Possible to disable constant DNS checks to dns.msftncsi.com?

[Untried3868]

Is it possible for you to do a reboot and check again? Are you using dnsmasq logging for monitoring?
I'm curious about the dns_probe_timeout parameter; as this thread's author reported having around 40k+ probes per month, which correcponds approximately to a single probe each minute just like you reported.

Could you confirm what's the current value of the parameter in your router right now and after a reboot (if possible)?

nvram get dns_probe_timeout

Still pinging at 1 minute intervals. Monitoring via Pihole.

nvram get dns_probe_timeout shows 2 (both router and node).

 

[dave14305]

The timeout only influences how long it waits for a slow dns response, not the interval between queries.

 

[dave14305]

It’s also possible the conn_diag process is calling the same wanduck function. Even if you try to kill it, watchdog will restart it.

I would just try to append the entry to the local hosts file on the router/AP.

131.107.255.255 dns.msftncsi.com

 

[Avrution]

I haven't seen any constant pings in the last 12 hours since changing to localhost - hopefully that means it fixes things. Still not a good solution for everyone else with the issue though.

Really seems AP mode should completely disable this.

 

[Poul Bak]

dns.msftncsi.com is a Microsoft domain. It's Windows machines doing the lookup, not the router.
Redirecting to local ip will make Windows think it's connected to internet even when your router has lost internet connection, that's all.

 

[ColinTaylor]

dns.msftncsi.com is a Microsoft domain. It's Windows machines doing the lookup, not the router.

This is incorrect. The router also uses this hostname to test whether DNS resolution (and by implication internet access) is working.

 

[Poul Bak]

This is incorrect. The router also uses this hostname to test whether DNS resolution (and by implication internet access) is working.

I stand corrected, you are right - weird that a Linux based router uses a Microsoft domain to test internet.

 

[RMerlin]

I stand corrected, you are right - weird that a Linux based router uses a Microsoft domain to test internet.

Asus probably chose this because that remote server is specifically designed for that purposes, and it`s also less likely to be impacted by ISP or upstream firewalls.

You don`t want to DDoS a random remote site by having 250,000+ routers constantly pinging it. Ask D-Link about their past NTP abuses for example... They hardcoded some random NTP server which was never intended to support the load of all of D-Link's router owners, crushing that server.

 

[Avrution]

Asus probably chose this because that remote server is specifically designed for that purposes, and it`s also less likely to be impacted by ISP or upstream firewalls.

You don`t want to DDoS a random remote site by having 250,000+ routers constantly pinging it. Ask D-Link about their past NTP abuses for example... They hardcoded some random NTP server which was never intended to support the load of all of D-Link's router owners, crushing that server.

Kind of like how TP-Link hardcoded a bunch of their stuff to a JP server. Only just discovered this when I found the whole Asus issue. They didn't feel the need to patch the older revision of the device I had, so I bought a newer version.

 

[dave14305]

Ask D-Link about their past NTP abuses for example... They hardcoded some random NTP server which was never intended to support the load of all of D-Link's router owners, crushing that server.

It's also unfriendly that Asus routers use pool.ntp.org as the default time server without abiding by the NTP pool vendor guideline for a dedicated hostname.

pool.ntp.org: The NTP Pool for vendors

www.ntppool.org

 

[RMerlin]

It's also unfriendly that Asus routers use pool.ntp.org as the default time server without abiding by the NTP pool vendor guideline for a dedicated hostname.

pool.ntp.org: The NTP Pool for vendors

www.ntppool.org

Interesting, I wasn't aware of that. I feel like a large number of products out there do use pool.ntp.org as the default.

EDIT: I just checked out of curiosity, and QNAP also uses pool.ntp.org.

I use time.nrc.ca on my own router. Old habit of mine.

 

[Poul Bak]

It's also unfriendly that Asus routers use pool.ntp.org as the default time server without abiding by the NTP pool vendor guideline for a dedicated hostname.

pool.ntp.org: The NTP Pool for vendors

www.ntppool.org

I have also wondered why my ISP doesn't contribute to the ntp pool. A Stratum 1 server is basically just a GPS receiver, not expensive. Then they could also serve their customers with an accurate time.

 

[bits]

time.google.com because they can surely handle and scale to any amount of users. The terms also say you can use it for commercial use etc.

Frequently Asked Questions | Public NTP | Google for Developers

developers.google.com

 

[jrichard326]

My TP-Link wifi range extender constantly contacts:
a.root-servers.net
Diversion allows this connection and from research, there isn't a way to stop this activity other than getting rid of the device, however, this device works well as intended.

 

[Untried3868]

Is there no way to reduce the frequency of the pings to dns.msftncsi.com?