What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Constant unwanted traffic to dns.msftncsi.com from RT-AC66U

This is really a bit of a necro-thread, and I think @ColinTaylor put it to bed in the post you've responded to. Quite seriously, I fail to see how a ONCE PER MINUTE PING can really be considered an issue!
 
Crimliar said:
This is really a bit of a necro-thread, and I think @ColinTaylor put it to bed in the post you've responded to. Quite seriously, I fail to see how a ONCE PER MINUTE PING can really be considered an issue!
Click to expand...
I didn't quote respond to them did I?

So once per minute is clogging up my pihole log like others have said, that's not really the core issue here. The router constantly doing this when I personally don't want it to and have told it not to, is the issue, since it shouldn't be doing it. Id rather my network not constantly ping microsoft.

Also my mistake its twice per minute (21,327 total entries so far in less then 24 hours).
 
hybridzach said:
Hi, I wonder if anyone can help me. I am also getting the same issue. I have changed the nvram parameters, and also edited the registry on the windows machine and also changed the hosts file to go to 0.0.0.0, yet my pihole log is pinging this domain once every minute.
Click to expand...
Which router model?
What firmware version?
Which nvram parameters did you change and to what?

What are your router's WAN DNS servers? They should be pointing to an external server and not a local PiHole.
 
ColinTaylor said:
Which router model?
What firmware version?
Which nvram parameters did you change and to what?

What are your router's WAN DNS servers? They should be pointing to an external server and not a local PiHole.
Click to expand...

Model:TUF GAMING AX4200
Firmware Version:3.0.0.4.388_33903

Nvram changes:
nvram set dns_probe_content=0.0.0.0
nvram set dns_probe_host=""
nvram commit
reboot

nvram show | grep dns_probe:
dns_probe=0
size: 43144 bytes (210808 left)
dns_probe_timeout=1
dns_probe_host=
dns_probe_content=0.0.0.0

My WAN DNS is my pihole what's exactly wrong with that? When there is an ability to set what ever DNS you wish there? Giving examples like google and cloudflare as options?
 
hybridzach said:
Model:TUF GAMING AX4200
Firmware Version:3.0.0.4.388_33903
Click to expand...
OK your options are more limited then compared to Merlin's firmware.

hybridzach said:
My WAN DNS is my pihole what's exactly wrong with that? When there is an ability to set what ever DNS you wish there? Giving examples like google and cloudflare as options?
Click to expand...
The WAN DNS is what the router uses for itself (e.g. checking whether the internet connection is working, NTP, etc). Having this traffic going through and being reliant on a PiHole is not usually desirable. Typically the LAN DNS server settings is where you would put your clients' DNS servers (e.g. your PiHole address). Try that and if it doesn't solve your problem come back to us.
 
hybridzach said:
So once per minute is clogging up my pihole log like others have said, that's not really the core issue here.
Click to expand...
How have you configured your router for Pi-Hole usage? Did you put the Pi-Hole IP addresses into the router's WAN DNS field(s)? If so that is not the recommended setting according to Pi-Hole. Put the Pi-Hole IP into the LAN DHCP DNS field(s).

ASUS router - Pi-hole documentation

docs.pi-hole.net docs.pi-hole.net
However, we recommend to setup Pi-hole always as DNS server for your LAN! If you do so, Pi-hole's IP is distributed as DNS server via DHCP to your network clients. Each client will directly send their queries to Pi-hole and will be shown individually in Pi-hole's web interface. Additionally, you can use the group management features.
Click to expand...
Putting the Pi-Hole IP into the WAN DNS field may cause a feedback loop of requests depending on the Pi-Hole settings, which can flood the network with DNS requests, crippling the local network, and fill the Pi-Hole log. See the following link for one way to setup Pi-Hole on Asus routers.
www.snbforums.com

Pihole DNS

You need a client rule beneath this section to let your PiHole send DNS requests without being filtered back to…wait for it,,,the PiHole IP. You would end up with a devastating DNS loop. ok.. and that rule is placed where and how.. This reminds of a an episode of The Office where Oscar is...
www.snbforums.com www.snbforums.com
Note: Depending on the Asus-Merlin firmware version there is a change in the DNS Director operation in the latest Asus-Merlin firmware which is not reflected in the previous link that gives an example of DNS Director configuration with Pi-Hole.
 
ColinTaylor said:
The WAN DNS is what the router uses for itself (e.g. checking whether the internet connection is working, NTP, etc). Having this traffic going through and being reliant on a PiHole is not usually desirable. Typically the LAN DNS server settings is where you would put your clients' DNS servers (e.g. your PiHole address). Try that and if it doesn't solve your problem come back to us.
Click to expand...
Pardon my ignorance but the router says "Assign a DNS service to improve security, block advertisement and gain faster performance." And gives options similar to a pihole for instance to block ads etc network wide? Wouldn't I prefer to do that before the router vs after?
 
This is a problem on the device side - when I was doing IoT development over 4g a couple of years back, there was a concern about how Iot devices would behave if the WAN connection had difficulty - e.g. if the first attempt failed to connect, how aggressively the firmware would try to connect after the failed attempt.

Much of this goes towards the IoT battery, so one should "spiral" out the approach - e.g. move from once per minute maybe out to 5 mins, then 10 up to 4 hours - key thing is to let it connect.

And then there's the discussion about how often to connect - it's one thing for a desktop to check connectivity, it's another for something like a security system...

And then you have broken things - I've got a Nest Home Mini - and it can get into a state where it's pinging gstatic.com every 15 seconds...

Point here - some traffic is actually reasonable if it helps the user experience, but many times it gets out of hand...

randomly adding firewall rules to block all traffic might not be the best approach here
 
ColinTaylor said:
Yes, so that's why you set your PiHole address in the LAN DNS settings as @bennor and I said.
Click to expand...
I think I was misunderstanding. So if I set it to lan in the dhcp the devices use the pihole DNS I understand that part but the router itself before it gets wan from my ISP isn't being filtered right? Wouldn't it be better from a security and performance perspective to use a custom DNS vs my isps?
 
hybridzach said:
... but the router itself before it gets wan from my ISP isn't being filtered right?
Click to expand...
Correct.

hybridzach said:
Wouldn't it be better from a security and performance perspective to use a custom DNS vs my isps?
Click to expand...
The router's own use of DNS is minimal. It's not as if it's browsing websites. But if you don't trust your ISP's DNS servers you can use some other public DNS servers.

Your ISP's DNS servers are usually faster than other public DNS servers like Google and serve CDN better.

"security and performance" might be an issue for your LAN clients but that's dependant on how you've configured your PiHole and what upstream servers the PiHole is using.
 
Last edited:
ColinTaylor said:
The router's own use of DNS is minimal. It's not as if it's browsing websites. But if you don't trust your ISP's DNS servers you can use some other public DNS servers. "security and performance" might be an issue for your LAN clients but that's dependant on how you've configured your PiHole and what servers the PiHole is using.
Click to expand...

IIRC - some of the router, esp if configured for dual wan (active/active or active/fallback) would hit a DNS server to check connectivity there - was that the WANDUCK process?
 
I don't use dual wan.
Okay so imma just use cloudflare as my wan DNS.

It no longer clogs my pihole ofc.

My next question so I can wrap my head around this the dhcp server dishing out my pihole as a DNS bypasses the wan DNS? As would me setting the dhcp static to cloudflare? As in it doesn't go through the pihole then through the routers wan DNS then to the www?

So the wan DNS is purely for the router only? I'm a little confused NGL 😅

Also PS edit:
Now the dhcp of the router assigns the correct DNS but as primary and secondary is the router gateway IP, which I assume then uses the WAN DNS as a failsafe? I only want it to use my pihole.

Nvm I'm blind - Advertise router's IP in addition to user-specified DNS wasnt set as no.
 
Last edited:
hybridzach said:
I don't use dual wan.
Okay so imma just use cloudflare as my wan DNS.

It no longer clogs my pihole ofc.

My next question so I can wrap my head around this the dhcp server dishing out my pihole as a DNS bypasses the wan DNS? As would me setting the dhcp static to cloudflare? As in it doesn't go through the pihole then through the routers wan DNS then to the www?

So the wan DNS is purely for the router only? I'm a little confused NGL 😅

Also PS edit:
Now the dhcp of the router assigns the correct DNS but as primary and secondary is the router gateway IP, which I assume then uses the WAN DNS as a failsafe? I only want it to use my pihole.

Nvm I'm blind - Advertise router's IP in addition to user-specified DNS wasnt set as no.
Click to expand...
The one downside to using the Pi-Hole as the only DNS on your LAN is the Raspberry Pi can be more prone to failure than the router if Pi-Hole is on a RPI. The RPI uses a Micro SD card which can fail suddenly. If that happens your LAN clients will be without DNS. For Failsafe operation use two RPI's or put Pi-Hole on another always up client. Or use the router for the second DNS and set it to use a filtering DNS service such as Cloudflare Security, Quad9 or better yet Control D. I have a RPI 3b+ that runs Stubby and DNSMASQ with Stubby set to go to Control D (76.76.2.2, 76.76.10.2) and the router set to the same. If my RPI fails the router DNS will still work. Sounds like overkill but I feel I get as good DNS protection/add blocking with the Control D service as running Pi-Hole. And, I do not have to keep the Pi-Hole updated.
 
Last edited:
You must log in or register to reply here.

Similar threads

JoeTheDownloader
RT-AC68U, 386.9, constant DNS lookups of www.google.com
Replies
2
Views
2K
JoeTheDownloader
JoeTheDownloader
N
Replacing AC88U, serving 6x CAT5e, all WiFi from AiMesh nodes...suggestions?
Replies
7
Views
1K
Justinh
J
Outmost6552
RT-AX58U Traffic Analyzer not showing data
Replies
7
Views
6K
jpthsd
J
eibgrad
Tutorial How to monitor DNS traffic in real-time
10 11 12
Replies
238
Views
53K
Viktor Jaep
Viktor Jaep
dealwithit
Unable to get rid of WAN IP from VPN connection that no longer exists
Replies
7
Views
1K
Nesalex
N
Similar threads
Thread starter Title Forum Replies Date
5 Roaming Assist and Constant Deauth/Reassoc Question ASUSWRT - Official 17

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 595 (members: 24, guests: 571)
Back
Top