How to stop approx 2,00,000 DNS queries / 24 hours to China by my generic Huawei HG8120 FTTH modem

K

kuduku

Skilled
All Huawei FTTH modems ping qq.com , taobao.com and baidu.com every second . In a 24 hour cycle it generates approx 2 lac DNS queries
Its unnecessary load on my hardware and internet . I am using no branding , Elecroline firmware which is a generic Huawei HG8120XGA Ver - B ( XPON Voice Port + GE + FE
Due to this i have permanent 96% memory usage on this cheapo ONU

NextDNS free tier has monthly 3Lac DNS queries which are finished in 30 hours . Had to pickup Adguard DNS subscription which has 10 Million monthly quota so surviving but how to stop this ?
Why should BSNL allow this when Huawei is banned in India . Even if its unbranded hardware with generic firmware this should be stopped

How to kill this ?

1.jpg
 
The only way to stop is by installing a custom firmware.

It is not supposed to generate these many requests but since you've blocked the domains, the modem thinks there's some issue with connectivity and retries to connect every second. Functionally, it could be used to check if the WAN has internet access but I doubt that's the case here as these domains are usually used for collecting data.

kuduku said:
No idea , I can use my Tenda Mesh Router to dial instead of the modem , Will that work ?
Click to expand...
Any router with PPPoE will work but if your modem doesn't support changing the MAC address you'll have to call your LCO and give the MAC address of your router as it is a part of the authentication process.
 
jinx said:
The only way to stop is by installing a custom firmware.

It is not supposed to generate these many requests but since you've blocked the domains, the modem thinks there's some issue with connectivity and retries to connect every second. Functionally, it could be used to check if the WAN has internet access but I doubt that's the case here as these domains are usually used for collecting data.


Any router with PPPoE will work but if your modem doesn't support changing the MAC address you'll have to call your LCO and give the MAC address of your router as it is a part of the authentication process.
Click to expand...
Even when they were not blocked it was connecting every second

I can get MAC changed
 
Bridging can work, kinda forgot about that. Do that if that's an option. Also disable the WAN connection of the Huawei modem after bridging is done so that it doesn't "see" the internet at all.
 
Sounds like a job for Pi-hole. I don't personally use it because I use OPNSense firewall appliance, but have read reviews of Pi-hole. It generally is used for ad blocking, but I suppose it can also be configured to block certain domains.
 
I am already blocking all the domains with Adblock . I had Pihole with unbound setup earlier
the RED in the attached pic is blocked

So till i am using this modem i cant stop this ping as cant modify firmware , Tried blocking them in Parental Control of modem GUI but doesnt work
So final option is to keep blocking them in Adblock till change the modem

Any other BSNL FTTH user can check above 3 domains on their modems ?
 
rahuljawale said:
Sounds like a job for Pi-hole. I don't personally use it because I use OPNSense firewall appliance, but have read reviews of Pi-hole. It generally is used for ad blocking, but I suppose it can also be configured to block certain domains.
Click to expand...

nRiTeCh said:
Pi hole, adguard and IP block can be the ideal solution.
Click to expand...
You can't stop queries originating from the router using a pi-hole. Router won't route it's dns queries through the local network. That only works for devices using DHCP.
 
gourav said:
Router won't route it's dns queries through the local network. That only works for devices using DHCP.
Click to expand...
It does actually, depends on the configuration in LAN and WAN section. Although it doesn't use DHCP to get a local IP address but it is part of the same local address pool (subnet).
Most routers can have custom DNS defined in WAN section and for the LAN as well.
 
enthusiast29 said:
Most routers can have custom DNS defined in WAN section and for the LAN as well.
Click to expand...
If the destination IP addresses are hardcoded in the firmware, there is no need/effect of setting DNS.
Even otherwise, these queries can be made to bypass user configured DNS.

bobbyprajan said:
Will this stop if you configure it for bridging ?
Click to expand...
I think this might be the only way to prevent the router from phoning home since in bridge mode the fibre signal is converted to digital electric signal and all other features are disabled.

But then the Chinese probably have enough resources to make it work in Bridge Mode as well: why hack firmware when you are the one manufacturing and can install rootkits.

@kuduku please try this and let us know if it works. And yeah BSNL should recognize such frequent connections and block it at their end
 
On a different note, you can file RTI or a consumer court complaint on BSNL and have them patch their firmware. A state owned telco phoning to Chinese domains is a big deal.
 
Back
Top