Forum Discussion

deev's avatar
deev
Joining in
2 years ago

Hub 5 Intercepting all DNS queries?

Hi,

I've just moved to Virgin from Sky.

After setting up my Router, and disabling all WebSafe stuff online, I got some weird DNS failing to resolve issues - hostnames that if i switched back to Sky, we're working fine, and my other colleagues can all connect fine.

I noticed that I couldn't change the default DNS server on the Router itself, a quick google said that's no longer possible with this new hub.

I then updated my Wifi Connection DNS servers on both a Windows and Mac device and both of them claimed to be searching through either 1.1.1.1 or 8.8.8.8, but both failed to return the results.

I can only assume that VM is intercepting all DNS queries, even when you specifiy an alternative? Also not sure why they're failing to resolve so many different generic AWS domains.

Has anyone else had similar issues / knows of a way to fix it?

My next port of call will be switching to https based DNS, but I'd rather not 😞 

  • DNS interception & DNS / AWS resolution issues have appeared as repeat gripes of Hub 5s in Router mode. 
    The fix is to use Hub 5 in Modem mode + a Wi-Fi Router.

  • Adduxi's avatar
    Adduxi
    Very Insightful Person

    On one of the machines you have set a static DNS on, what does nslookup show ?

  • Client62's avatar
    Client62
    Alessandro Volta

    DNS interception & DNS / AWS resolution issues have appeared as repeat gripes of Hub 5s in Router mode. 
    The fix is to use Hub 5 in Modem mode + a Wi-Fi Router.

    • Adduxi's avatar
      Adduxi
      Very Insightful Person

      Client62 wrote:

      <snip>  The fix is to use Hub 5 in Modem mode + a Wi-Fi Router.


      Yes, totally agree.  I run the Hub 5 in modem mode with a non Wifi Router and use AP's.  Everything works as it should.

  • legacy1's avatar
    legacy1
    Alessandro Volta

    VM really locking down the hub pretty soon most will use modem mode...

    • Adduxi's avatar
      Adduxi
      Very Insightful Person

      legacy1 wrote:

      VM really locking down the hub pretty soon most will use modem mode...


      If only they would go back to the days of supplying just a decent cable modem.  But then again, 99% of the user base would leave .....   😉

      • legacy1's avatar
        legacy1
        Alessandro Volta

        Adduxi wrote:

        legacy1 wrote:

        VM really locking down the hub pretty soon most will use modem mode...


        If only they would go back to the days of supplying just a decent cable modem.  But then again, 99% of the user base would leave .....   😉


        I don't think so if VM can go from modems to hubs they can go hubs to modems like we have desktops and laptops and we know  desktops are better

  • Client62's avatar
    Client62
    Alessandro Volta

    The Hub 5 does appear to be decent as a modem. 

    As a Router, Hub 5 has many known issues, its recent software / firmware release has not resulted in a single post saying a known problem has been resolved.

  • Setup static IP on device to make the required changes

    E.g. IP 192.168.0.200

    Subnet 255.255.255.0

    DNS 192.168.0.1

    On RaspberryPi

    install Adguard via one line config:

    sudo wget --no-verbose -O - https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v

    It will display URL to navigate Adguard admin console in a browser

    Settings – DHCP (enable): My settings as below with the raspberryPi set to a static IP of 192.168.0.2 (outside of the range of IP addresses).

     

    RaspberryPi static IP config (in green). IPv6 static IP is the local-link IPv6 which you will see if you run ifconfig. It starts fe80:

    Add required filters in Adguard. I got tracker + ad block and then a large threat intelligence database.

    Setup required DNS in Adguard (I opted for these SecureDNS). Find your optimal DNS servers using the DNS speedtest: https://dnsspeedtest.online/

     

     

    On Hub 5 go to admin console 192.168.0.1 and login

    Advanced – DHCP – Disabled

     

    Now devices will get pushed to the AdGuard DNS and receive IP via Adguard DHCP server. & you are away.

    I ran this over a year without issues previously. Example of it blocking:

     

     

     

     

     

     

     

     

     

     

     

    Considering my £20 ebay Rasberry Pi 3b+ had been in a draw for over a year, it gives it some life back. Cheaper than a new router, some nice features to block ads etc natively. I also opted for the cloudflare DNS that auto blocks security risks (layering up on security). For me google DNS is always much slower so it serves as a backup only really. 

    If anyone attempts this, welcome to message back here, I will hopefully receive and see the notification email and it would be my pleasure to offer any tips required. 

    Goodbye evil corp DNS interception. Notably my Sky Hub SR203 intercepted DNS in the same way so I am surprised as an ex-sky customer this appears new to you. Perhaps Sky had me on extra special monitoring 😄

    • BuntyMac's avatar
      BuntyMac
      Tuning in

      @jk1990

      I've been running Adblock Home on a Raspberry Pi 2 Model B for a week or two, and I've gone through the same procedure as you have when it comes to the set up. Everything works fine. Kids all home for Xmas, so we've had over 20 devices on the network and Adblock does it's thing and works perfectly on the phones, the computers, the Kindles, the fitbits and the Apple Watches, the Smart TV and the Sound Bar.

      Everything works except one thing.

      The Virgin Media TV box won't see the internet.

      If I turn off DHCP serving from my RasbPi and turn the Hub 3 back on, it all works fine. But if it takes networking details from my Raspberry Pi, it claims there's no internet connectivity between my Hub 3 and the internet in general.

      Of course, there obviously is. The internet works on every other device. And I've turned off filtering for the Virgin TV box, so I'm not actually blocking anything. It's as though the Virgin TV box is checking for Virgin's DNS server, and when it doesn't see it, it thinks it has no internet connectivity at all.

      Do you have a Virgin TV box? If so, do you have this issue?

      Anybody?

  • legacy1's avatar
    legacy1
    Alessandro Volta

    if RasbPi does dhcp server can you make it so  Virgin Media TV box use DNS of VM servers instead of the Adblock or you can find the domain that the Virgin Media TV box needs and allow it.

    • BuntyMac's avatar
      BuntyMac
      Tuning in

      Not really. The whole point of using a PiHole as an adblocker is that the Pi does it's own DNS which allows you to block the DNS addresses of advertisers, malware pages, trackers, etc. etc.

      I did try adding Virgin's DNS servers as a fallback DNS, but it didn't make any difference.

  • Ultimately, I suppose, I could sent up Static IP addressing on every computer, every phone, iPad, Kindle, etc and just let the DHCP server on the Hub 3 service the Virgin TV, but that's a horrible kludge and offends my aesthetic sensibilities. There's no reason why I shouldn't be able to use any DNS server that I want as long as it works. I've never actually used Virgin's DNS servers on my computers in the past anyway and everything worked just fine. It's really just the Tivo box thingy that seems to insist on seeing Virgin's DNS servers.

    • BuntyMac's avatar
      BuntyMac
      Tuning in

      OK, just one more data point. Trying it again this afternoon, the Virgin box seems to be connecting as you'd expect. Diagnostics sees the Hub, goes through the hub to the Internet and sees Virgin's servers. I wonder if this problem could be caused by a weak wifi signal? The scanner tool says I get a great WiFi signal in the living room, where the Virgin box is located. And my Raspberry Pi is connected by ethernet to the Router and uses a static IP for DNS and any services, so presumably the strength of the wifi on my Raspberry Pi shouldn't matter at all?
      From time to time though, my TV shouts at me in a woman's voice that I've lost connection to the Network. I wonder if this is the Virgin Tivo periodically losing network connectivity?