Two DNS requests to amazonaws every 30 seconds since installing AIMesh

[Qwinn]

Hi everyone. So about a week ago I replaced an old netgear extender with a RP AX58 to serve as a node for my AXE16000 router running Merlin 3006.102.4. Finally I had an AIMesh! This was a definite upgrade in several ways such as allowing me to bind several devices to the extender, since without that binding both the Netgear and AX58 extenders would for some bizarre reason not connect to several devices to which they were significantly closer and for which the RP AX58 provide much better connectivity once bound.

I was also able to ssh in to this extender and change the connectivity check destination! Woohoo! No more thousands of DNS requests to www.netgear.com! Both router and extender now set to the connectivity check server of my choice.

But now, Pihole is showing me that my single largest DNS request, by over 2x, isn't to my chosen connectivity site anymore, but to... this:

a2b5xydzr1fxog-ats.iot.us-west-2.amazonaws.com

What the heck is that address? All requests are coming from the router - an A and an AAAA request (despite my having no IPV6 connectivity) every 30 seconds. I have no IOT devices. Does AIMesh treat its nodes as an IOT device that has to communicate with Amazon to function somehow?

I suppose it's *possible* I simply didn't recognize this address before getting this RP AX58 in my pihole list... or that I just didn't notice they were coming solely from the router... but seems unlikely given how many requests it's making, the #1 requested address.

I'd like to know what the purpose of the router requesting resolution for this address 4 times a minute is, and if this traffic is necessary or if it can be redirected like connectivity checks are. I have Microtrends permissions disabled, by the way.

(Whatever the answer, PLEASE don't tell me "You shouldn't have your router DNS requests going through your Pihole". I LIKE that it does - because otherwise I'd never know about things like this. It is causing no problems and I have no "conditional forwarding loop" going on.)

 

[dave14305]

You shouldn’t have you router DNS…

It’s definitely a name embedded in the Asus firmware but no idea what uses it. You should see an awsiot daemon running on your device.

asuswrt-merlin.ng/release/src/router/aws-iot/src/awsiot_config.h at fec8643b8ca60caaf5271647b0947d1158853cf5 · RMerl/asuswrt-merlin.ng

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

 

[Qwinn]

You shouldn’t have you router DNS…

It’s definitely a name embedded in the Asus firmware but no idea what uses it. You should see an awsiot daemon running on your device.

asuswrt-merlin.ng/release/src/router/aws-iot/src/awsiot_config.h at fec8643b8ca60caaf5271647b0947d1158853cf5 · RMerl/asuswrt-merlin.ng

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

Okay, thanks, so I'm not crazy, heh.

Thinking about it, I guess I may have some devices that are considered IoT, namely, my ADT control system devices. Previously the two patio cameras would sometimes connect to my extender (netgear or AX58) but the actual alarm panel that is RIGHT next to where I mount the extender never would, it would always grab a weak connection to the router rather than go through the extender. Binding it, I now get a much more solid connection, which is great.

Just wanted to clarify that "no IOT devices" may or may not be correct... but it remains that I never noticed all these DNS requests to that address before this, so.

 

[dave14305]

I would still be skeptical that so many requests are justified. Seems unusual to me. I don’t use AiMesh though.

 

[ColinTaylor]

Maybe something to do with "linking" the Asus app (whatever that means)?

CPU utilisation spikes AX86U?

I keep getting strange CPU utilisation spikes on my AX86U for the past few months and I cant figure out how to fix it. I've done numerous L&LD resets & minimal config before performing more resets and I still can't find the cause of this. It only occurs on core 3. Whenpon SSH into my router and...

www.snbforums.com

 

[Qwinn]

Maybe something to do with "linking" the Asus app (whatever that means)?

CPU utilisation spikes AX86U?

I keep getting strange CPU utilisation spikes on my AX86U for the past few months and I cant figure out how to fix it. I've done numerous L&LD resets & minimal config before performing more resets and I still can't find the cause of this. It only occurs on core 3. Whenpon SSH into my router and...

www.snbforums.com

Oooh - that rings true to me. I *did* try to link to the Asus site, and it keeps telling me it fails. (There's actually a long backstory here... when I installed the app to install the AX58, it told me account wasn't linked properly, so I tried to, and effectively wound up losing access/control over my old DDNS for asuscomm.com, had to make a new one, even wound up making a new certificate for the new DDNS even tho now I'm not sure that was necessary, not trying to connect remotely).

Let me see if I can figure out a way to "unlink", given that it keeps telling me it fails to link in the first place.

 

[Qwinn]

Alright, so. I managed to actually log my router into my asus account properly. Checked pihole - still connecting to aws. Then I logged it out. Still connecting.

So. In the phone app, when I click "Settings" and then "Account Binding", it immediately starts spinning like it's trying to connect, then after a minute or two, returns "Notice: Operation Failed (13000)". I feel like I have some old defunct binding to my old DDNS, and I'm going to have to reestablish a correct binding so that I can then *un*bind it. So I tried reactivating my new router DDNS (I really don't need it), maybe that is what was preventing new binding. But no. Still fails when I go into Account Binding option on the phone app.

I don't need this phone app at all, and not sure it's responsible anyway, as I keep it in a separate profile on my phone that is not active (and not allowed to run in background) most of the time. I have no problem uninstalling this app. If I ever do decide to remote connect, I'll do it via VPN. So - I uninstalled it. And still seeing the DNS requests.

So... on my PC, the regular GUI... is there an option here to "unlink" my account that apparently resolves this? Cause I'm not seeing it.

 

[Qwinn]

So this is getting more troubling. I wanted to see if I was getting similar CPU spikes like the guy in that thread mentioned....

And I can't see my CPU status anymore. I mean, it should be here, right? On the right side under "Network Map"?

 

[OzarkEdge]

Some things are not worth figuring out, imo... I would recommission the router (Hard Reset the firmware and configure from scratch) and avoid using any and all unnecessary 'features' that only tend to layer on ASUS trouble.

OE

 

[Qwinn]

Sigh... that would involve a whole bunch of DHCP Manual IP address reentry, for like 50 devices. Would prefer to avoid that if I can. Aside from that, not trying to use any "features" at all. I don't want my Asus account bound, I just can't seem to explicitly unbind it (if it is - I'm assuming it is because the thread I was pointed to said that unbinding was a solution).

Router settings are pretty much default, aside from my big DHCP manual IP assignment table. This all just seems to have happened cause the phone app was necessary (according to the instructions) to get my AX58 node installed...

But yeah, I'm thinking a hard reset may be the only way to get my CPU status working again I *do* want that back.

(I'd be more eager to do the hard reset thing if I'd ever done it before...)

 

[Qwinn]

So on the reinstalled phone app, under Settings -> System Settings, I found an "Unbind Account" option. Tried it and it seemed to work, cause after that the same menu showed "Unlink with Phone" rather than "Unbind account". Unfortunately still showing DNS requests. I'm going to try to just reboot the router, maybe it won't start that iot process again after that. Can't reboot it right now tho as it would interfere with wife's work. Will report back in a bit.

 

[dave14305]

that would involve a whole bunch of DHCP Manual IP address reentry, for like 50 devices. Would prefer to avoid that if I can.

Save the existing entries with this command. Paste the results back on the command line after reset. Add nvram commit and then reboot.

echo "nvram set dhcp_staticlist=\"$(nvram get dhcp_staticlist)\""

I'm going to try to just reboot the router, maybe it won't start that iot process again after that. Can't reboot it right now tho as it would interfere with wife's work.

Just run service restart_awsiot and see if it helps for now.

 

[Qwinn]

Save the existing entries with this command. Paste the results back on the command line after reset. Add nvram commit and then reboot.

echo "nvram set dhcp_staticlist=\"$(nvram get dhcp_staticlist)\""

Just run service restart_awsiot and see if it helps for now.

Thanks for that dhcp command, no doubt that will come in handy. Saved for future reference.

Did the service restart. Confirmed it restarted in system log. Still seeing the DNS requests.

 

[dave14305]

Did the service restart. Confirmed it restarted in system log.

Try service restart_mastiff next.

 

[Qwinn]

Try service restart_mastiff next.

DNS requests continue.

(I greatly appreciate the help btw)

 

[dave14305]

DNS requests continue.

(I greatly appreciate the help btw)

Let’s try this:

touch /tmp/AWSIOT_DEBUG_SYSLOG

Then watch the system log for messages. Turn off the debugging by removing the file.

rm /tmp/AWSIOT_DEBUG_SYSLOG

 

[Qwinn]

Let’s try this:

touch /tmp/AWSIOT_DEBUG_SYSLOG

Then watch the system log for messages. Turn off the debugging by removing the file.

rm /tmp/AWSIOT_DEBUG_SYSLOG

Jul 15 13:29:49 awsiot[20763]: Creating an MQTT connection to a2b5xydzr1fxog-ats.iot.us-west-2.amazonaws.com.
Jul 15 13:29:49 awsiot[20763]: MQTT connection successfully established with broker
Jul 15 13:29:49 awsiot[20763]: An MQTT session with broker is re-established. Resending unacked publishes.
Jul 15 13:29:49 awsiot[20763]: Failed to send SUBSCRIBE packet to broker with error = MQTTBadParameter.
Jul 15 13:29:49 awsiot[20763]: Openssl disconnect, Short delay before starting the next iteration....

 

[dave14305]

Jul 15 13:29:49 awsiot[20763]: Creating an MQTT connection to a2b5xydzr1fxog-ats.iot.us-west-2.amazonaws.com.
Jul 15 13:29:49 awsiot[20763]: MQTT connection successfully established with broker
Jul 15 13:29:49 awsiot[20763]: An MQTT session with broker is re-established. Resending unacked publishes.
Jul 15 13:29:49 awsiot[20763]: Failed to send SUBSCRIBE packet to broker with error = MQTTBadParameter.
Jul 15 13:29:49 awsiot[20763]: Openssl disconnect, Short delay before starting the next iteration....

Does this keep repeating with the same frequency as the DNS queries?

 

[Qwinn]

Does this keep repeating with the same frequency as the DNS queries?

Sure does. I do think you found the issue sir.

 

[dave14305]

Sure does. I do think you found the issue sir.

Yeah, but now what?