cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

1.6Gbit connection new smart hub (white, small box) sporadic issues? DNS MITM?

allamavortex
Established Contributor
Established Contributor

Hello all,

So I recently changed my service from 900mbit to 1.6Gbit and that involved a change of router and obviously the OR ONT on the wall.

Ever since having it installed there seems to be an issue with (most likely DNS issues). Whatever is loaded/playing/game continue to work, but I have spells where NO further DNS requests seem to make it through.

I totally forgot to nslookup during one of these issues, but I will the next time it happens (it's pretty frequent and annoying). I can ping 8.8.8.8 (google) whilst being unable to load any webpages on any device/browser. Thus removing the possibility of it being localised to a single machine/device as some were using the router, some were set to DNS over HTTPS and some were using Google's 8.8.8.8 etc. 

It is very much like the router is playing the MITM and intercepting the requests and then slowly, or failing to process these requests at all for a period of time which ranges up to about 45 seconds.

As I said, cached requests, or those already in process are fine, but even something as trivial as trying to watch a YT video is met with 45 seconds of nothing, totally unable to look up ANY address, but established connections and new connections not requiring DNS all work fine.

I'm not really one for conspiracies but I really feel like this new router is intercepting (MITM), attempting to do something with, and failing the DNS requests. This behaviour is only been present since getting the new Smart Hub (the tall, thing white one).

I did a quick google and it seems I'm not alone with this - is anyone else noticing this type of behavior?

Mixture of wired and wireless devices, same behaviour.

366 REPLIES 366
allamavortex
Established Contributor
Established Contributor

Just to add to this, it is 10000000% something messing with the DNS requests.

Even just trying to re-load this to look for replies and it took 30 seconds. Had a nslookup request pre-loaded in the cmd prompt. Will now try and catch it with a traceroute and see if it's stopping at the router.

C:\Users\user>nslookup google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 8.8.8.8

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

C:\Users\ben>nslookup google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 8.8.8.8

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

C:\Users\user>nslookup google.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:4009:c15::71
2a00:1450:4009:c15::64
2a00:1450:4009:c15::8a
2a00:1450:4009:c15::8b
142.250.140.139
142.250.140.113
142.250.140.138
142.250.140.101
142.250.140.100
142.250.140.102

allamavortex
Established Contributor
Established Contributor

Hello all,

I'm wondering if anyone else is experiencing the same issues as me?

I was put onto the 1.6Gb package from the 900 about a month ago. Ever since there's been a HUGE problem with the DNS. Even when set locally on the individual devices it seems like the router is interfering with them. It's causing me to be unable to load websites or traceroute/nslookup any domains while it happens and it's up to a minute at a time, multiple times per hour.

I can still ping 8.8.8.8 etc so it IS related to the DNS.

The device seems to offer no way to change the DNS and it's becoming really frustrating.

During one of these spells I can't load pages, traceroute or any other operations that require DNS, I can however use a websites IP address or ping 8.8.8.8 (google) or other IP Addresses just fine.

Is this a common thing or do I have a faulty router?

Tried to also factory reset.

It's just happened and the last time I reset the router was 6 days ago.

WAN link speed:

2.44 Gbps


Network uptime:

6 Days 14 Hrs 11 Mins


System uptime:

6 Days, 14 Hrs 13 Mins

@allamavortex You are on a possible right tract but no evidence supplied to back it up, alleged new FW updates are going to sort the Pro router out, if you believe that fact!

allamavortex
Established Contributor
Established Contributor

Hey, thanks for the reply, appreciate it.

I am honestly of the belief that the router is acting almost like a MITM attack.

I've just come back from holiday and I'll also look into it a bit more via wireshark later.

I am running traceroutes on loop now, which require the resolving of the address which I'll save to log files through various tools. I just raised a case with support but will happily ping these over when she comes back to me on Wednesday of this week when she's next in.

I'm happy to send them over anything they wish. Working in the field I'm in a reasonable position to explain the problem and discuss it with anyone higher in the technical team.

When you say sort it out? Are you referring specifically to this issue or are there other issues that I might come across? I don't spend a lot of time on the forum. They'd do themselves a lot of favours by not locking down simple functionality like DNS servers, the issue is whether or not I use regular DNS or DNS over HTTPS, it's the same.

I'm not one for speculation, but DNS servers can provide an awful lot of information about what an individual/device is connecting to, and even when I use 3rd party DNS servers set by myself on individual devices, the DNS request seems to still be getting manipulated.

@JimM11  Your name seems really familiar, were you ever active on the Plusnet forums by chance?

Does the EE SH Pro that you have have DNS settings on the Advanced > My Network > IPv4 Config page & are you using them?

Can you provide some concrete evidence?

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Home Broadband & Home Phone or Option 2 for Mobile Phone & Mobile Broadband

ISPs: 1999: Freeserve 48K Dial-Up > 2005: Wanadoo 1 Meg BB > 2007: Orange 2 Meg BB > 2008: Orange 8 Meg LLU > 2010: Orange 16 Meg LLU > 2011: Orange 20 Meg WBC > 2014: EE 20 Meg WBC > 2020: EE 40 Meg FTTC > 2022:EE 80 Meg FTTC SoGEA > 2025 EE 150 Meg FTTP
allamavortex
Established Contributor
Established Contributor

Hello,

I've just returned from holiday to find the problem still exists so I am further investigating it today. On the page you mention, the only options are for enabling or disabling DHCP. I will fire up my own local DNS and DHCP servers and disable DHCP on the router to see if that fixes the issue. I think I have a pihole config on my unraid server somewhere, or a local vm that I can load up.

I cannot see any options in the settings to change DNS on the router.

My post was more to find out if it was a known issue with some error with the router. I will investigate today and check the routing, etc and come back to the thread this evening with some logs and my findings. It effects all of the devices in my house, whether wired or wireless. Even purchased new ethernet cables to rule out that as being a problem.

The speed is great, the connection is perfectly stable, just something very weird is going on. Are you on the same package, with the same equipment without any issues?

As I mentioned above, whilst the websites time out waiting for DNS, I can open a command prompt and ping the IP address of the site and get a response, so it's not like the connection is dropping.

I'll post again once I've removed all DHCP/DNS responsibilities from the hub and had a few hours to test it out. That'll also give me several hours of traceroutes to save into log files - one traceroute where the hops are being resolved (so requires working DNS) and one where it doesn't need to resolve the IP addresses to readable text for us humans.

See below for the only options the page you asked about:

Configure your IPv4 settings

 

Hub gateway IP address

IP address:

 

Subnet mask:

 

DHCP server

Enabled:

 

Server address range:

Default

Lease time:

Day(s)
Hour(s)

Valid leases are between 1 hour and 21 days

@allamavortex No never on the Plusnet Forum, only EE and Sky, no longer an EE customer removed everything from them BB and Mobile! But will say you are going about it in the right way, the EE Routers just do not have the tools in the toolbox to help in anyway and whatever they try to fix FW wise always ends up messing something else. ISP routers are only good for one thing, connecting to there own service with minimal user intervention!

allamavortex
Established Contributor
Established Contributor

@JimM11  I agree for the most part.

They work well for the majority, or those willing to overlook issues. If I was the type of user to only stream netflix, etc then I doubt I would notice these issues as the connection state would already be connected, DNS probably cached locally and buffering would likely smooth it out anyway.

All the ISP routers really do is provide the wireless access point, DHCP, DNS and the PPPOE connection. I'd much rather run a custom firmware on a fairly capable small device. The only downside would be the cost of the WiIFI 7 adapters, and also a 2.5Gbit+ switch for my wired machines with 2.5Gbit nics.

Many years ago when 80Mbit FTTC was the fastest we could get I recall using something like a RPI (but a more beefed up version from another vendor, totally forget the name now) and running DD-WRT, Open-WRT or pfSense.  It was such a better experience than ISP routers.

If it is a router issue and I've confirmed that and seen that others report a similar problem, I'll likely purchase another router. It's been so long though, the last one I purchased and flashed was the Netgear "nighthawk" R7000, released in 2013 and worth next to nothing these days!

@allamavortex 100% Asus routers and AP's connected NO isp supplied gear whatsoever now EE sorted that out with there bad FW update back in Feb2025. Master off my own destiny now and ISP hub as Sky's preferred naming convention for there equipment only get's powered and looked at when i forget the actual page to look at, and never via a mobile app ever!