386.4 does not respect connectivity checker settings on RT-AX88U

[awn]

I've seen many posts about this in the past, for example here: https://www.snbforums.com/threads/network-flooded-by-dns-msftncsi-com-requests.61155/

However I've followed all the instructions and _still_ see many requests to dns.msftncsi.com, it makes no sense. I have disabled DNS lookup in Asus settings:

I have changed the nvram settings:

However I'm still getting requests to that host, and blocking the DNS request in my DNS server results in the router thinking that connectivity has failed so it's clearly still using the DNS checks and not the configured ping check.

Could it be this bug again: https://github.com/RMerl/asuswrt-merlin.ng/commit/8943404b78901f32954d93c4e27a92c998b725c6

?

Thanks

 

[dave14305]

Unavoidable now in 386.4. Old tricks no longer apply. Discussed a lot in the 386.4 threads.

 

[ColinTaylor]

However I've followed all the instructions and _still_ see many requests to dns.msftncsi.com, it makes no sense.

As Dave said, this action is mandatory now. However, I think there is a misunderstanding of what is happening.

It is not sending any traffic to dns.msftncsi.com. What it is doing is trying to resolve that DNS name using whatever you've specified as your WAN DNS server. In other words it's effectively doing an nslookup dns.msftncsi.com and then checking for a failure. You could use any resolvable DNS name instead, for example www.snbforums.com, provided it returns an IP address that matches the address in the "Resolved IP Addresses" field.

 

[awn]

As Dave said, this action is mandatory now. However, I think there is a misunderstanding of what is happening.

It is not sending any traffic to dns.msftncsi.com. What it is doing is trying to resolve that DNS name using whatever you've specified as your WAN DNS server. In other words it's effectively doing an nslookup dns.msftncsi.com and then checking for a failure. You could use any resolvable DNS name instead, for example www.snbforums.com, provided it returns an IP address that matches the address in the "Resolved IP Addresses" field.

So you're saying it cannot use pings anymore?

Where is this host configured? I removed it from both the command line and in the UI and it is still finding that domain somewhere..

What a silly design, I'm assuming from ASUS

 

[eibgrad]

If the goal it to simply block those DNS requests from leaving the WAN, then force it to resolve to the local hosts file (//etc//hosts).

echo "$(nslookup $(nvram get dns_probe_host) | \
    awk '/^Name:/,0 {if (/^Addr[^:]*: [0-9]{1,3}\./) print $3}') \
        $(nvram get dns_probe_host)" >> //etc//hosts

Yes, it's ugly, but it works. The router should still believe it's connected.

 

[ColinTaylor]

Where is this host configured? I removed it from both the command line and in the UI and it is still finding that domain somewhere..

If you remove those entries it falls back to using the default values.

I'll PM you something...