
    jimmyandrews

    So it looks like it is certainly a firmware issue.  This is my latest response to Linksys about the problem:

    "How about you create a restriction, like a MAC filter, to make sure that unwanted users/IP address won't appear in your device list?"

    Not the problem, this is a DHCP/DNS issue with the firmware.  No rogue devices are connecting to the router, those rogue IPs that I referenced earlier are in between my connection and OpenDNS (aka man-in-the-middle).  I live in a generally sparse area.  Currently, I have the DNS addresses manually overridden on my PC, and everything is behaving as anticipated. 

    As far as other troubleshooting...
    When connected directly to the modem, using the modems built-in DHCP when NOT connected to the internet, it will pass the DNS settings that I set up when I first got the modem (the option is currently locked due to Charter updating the firmware).  When connected directly to the modem with the internet also connected, the computer gets a public IP from Charter and the DHCP settings are transferred from them as I would expect.  Of course since Charter doesn't use OpenDNS, I don't get OpenDNS DNS options, so I need to manually assign those addresses to my DNS for OpenDNS to work (as expected).

    I also understand how VPNs and VPCs work along with their networking, so everything on that front is behaving as anticipated. (Losing OpenDNS when connected to the VPN, VPCs are fine) 

    So the issue continues to point to the lack of DNS settings being propagated through DHCP, this firmware only pushes the gateway as the DNS address.  This wouldn't be too big of an issue if the DNS overrides in the backend actually behaved as they should.

    The short of it, DNS is broken in this current firmware and I'll be creating a ticket in the next couple of days.  This is a HUGE security issue so I hope that Linksys will fix it.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    As Kristy from OpenDNS said above, your option may be to roll back to an earlier firmware for this router for the time being until a fixed version comes up.

    0
    Comment actions Permalink
  • Avatar
    jimmyandrews

    yup, and sending an email to linksyscares@linksys.com

    Thank you all for taking a gander.  While I still didn't get one of my answers (what's up with those 2 IP addresses and why those in particular) I am happy that I am making progress.  (they just told me not to roll-back, SMH)

    Thanks Again!

    0
    Comment actions Permalink
  • Avatar
    jimmyandrews

    Chat Transcript for posterity:


    Jermine P:
    Hello Jimmy Andrews. My name is Jermine.
    Jermine P:
    Welcome to Linksys Global Chat. Is this the first time you've contacted chat support?
    You:
    I think so, at least with my current product anyway :-)
    Jermine P:
    Hello, Jimmy! Before we get started, please confirm the following information.
    Name: Jimmy Andrews
    Phone:
    Email:
    Location: United States

    You:
    Looks good!
    Jermine P:
    Thank you for confirming. For me to validate the entitlement status of your device, may I have its model and serial number?
    You:
    EA6500, 12NxxxC30xxx2
    You:
    EA6500v2, sorry
    Jermine P:
    May I know when and where did you purchase it?
    You:
    WalMart on 9/30/2014
    Jermine P:
    Thank you. How may I help you today?
    You:
    Well, I started a Forum thread about some DNS problems that the latest firmware seems to have. http://community.linksys.com/t5/Wireless-Routers/EA6500-intermittent-issues-with-OpenDNS/td-p/891047
    You:
    the firmware is not using DHCP properly
    You:
    the overrided DNS entries are not being propagated to the clients
    You:
    only the gateway is being propagated
    You:
    and the gateway itself (the EA6500) is not behaving the way it should
    Jermine P:
    Let me verify that, Jimmy.
    Jermine P:
    You are experiencing an intermittent wireless connection, right?
    You:
    Nor do I have the ability to override the ISP DNS entries as I can in almost every other device I've used in the past
    You:
    no
    Jermine P:
    You cannot change the IP Address and DNS from the modem. However, you can ask from them to have Static IP and DNS. I believe you need to purchase for your own Static IP and DNS.
    You:
    That is actually not the case...
    You:
    You can change the DNS and in most iterations of routers, you can do this at the ISP level and the Local LAN level
    You:
    2 spots, but this firmware only has one
    You:
    and the one it offers isn't behaving to the international DHCP standards
    You:
    basically, when I set up the DHCP for my local LAN, I have the ability to enter up to 3 DNS entries
    You:
    but those 3 DNS entries are not propagating to the clients, at all. The only thing that propagates is the IP of the router for DNS.
    You:
    This is NOT how DHCP is supposed to work. Something is broken, which has been verified both by OpenDNS and the Linksys community members.
    You:
    And this creates a gigantic security hole
    Jermine P:
    By the way, where did you input the two DNS entries and OpenDNS?
    You:
    Connectivity->Local Network->DHCP Server
    You:
    The only place I can
    Jermine P:
    When you go to troubleshooting then click on Report under Status, what do you have under Internet Connection (IPv4) for DNS1, DNS2 and DNS3?
    You:
    8.8.8.8, 24.178.162.3, 24.247.15.53 These are being pulled from the Modem. Years ago when I got the modem, I was able to enter in the DNS entries and override the DHCP entries that are issued from Charter. So I put in a Google DNS server. However now, my DNS settings are locked on the modem due to Charter updating the firmware (I could always hard-reset the modem to get that option back I am assuming)
    You:
    In every router I've had for the past 15 years, I have had control to enter in DNS addresses at the ISP level AND the LAN level.
    You:
    And when I set the LAN DHCP DNS entries, in every instance those DNS entries propagate to the clients
    Jermine P:
    Is your router grabbing these DNS from the modem or these are the DNS that you set on the router?
    You:
    But not in this firmware
    You:
    From the modem
    You:
    I can't set the ISP DNS entries in this firmware
    You:
    In this firmware, it is ignoring my DHCP DNS entries and not propagating them to the clients. The DHCP system is only providing the router itself (the gateway) as the DNS server
    You:
    to my clients that is
    You:
    and this is causing problems with OpenDNS and just DNS in general. It is creating a situation where I am very susceptible to man in the middle attacks.
    Jermine P:
    What are the DNS that you set but weren't showing up?
    You:
    Connectivity->Local Network->DHCP Server
    Jermine P:
    I mean what are the numbers that you set up?
    You:
    208.67.222.222 and 208.67.220.220 (and I duplicated one of them for the third as troubleshooting step to try and resolve this issue)
    Jermine P:
    That is right, Jimmy.
    Jermine P:
    Let me check if there is a known issue about this model number that is similar to your concern.
    You:
    OK
    Jermine P:
    Please give me 3 to 5 minutes to check on it, Jimmy.
    You:
    ok
    Jermine P:
    Please give me another 3 to 5 minutes, Jimmy. Thank you.
    You:
    OK
    Jermine P:
    Thank you.
    Jermine P:
    Thank you for waiting and I am sorry for the long hold, Jimmy.
    You:
    It is OK
    Jermine P:
    Thank you. You mentioned in the forum that you updated the Firmware automatically, right? Did you try updating or reloading the same version manually?
    You:
    No. I had to do the auto-update process twice since the first auto-update didn't bring me to the latest version, but the one before. After the second update, I then did a reset of the router to defaults and then manually configured everything back to match the settings I wanted.
    Jermine P:
    I see.
    Jermine P:
    This is a feature of the router. All DNS queries are handled by the router. The router will use static DNS servers that are entered into the router UI but will only pass the IP address of the router to the DHCP client.
    You:
    This is not a feature!!!!
    You:
    this is a bug
    You:
    Linksys can't go around changing standards that have been around for over 30 years and call them a feature!!!!!
    You:
    I am requesting that a break-fix ticket be created
    You:
    And not to mention the router is NOT using the static DNS entries entered in any kind of consistent way.
    You:
    If this is truly a feature, the feature itself is also broke
    You:
    Because even with the OpenDNS configured IPs, the router does not always use those IPs for DNS requests
    You:
    This is a gaping, giant, huge, critical security flaw that has to be addressed better than 'It's a feature'
    Jermine P:
    I understand, Jimmy.
    Jermine P:
    What we can do, Jimmy is reload the Firmware version manually then we need to reset and reconfigure the device.
    You:
    OK, and when that fails to resolve the issue (since we'll be disconnected) what else can I try, because as far as troubleshooting goes, that would be the last thing to try I can think of. As an aside, the forum members are telling me that I should rollback my firmware to the one before and that Linksys may know that this is a problem with the current firmware...is that true?
    Jermine P:
    Just in case the same issue persists after reloading the Firmware version, hard reset and reconfigure the device, please contact us back.
    Jermine P:
    We don't advise Customers to roll back the device to the old Firmware.
    You:
    Soooo, gaping security flaw is better than secure, got it. I'll try your solution and if that doesn't work, I won't contact you back because I'm just going to be told that it is a feature (when it clearly isn't). Thank you for your time Jermine, I hope you have a great rest of the week!
    Jermine P:
    I am sorry for the inconvenience this has caused you, Jimmy. Thank you for giving us an opportunity to serve you through Linksys Live Chat. You may also visit our support site at support.linksys.com. We are open 24/7. Please feel free to contact us anytime. For your reference, your case number is 0348xxxx. Once again, my name is Jermine with Badge ID xxxxx. Thank you for choosing Linksys and have a great day!

    0
    Comment actions Permalink
  • Avatar
    jimmyandrews

    Email to linksyscares@linksys.com sent.  I'll post the response as soon as I get it.

    0
    Comment actions Permalink
  • Avatar
    jdrago

    Any update to this?  I have the same router, and the same problem.  

    Thanks,

    John

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Wasn't it mentioned that this is a Linksys problem, not an OpenDNS problem?  So, ask in a Linksys specific forum.

    0
    Comment actions Permalink

Please sign in to leave a comment.