dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2461
share rss forum feed

brachism

join:2000-08-27
Richmond, VA

Actiontec suddenly logging DNS requests to syslog

Anyone else notice a recent change in logging on their ActionTec? (Router: Firmware MI424WR-GEN3I / 40.20.7)

I've had FIOS since 2006 and have routinely logged the router messages to a syslog daemon. Over those years I have gone through about 5 ActionTec routers; the current one in service since January. Although I don't dig through the logs often I do archive them (digital pack-rat) and have nearly 7 years of data.

Yesterday the router suddenly started logging what appear to be DNS requests from all the devices connected to it. In just 36 hours I have captured 19,844 requests.

Aug 2 07:29:28 2013 router RequestAddress=0x527488, requestDomainName=l3.yimg.com, client_id=231
Aug 2 07:29:28 2013 router esendto end
Aug 2 07:29:28 2013 router RequestAddress=0x527488, requestDomainName=t1.gstatic.com, client_id=233
Aug 2 07:29:28 2013 router esendto end
Aug 2 07:29:28 2013 router RequestAddress=0x520f88, requestDomainName=i.telegraph.co.uk, client_id=237
Aug 2 07:29:28 2013 router esendto end
Aug 2 07:29:28 2013 router RequestAddress=0x527488, requestDomainName=media.skynews.com, client_id=239
Aug 2 07:29:28 2013 router esendto end
Aug 2 07:29:28 2013 router RequestAddress=0x4479d0, requestDomainName=www.google.com, client_id=241
... +19K requests
Aug 3 22:09:50 2013 router RequestAddress=0x51c780, requestDomainName=spynet2.microsoft.com, client_id=39505
Aug 3 22:09:50 2013 router esendto end
Aug 3 22:10:53 2013 router RequestAddress=0x449b48, requestDomainName=www.dslreports.com, client_id=39511
Aug 3 22:10:53 2013 router esendto end


The entries started appearing immediately after a firmware push Friday.

Aug 2 02:11:50 2013 router Upgrade file downloaded successfully.
Aug 2 02:11:53 2013 router cwmp_download: status=OK
Aug 2 02:11:53 2013 router The system is going DOWN for reboot.


Might be useful but also kind of creepy…


bohratom
Jersey Shore is back again.

join:2011-07-07
Red Bank NJ
Hopefully you can filter it with the corresponding severity level...

mft30

join:2001-12-06
Southlake, TX
reply to brachism
Yeah, Mine is doing the same thing, but it has been doing it since I got the Gen3I back in early May....called VZ 3times, They think it is somewhere between PPPoE section & ONT...hdwe guy coming Saturday...but no errors (drops) in advanced Connection monitoring on the router...I personally think cache is too small in the router for dns, with several on-line at the same time


bluepoint

join:2001-03-24
reply to brachism
Are those logs coming from system log? I have the same router and firmware but I'm not seeing those DNS request logs.


lbvagrant

@verizon.net
reply to brachism
YES I HAVE
see this thread
»[Networking] Actiontec Rebooting
might have some info to help as iv been pulling my hair out for about a week over this
it seems something to do with the dns servers and the self healing thing....
mine keeps losing time as well and going back to 2007 dec when it resets...???
a good test would be changing the dns address to the old standard of 4.2.2.1 and 4.2.2.2 .
write down the old ones in case you need to put them back in...or just do a hard reset I assume..


More Fiber
Premium,MVM
join:2005-09-26
West Chester, PA
kudos:32
said by lbvagrant:

mine keeps losing time as well and going back to 2007 dec when it resets...???

That's normal.

When you reboot, the OS clock is reset to a fixed value and is not corrected until the NTP (Network Time Protocol) service is started. Unlike a PC, the Actiontec has no hardware time of day clock.
--
There are 10 kinds of people in the world; those who understand binary and those who don't.


KA3SGM
- -... ...- -
Premium
join:2006-01-17
West Chester, PA
kudos:1
Reviews:
·Comcast
·Cricket Broadband
·Verizon FiOS
said by More Fiber:

Unlike a PC, the Actiontec has no hardware time of day clock.

No Actiontec clock?? Since when??
MI424WR Rev.I FW v40.20.7

On the Actiontec I log in, then go to: "Advanced", then "Time and Date".

Set the Time Zone "EST" here.
Enable Daylight Savings (plug in the appropriate begin/end dates at 2AM) and set Offset to 60Min.
Enable "Automatic Time Update"
Set Update to every 12 hours.
Set protocol to "NTP"
Add "time.nist.gov" as time server URL.
Add "132.163.4.101" (actual resolved IP for "time-a.timefreq.bldrdoc.gov") as primary time server IP. (NIST Ft.Collins/Boulder, CO)
Add "129.6.15.28" (actual resolved IP for "time-a.nist.gov") as secondary time server IP. (NIST Gaithersburg, MD)
Add "132.163.4.102" (actual resolved IP for "time-b.timefreq.bldrdoc.gov") as alternate time server IP. (NIST Ft.Collins/Boulder, CO)

Click "Apply", Click "Refresh", Click "Sync" to make sure it's working.

Actiontec now re-syncs time with NIST servers twice a day, router time clock is always dead on accurate.

I left the "ntp.actiontec.com" NTP server there in 5th place, but I don't want to use it as a primary, because it can often be unresponsive (way too many timeout errors).
--
ROCK 'TIL SUNSET


lbvagrant

join:2013-08-15
Long Beach, CA
Reviews:
·Verizon FiOS
I believe he's talking about an onboard clock keeping its own time in case of a power failure
whereas in this case the clock is just software based and is kept correct by sync updates..
I know that's a very laid back way to explain that, but...I think it get the point across


KA3SGM
- -... ...- -
Premium
join:2006-01-17
West Chester, PA
kudos:1
Reviews:
·Comcast
·Cricket Broadband
·Verizon FiOS
It does default back to circa-2007 if you disconnect the power, but as long as it's on, it does keep a relatively accurate time/date, even if the auto-update is turned off.

I would still say that means it has a clock, just not one with a Li cell to back it up.
--
ROCK 'TIL SUNSET


More Fiber
Premium,MVM
join:2005-09-26
West Chester, PA
kudos:32
The clock is a software clock maintained by the Linux kernel.
As I stated previously, there is "no hardware time of day clock".
--
There are 10 kinds of people in the world; those who understand binary and those who don't.


lbvagrant

join:2013-08-15
Long Beach, CA
Reviews:
·Verizon FiOS
reply to KA3SGM
said by KA3SGM:

It does default back to circa-2007 if you disconnect the power,

yes and no... the current issue im having shows every time the router flips out and reboots for what ever reason were still working on...the clock resets itself back to said date...never a power disconnect involved...so im 50/50 on your last statment

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS
As noted by More Fiber See Profile there is no hardware time of day clock in the AT and the time is solely maintained by the running kernel. Whenever the AT restarts, the time will default back to a hard-coded value until it is able to determine the proper current time via NTP. The reason it restarts is not particularly relevent - either a reboot or a power cycle will have the same effect. Seeing the default time and date in the logs right after any form of startup is perfectly normal.

mft30

join:2001-12-06
Southlake, TX
reply to mft30
Getting back on the dns errors problem of this discussion....

the VZ tech came out to the house today and took a look at the ont & router and said to call back and sk for level 2 support....said it is a software problem on their servers. Every time I call in, they will not escalate to levl 2 w/o having me go thru the motions of pwr on reset all dvrs & router. I am thinking this is a game we are playing to get me to stop calling....I will just keep calling and L1 can keep sending out a tech....

Shady Bimmer
Premium
join:2001-12-03
Northport, NY
Reviews:
·Verizon FiOS
When you call back, do you reference the previously opened ticket? I find this helps get past the endless circle. It also helps track a long-recurring issue.

You can also try the Verizon Direct Forum. You should note any tickets you had previously opened for the same issue.

My Rev D AT only logs errors resolving hostnames and does not log all DNS requests.


Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:4
reply to mft30
I'm seeing this on my Comcast connected Rev I, and Comcast uses DHCP. I'm running 40.20.7 firmware. Just imagine the logs I see after running 430 hours and counting..
--
I'm always up for a good chat and helping with tech problems.


lbvagrant

join:2013-08-15
Long Beach, CA
Reviews:
·Verizon FiOS
thnx for mentioning the 40.20.7 firmware...
this seems to be the issue
iv got 3 different depts. of Verizon calling me back and 2 of them are tier 3 techs...and the other is corp...
they still claim its not the firmware but are still looking into the possibility of it, iv been trying to tell them its also other isp's and well you just confirmed it...
last question for ya...does yours reboot or drop internet for a min every couple hours?


bluepoint

join:2001-03-24
said by lbvagrant:

thnx for mentioning the 40.20.7 firmware...
this seems to be the issue

I will have to disagree with you. I'm on the same 40.20.7 firmware and I'm not having disconnections and DNS logs and so as to many here. It's something else.


lbvagrant

join:2013-08-15
Long Beach, CA
im just agreeing that is since that update...
iv heard of rebooting, logs going nuts, and a lot of stuff to do with dns and this firmware that's all im saying...

VirtualLarry
Premium
join:2003-08-01
reply to brachism
You can add breaking backwards compatibility with some B/G wifi devices, to the bugs seen with the new Rev I firmware update from last month.


Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:4
reply to bluepoint
I noticed this in the advanced log section, not the basic log section, just in case you were looking there.
--
I'm always up for a good chat and helping with tech problems.


bluepoint

join:2001-03-24

1 edit
said by Mike Wolf:

I noticed this in the advanced log section, not the basic log section, just in case you were looking there.

I am already crossed eyed and can not find the "advanced log" section, the two logs I've seen are "system log and Security log", can you please post the path to go there? Thanks.


Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:4
Log in, then click this link. »192.168.1.1/index.cgi?active%5fp···lue=9067 It's essentially System Monitoring, then Advanced Status, Yes to the security warning, System Logging, then the Advanced Log
--
I'm always up for a good chat and helping with tech problems.


bluepoint

join:2001-03-24
said by Mike Wolf:

Log in, then click this link. »192.168.1.1/index.cgi?active_pag···lue=9067 It's essentially System Monitoring, then Advanced Status, Yes to the security warning, System Logging, then the Advanced Log

Ah, I see it now. I missed the button all the way down of the system log. It does show 3 hrs worth of logs of display with mixed DNS requests, it doesn't seems to be a rapid log maybe because there's only two users at the moment. No downtime though compared to others having disconnections.


Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:4
Ah maybe. I have like 20 devices on the network accessing the internet at any given time.
--
I'm always up for a good chat and helping with tech problems.


bluepoint

join:2001-03-24

1 edit
The log doesn't serve any purpose for us, I wonder what's Verizon's reason in doing this.


Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:4

1 recommendation

I assume they're able to view everything on their side of things through the TI-069 Carrier Remote Management system, or maybe it's for the technician when they arrive?
--
I'm always up for a good chat and helping with tech problems.


bluepoint

join:2001-03-24

2 edits
The log size doesn't carry much when the input is rapid. With four slow users it can only log 10 minutes worth of log. It will not be too important for them not unless they remote log it in the cloud that they can use it for something else.
I don't know but for every DNS entry there is an entry below.

Aug 21 22:45:57 2013 System Log Message esendto end

I don't know what that means?


Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:4
Nor do I.

mft30

join:2001-12-06
Southlake, TX
reply to bluepoint
yep looks like this on mine...dots and all

Sun Aug 25 22:10:43 2013
... esendto end

mft30

join:2001-12-06
Southlake, TX
Thinking about setting router back to a clean start of original fw.