1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

r7800 - repeating syslog message dnsmasq[19634]: NOT DNS Hijack mode!!!

Discussion in 'NETGEAR AC Wireless' started by Mariachi, Mar 29, 2020.

  1. Mariachi

    Mariachi Occasional Visitor

    Joined:
    Oct 5, 2017
    Messages:
    11
    Since today I have many of these messages in the syslog.

    Mar 29 18:50:00 192.168.179.3 dnsmasq[19634]: NOT DNS Hijack mode!!!
    Mar 29 18:50:01 192.168.179.3 dnsmasq[19634]: NOT DNS Hijack mode!!!
    Mar 29 18:50:03 192.168.179.3 dnsmasq[19634]: NOT DNS Hijack mode!!!
    Mar 29 18:50:04 192.168.179.3 dnsmasq[19634]: NOT DNS Hijack mode!!!
    Mar 29 18:50:05 192.168.179.3 dnsmasq[19634]: NOT DNS Hijack mode!!!
    Mar 29 18:50:06 192.168.179.3 dnsmasq[19634]: NOT DNS Hijack mode!!!
    Mar 29 18:50:07 192.168.179.3 dnsmasq[19634]: NOT DNS Hijack mode!!!
    Mar 29 18:50:08 192.168.179.3 dnsmasq[19634]: NOT DNS Hijack mode!!!


    Message pop's up every second. No clue why.
    Firmware = Voxel V1.0.2.74.4SF + Entware + Kamoj

    Note that syslog is configured to log remotely:
    [email protected]:/www$ ps | grep syslog
    4725 root 376 S syslogd -L -m 0 -T GMT-1GMT,M3.5.0/2:00,M10.5.0/2:00


    Seem to have two dns-hijack versions / configs running ;) but not sure which one is what / why? .

    [email protected]:/etc/init.d$ ps | grep dns
    4338 root 208 S aclhijackdns
    4721 root 380 S /usr/sbin/ntgrddns -c /tmp/ntgrdns.conf
    19634 guest 972 S /usr/sbin/dnsmasq --except-interface=lo -r /tmp/resol

    29894 root 404 S /bin/sh -c /usr/sbin/dns-hijack
    29895 root 452 S /bin/sh /usr/sbin/dns-hijack


    [email protected]:/etc/init.d$ echo $PATH
    /bin:/sbin:/usr/bin:/usr/sbin:/opt/bin:/opt/sbin


    Below the config files;

    [email protected]:/etc$ cat dnsmasq.conf
    # Filter what we send upstream
    domain-needed
    bogus-priv
    localise-queries
    no-negcache
    cache-size=4096

    [email protected]::/etc$ cat dnsmasq-resolv.conf
    # Filter what we send upstream
    domain-needed
    bogus-priv
    localise-queries
    no-negcache
    cache-size=4096

    [email protected]::/etc$ cat resolv.conf
    nameserver 208.67.222.123
    nameserver 208.67.220.222
    nameserver 8.8.8.8

     
  2. Mariachi

    Mariachi Occasional Visitor

    Joined:
    Oct 5, 2017
    Messages:
    11
    Running processes:

    [email protected]:/etc/init.d$ ps
    PID Uid VmSize Stat Command
    1 root 388 S init
    2 root SW [kthreadd]
    3 root SW [ksoftirqd/0]
    4 root DW [kworker/0:0]
    6 root SW [migration/0]
    7 root SW [migration/1]
    9 root SW [ksoftirqd/1]
    10 root SW< [khelper]
    111 root SW [irq/202-msmdata]
    280 root SW [sync_supers]
    282 root SW [bdi-default]
    283 root SW< [crypto]
    284 root SW< [kblockd]
    289 root SW< [ata_sff]
    293 root SW< [spi_qsd.5]
    296 root SW [msm-spi-thread]
    307 root SW [khubd]
    399 root SW< [modem_notifier]
    401 root SW< [smd_channel_clo]
    402 root SW< [smsm_cb_wq]
    427 root SW< [qmi]
    456 root SW< [nmea]
    458 root SW< [rpcrouter]
    474 root SW [kswapd0]
    519 root SW [fsnotify_mark]
    548 root SW< [smux_notify_wq]
    549 root SW< [smux_tx_wq]
    550 root SW< [smux_rx_wq]
    551 root SW< [smux_loopback_w]
    567 root SW [scsi_eh_0]
    582 root SW [mtdblock0]
    587 root SW [mtdblock1]
    592 root SW [mtdblock2]
    597 root SW [mtdblock3]
    602 root SW [mtdblock4]
    605 root SW [kworker/1:1]
    608 root SW [mtdblock5]
    613 root SW [mtdblock6]
    618 root SW [mtdblock7]
    623 root SW [mtdblock8]
    628 root SW [mtdblock9]
    633 root SW [mtdblock10]
    638 root SW [mtdblock11]
    643 root SW [mtdblock12]
    653 root SW [mtdblock13]
    666 root SW [ubi_bgt0d]
    673 root SW [mtdblock14]
    682 root SW [mtdblock15]
    691 root SW [mtdblock16]
    700 root SW [mtdblock17]
    709 root SW [mtdblock18]
    718 root SW [mtdblock19]
    766 root SW< [usbnet]
    786 root SW< [iewq]
    787 root DW [kinteractiveup]
    796 root SW< [msm-cpufreq]
    800 root SW< [rq_stats]
    807 root SW< [deferwq]
    1287 root SW [ubifs_bgt0_5]
    1325 root 252 S init
    1343 root 308 S klogd
    1346 root 3188 S /bin/datalib
    1373 root 240 S /sbin/watchdog -t 5 /dev/watchdog
    1402 root SW< [cifsiod]
    1419 root SW< [gmac_workqueue]
    1425 root SW< [nss_freq_queue]
    1426 root SW< [coredump_wait]
    1456 root SW< [bond0]
    1579 root SW [scsi_eh_1]
    1580 root SW [usb-storage]
    1604 root SW [kworker/0:2]
    1610 root 540 S /sbin/hotplug2 --override --persistent --set-rules-file /etc/hotplug2.rules --set-coldplug-cm
    1816 root 340 S /sbin/ubusd
    1872 root 948 S /usr/sbin/haveged -w 1024 -d 32 -i 32 -v 1
    2011 root SW< [ecm_nss_ipv4_wo]
    2012 root SW< [ecm_nss_ipv6_wo]
    2019 root 244 S /usr/bin/detcable 2
    2462 root SW [kworker/1:2]
    2522 root 376 S udhcpd /tmp/udhcpd.conf
    3724 root DW [kworker/u:2]
    3817 root SW [jbd2/sda1-8]
    3818 root SW< [ext4-dio-unwrit]
    4086 root 336 S /usr/sbin/net-scan
    4090 root 288 S lld2d br0
    4111 root SW [flush-8:0]
    4318 root 312 S /usr/sbin/uhttpd -h /www -r R7800 -x /cgi-bin -t 40 -p 0.0.0.0:80 -C /etc/uhttpd.crt -K /etc/
    4331 root 536 S /usr/sbin/uhttpd -h /www -r R7800 -x /cgi-bin -t 40 -p 0.0.0.0:80 -C /etc/uhttpd.crt -K /etc/
    4333 root 392 S inetd
    4338 root 208 S aclhijackdns
    4438 root 304 S sleep 501
    4559 root 232 S /usr/bin/hd-idle -i 1800
    4721 root 380 S /usr/sbin/ntgrddns -c /tmp/ntgrdns.conf
    4725 root 376 S syslogd -L -m 0 -T GMT-1GMT,M3.5.0/2:00,M10.5.0/2:00 -c 1151 -R 192.###.###.### (# = hidden)
    4766 root 256 S potd
    4768 root 180 S potval
    4769 root 472 S /bin/sh /usr/sbin/netconn.sh
    4830 root 352 S /sbin/traffic_meter
    4873 root SW [ telnetDBGD ]
    4874 root SW [ acktelnetDBGD ]
    4875 root SW [checkSBusTimeou]
    4877 root SW [NU TCP]
    4878 root SW [NU UDP]
    4879 root 420 S /sbin/KC_BONJOUR
    4880 root 456 S /sbin/KC_PRINT
    5048 root 468 S /bin/sh /sbin/check_status.sh
    5201 root 276 S /usr/sbin/dropbear -p 192.###.###.###:### -a -s -P /var/run/dropbear.pid (# = hidden)
    5387 root 560 S /bin/sh /usr/bin/addon_info_update.sh start_addon_functions
    5388 root 560 S /bin/sh /usr/bin/addon_info_update.sh start_addon_functions
    5389 root 536 S /bin/sh /usr/bin/addon_info_update.sh start_addon_functions
    5390 root 448 S /bin/sh /usr/bin/addon_info_update.sh start_addon_functions
    5923 root 1192 S /usr/sbin/smbd -D
    6139 root 1572 S /usr/bin/transmission-daemon -g /tmp/transmission-gui
    6265 root 1176 S hostapd -P /var/run/wifi-ath1.pid -B /var/run/hostapd-ath1.conf -e /var/run/entropy-ath1.bin
    6267 root 312 S hostapd_cli -i ath1 -P /var/run/hostapd_cli-ath1.pid -a /lib/wifi/wps-hostapd-update-uci -p /
    6438 root 916 S /usr/sbin/nmbd -D
    6444 root 736 S /usr/bin/dbus-daemon --system
    6458 root 1180 S hostapd -P /var/run/wifi-ath0.pid -B /var/run/hostapd-ath0.conf -e /var/run/entropy-ath0.bin
    6460 root 312 S hostapd_cli -i ath0 -P /var/run/hostapd_cli-ath0.pid -a /lib/wifi/wps-hostapd-update-uci -p /
    6481 root 1160 S avahi-daemon: running [R7800.local]
    6556 root 596 S /usr/sbin/lbd -d -C /tmp/lbd.conf
    6572 root SW [kworker/u:3]
    6629 root 1552 S /usr/sbin/afpd -F /etc/netatalk/afpd.conf -P /var/run/afpd.pid -c 7
    6631 root 456 S /bin/sh /usr/sbin/check_time_machine
    6740 root 27012 S netdata
    6748 root 2460 S snmpd -c /opt/etc/snmp/snmpd.conf
    6769 root 1760 S /opt/bin/fping -N -l -Q 5 -p 400 -R -b 56 -i 1 -r 0 -t 5000 192.###.###.### 10.###.###.### 192.### (# = hidden)
    6770 root 2152 S /opt/lib/netdata/plugins.d/apps.plugin 2
    7698 root 308 S sleep 60
    7984 root 304 S sleep 17
    8069 root 304 S sleep 60
    8117 root 304 S sleep 11
    8172 root 304 S sleep 60
    8285 root 304 S sleep 13
    8304 root 304 S sleep 3
    8328 root 404 S /bin/sh -c /usr/sbin/dns-hijack
    8329 root 452 S /bin/sh /usr/sbin/dns-hijack
    8332 root 304 S sleep 1
    8333 root 408 R ps
    10586 root 368 S /usr/sbin/aws-iot
    10599 root 292 S /usr/sbin/icqm
    12691 root SW [kworker/u:1]
    14287 root DW [kworker/u:0]
    15427 root 644 S /usr/sbin/dropbear -p 192.###.###.###:### -a -s -P /var/run/dropbear.pid (# = hidden)
    15582 root 564 S -ash
    18326 root 644 S /usr/sbin/dropbear -p 192.###.###.###:### -a -s -P /var/run/dropbear.pid (# = hidden)
    19185 root 568 S -ash
    19393 root 304 S udhcpc -b -i brwan -h r7800 -r 0.0.0.0 -N 83.82.246.142
    19533 root 320 S /usr/sbin/ntpclient
    19610 root 384 S /usr/sbin/crond -c /tmp/etc/crontabs -T GMT-1GMT,M3.5.0/2:00,M10.5.0/2:00
    19634 guest 988 S /usr/sbin/dnsmasq --except-interface=lo -r /tmp/resolv.conf
    20895 root 644 R /usr/sbin/dropbear -p 192.###.###.###:### -a -s -P /var/run/dropbear.pid (# = hidden)
    21390 root 572 S -ash
    22819 root 2028 S /usr/sbin/openvpn /tmp/openvpn/server_tap.conf
    22820 root 2604 S /usr/sbin/openvpn /tmp/openvpn/server_tun.conf
    24301 root 1664 S bash /opt/lib/netdata/plugins.d/tc-qos-helper.sh 2
    28218 root SW [kworker/0:3]
    29406 root SW [kworker/u:4]
    30337 root 464 S /bin/sh /sbin/check_status.sh