Weird DNS Issue (always resolved to 10.0.0.1)

[boringuy]

I have had this problem since the beginning and just upgraded to the latest 380.66_6 but problem didn't get resolved. I only had this router (RT-AC86U) for about 6 months and immediately flash the merlin firmware, so I am not sure if this is a problem from the original problem as well.

I have always thought this is caused by my ISP going down but it's happening more and more frequent and finally decided to dig a little deeper.

When the problem happens, I found that I can ping www.yahoo.com and do nslookup from an ssh session on the router itself:

admin@RT-AC68U-4120:/tmp/etc# nslookup www.yahoo.com
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name: www.yahoo.com
Address 1: 2001:4998:44:204::a7 ir1.fp.vip.ne1.yahoo.com
Address 2: 98.139.183.24 ir2.fp.vip.bf1.yahoo.com
Address 3: 98.139.180.149 ir1.fp.vip.bf1.yahoo.com
Address 4: 98.138.253.109 ir1.fp.vip.ne1.yahoo.com
Address 5: 98.138.252.30 ir2.fp.vip.ne1.yahoo.com​

However, if I do it from my Mac (or my rasberryPi) the result is this:

Andys-MacBook-Pro:~ andy$ nslookup www.yahoo.com
Server: 8.8.8.8
Address: 8.8.8.8#53

Name: www.yahoo.com
Address: 10.0.0.1

Andys-MacBook-Pro:~ andy$ nslookup
> server
Default server: 8.8.8.8
Address: 8.8.8.8#53
> server 192.168.0.1
Default server: 192.168.0.1
Address: 192.168.0.1#53
> www.yahoo.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: www.yahoo.com
Address: 10.0.0.1​

It doesn't matter what I changed my /etc/resolv.conf to (8.8.8.8 or 192.168.01), it always return 10.0.0.1 from the Mac while I can ping 8.8.8.8 or 98.139.183.24(yahoo) without problem. So, it's not a problem with the ISP (the network is up and I can go out to the IP, just all DNS lookup is jacked up). I have tried using the ISP's DNS server or Google's DNS server from the router setting but doesn't change anything.

I have to "service wan_restart" to get it to work again. Then, after a while, it will happen again. Sometimes, it will work for a whole day without problem. Sometimes, it happens several times within an hour.

If there is anything I can try to troubleshoot this problem, please let me know. Thanks!

 

[ColinTaylor]

I have to "service wan_restart" to get it to work again. Then, after a while, it will happen again. Sometimes, it will work for a whole day without problem. Sometimes, it happens several times within an hour.

It looks like it's because your WAN has gone down and you have "Redirect to error page"* set on the router which redirects your browser to 10.0.0.1.

* This option is now called "Enable WAN down browser redirect notice".

 

[RMerlin]

Check your System Log, it will tell you if the WAN indeed did go down.

 

[boringuy]

No, the WAN did not go down. Like I said, DNS look up on the router itself worked (it's possible that the local DNS server might have cached it) but I could ping the yahoo IP from anywhere in my house fine. If the WAN went down, how could I ping any box on the internet? Hence I call this weird issue. I didn't realize there is an option to turn on/off the "Redirect to Error page" option, I will probably look for that when I get home and see what's on the next layer of the opinion.

 

[boringuy]

Wow. After turning off the "Enable WAN down browser redirect notice" feature, I had no problem overnight (which is unheard of). I had my HomeAssistant running in a raspberry pi to monitor the DNS and reboot the router. I will update again after a few days and see if this is a real fix. This sounds like a bug to me in that feature.

 

[boringuy]

As promised, here is an update. After turning off the feature, I have no problem with the internet any more. This definitely sounds like a bug on this feature. I don't have I have any unusual config that would cause the problem.

 

[digitek]

For what it's worth, I ran into this exact issue - my specific configuration was this router behind my usual router (so it was getting a "WAN" address in my internal 192.168.1.x DHCP range, and then providing a LAN network to 192.168.2.x). The specific reason for this was to isolate a group of addresses to a sub domain and provide VPN access, without necessary having the ASUS router take over the whole network. The stock ASUS firmware worked fine, but after upgrading to the most recent (10/04/2017) release of merlin, ran into this same issue - no internet connectivity for the LAN addresses until I disabled this option. WAN was just fine, but the router for some reason redirected every DNS lookup or ping to 10.0.0.1. Unchecking this option and everything works fine - so there's a problem with the feature.

 

[dmcdmc]

Hi Martineau
thanks for the great script - just want to clarify that when i setup your script to be called from /jffs/scripts/wan-start

1. is there any need for me to create a cron job somewhere to call your script regularly ?

OR

2. does your script sets up a cron job within itself (if it does - how often does it run ? )

 

[octopus]

Hi Martineau
thanks for the great script - just want to clarify that when i setup your script to be called from /jffs/scripts/wan-start

1. is there any need for me to create a cron job somewhere to call your script regularly ?

OR

2. does your script sets up a cron job within itself (if it does - how often does it run ? )

Wrong thread maybe ?

 

[ZacariasOnight]

I have had this problem since the beginning and just upgraded to the latest 380.66_6 but problem didn't get resolved. I only had this router (RT-AC86U) for about 6 months and immediately flash the merlin firmware, so I am not sure if this is a problem from the original problem as well.

I have always thought this is caused by my ISP going down but it's happening more and more frequent and finally decided to dig a little deeper.

When the problem happens, I found that I can ping www.yahoo.com and do nslookup from an ssh session on the router itself:

admin@RT-AC68U-4120:/tmp/etc# nslookup www.yahoo.com
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name: www.yahoo.com
Address 1: 2001:4998:44:204::a7 ir1.fp.vip.ne1.yahoo.com
Address 2: 98.139.183.24 ir2.fp.vip.bf1.yahoo.com
Address 3: 98.139.180.149 ir1.fp.vip.bf1.yahoo.com
Address 4: 98.138.253.109 ir1.fp.vip.ne1.yahoo.com
Address 5: 98.138.252.30 ir2.fp.vip.ne1.yahoo.com​

However, if I do it from my Mac (or my rasberryPi) the result is this:

Andys-MacBook-Pro:~ andy$ nslookup www.yahoo.com
Server: 8.8.8.8
Address: 8.8.8.8#53

Name: www.yahoo.com
Address: 10.0.0.1

Andys-MacBook-Pro:~ andy$ nslookup
> server
Default server: 8.8.8.8
Address: 8.8.8.8#53
> server 192.168.0.1
Default server: 192.168.0.1
Address: 192.168.0.1#53
> www.yahoo.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: www.yahoo.com
Address: 10.0.0.1​

It doesn't matter what I changed my /etc/resolv.conf to (8.8.8.8 or 192.168.01), it always return 10.0.0.1 from the Mac while I can ping 8.8.8.8 or 98.139.183.24(yahoo) without problem. So, it's not a problem with the ISP (the network is up and I can go out to the IP, just all DNS lookup is jacked up). I have tried using the ISP's DNS server or Google's DNS server from the router setting but doesn't change anything.

I have to "service wan_restart" to get it to work again. Then, after a while, it will happen again. Sometimes, it will work for a whole day without problem. Sometimes, it happens several times within an hour.

If there is anything I can try to troubleshoot this problem, please let me know. Thanks!

Just replying also on this thread: had the very same issue on AC86u and registered myself on the forum to report the behaviour.

However after a factory default and reconfigure of everything I found this post. It seems this issue stil remains since in my AC86u with Version:384.17 I still get the same situation: every night the router gets this problem to redirect to router.asus-com.
Sniffing through linux logs, wan connection check, graphs didn't find anything.
I will now leave the Enable WAN down browser redirect notice as NO and see how it goes in the next few days..

 

[Scottp]

This issue still exists. Was redirected here Google -> askubuntu.com -> snbforums. It seems that on an ubuntu server if the wan goes down on router it somehow disables dns until you reboot or possibly restart networking, since my server is headless, reboot it is. nslookup returns 10.0.0.1 for everything and also a return code of NOTIMP. I hope to avoid this issue in future by disabling browser redirection on wan down in the admin settings on my zen wifi xt8. Of course this isn't just browser redirection its dns hijacking. Replying to this old thread to hopefully help someone else.