What's new

Constant unwanted traffic to dns.msftncsi.com from RT-AC66U

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hello,
I am seeing this as well. I noticed it via Diversion. I have a AC-3100 and AC-87U both and both of them had the checkboxes unchecked for the DNS and Ping settings for the Network Check so I would not expect it to try to resolve out to the server. Is this something that can be requested in a future Merlin firmware where when these are unchecked the nvram setting for this value is also removed and when checked, the value is reset back the the microsoft dns setting? I would go through a formal request process if necessary :)

Thanks,
Nathan
 
when these are unchecked the nvram setting for this value is also removed and when checked, the value is reset back the the microsoft dns setting?

Bad idea. Enabling/disabling a setting should not erase the content of another setting.
 
Bad idea. Enabling/disabling a setting should not erase the content of another setting.

OK, in general I understand that if they were unrelated, but I would assume those settings worked together, i.e. that one would influence the other and if unchecking the boxes does not actually stop the dns pings then having to clear the nvram setting would stop it. The other way, perhaps the underlying DNS ping code isn't actually checking that checkbox value for DNS network is not set (unchecked) in the Admin page and tries to ping anyway.
 
Just chiming in to say that I too have noticed the constant msftncsi pings and would love to be able to disable this from the GUI. The current checkbox setup is pretty unintuitive in that when the boxes are UNCHECKED the feature is still ACTIVE.

I'm running Merlin's latest firmware 384.12 on an 86U.
 
I had to go through a similar procedure just now as well because Pi-hole logs were being spammed with 4 requests per minute to dns.msftncsi.com.

Both checkboxes for in DNS Quesry and Ping were disables in Administration->System.
SSH to RT-AC5300 an running "nvram show | grep dns_probe" showed the settings were in effect.
What I did was to first check the DNS Quesry checkbox and empty the "Resolve" input fields, press Apply, then uncheck the DNS Query box and press apply again. The flood of DNS requests stopped.

Out of curiosity I enabled "Ping" and set the target host to be www.example.com. The same behaviour was there as well. Quecries of that domain and pings were going from the router also when the box was unchecked (and applied). I had to check it again, empty the input field, apply, uncheck it and apply to disable the pings.
 
I had to go through a similar procedure just now as well because Pi-hole logs were being spammed with 4 requests per minute to dns.msftncsi.com.

Both checkboxes for in DNS Quesry and Ping were disables in Administration->System.
SSH to RT-AC5300 an running "nvram show | grep dns_probe" showed the settings were in effect.
What I did was to first check the DNS Quesry checkbox and empty the "Resolve" input fields, press Apply, then uncheck the DNS Query box and press apply again. The flood of DNS requests stopped.

Out of curiosity I enabled "Ping" and set the target host to be www.example.com. The same behaviour was there as well. Quecries of that domain and pings were going from the router also when the box was unchecked (and applied). I had to check it again, empty the input field, apply, uncheck it and apply to disable the pings.

Made an account to say thank you for this! Those requests were spamming up my Pi Hole too and was confused as there’s no Microsoft devices on my LAN. This worked perfectly as a workaround fix within the GUI. I hope Merlin can add this to a future release. Simply clearing the domain that’s pinged when “DNS Query” is not checked is enough to stop the requests 100%. Left the IP’s in so I have a secondary method checking the WAN is up.
 
This is only 2-3~ days of DNS requests from my entire network
upload_2019-12-28_22-42-1.png

The watchdog ping takes up a massive 25k requests. All monitoring is disabled in the WebUI, so clearly that option doesn't seem to work properly.

Cleared the NVRAM setting for it and all is well now, didn't even require a reboot for me :)
 
I have disabled it both via Telnet and also with the method described above ("What I did was to first check the DNS Quesy checkbox and empty the "Resolve" input fields, press Apply, then uncheck the DNS Query box and press apply again. The flood of DNS requests stopped.").

Unfortunately, this hasn't helped. There are still DNS requests to dns.msftncsi.com every few seconds. I am not on a windows machine, I am certain this is coming from my DSL-AX82U. Dual-WAN is not enabled either.

Any idea what else I could do here?
 
I have disabled it both via Telnet and also with the method described above ("What I did was to first check the DNS Quesy checkbox and empty the "Resolve" input fields, press Apply, then uncheck the DNS Query box and press apply again. The flood of DNS requests stopped.").

Unfortunately, this hasn't helped. There are still DNS requests to dns.msftncsi.com every few seconds. I am not on a windows machine, I am certain this is coming from my DSL-AX82U. Dual-WAN is not enabled either.

Any idea what else I could do here?
Are you using stock firmware or a fork of Merlin? This cannot be disabled now in Merlin's firmware.
 
The reason for the flood of logs is likely due to MSFT disabling ICMP replies to that name.

A router shouldn't need to do a DNS test anyway though the IP check becomes valuable to the extent of failover but, should be aimed at something relevant to your network needs.

I went into windows registry and killed the check because it was causing needless logs and switched it to 8.8.8.8 because google loves free traffic stats for their data collection. I suppose I could just change to my gateway or pihole IP.
 
The reason for the flood of logs is likely due to MSFT disabling ICMP replies to that name.

A router shouldn't need to do a DNS test anyway though the IP check becomes valuable to the extent of failover but, should be aimed at something relevant to your network needs.

I went into windows registry and killed the check because it was causing needless logs and switched it to 8.8.8.8 because google loves free traffic stats for their data collection. I suppose I could just change to my gateway or pihole IP.
This is not the reason. There has been a change of behaviour in firmware 386.4. This has been explained in the Merlin forum and the 386.4 release notes. @bakgwei I suggest you read the posts in the Merlin forum for more details.
 
I'm having the same issue. 39k queries to dns.msftncsi.com in a day from my ASUS XD4. Unfortunately, I don't have the 'Network Monitoring' option in my GUI and no Merlin firmware.

Any suggestions? I've done the
Code:
nvram set dns_probe_content=""
but am reluctant in case I lose WAN.
 
This is not the reason. There has been a change of behaviour in firmware 386.4. This has been explained in the Merlin forum and the 386.4 release notes. @bakgwei I suggest you read the posts in the Merlin forum for more details.
@ColinTaylor
Could you please provide the thread/ post link where this issue has been fixed or discussed. Thanks.
 
Hi there i followed the nvram set dns_probe_content="" method to disable the constant querying of my Pi Hole

However now I notice another problem, and that is the main page of the router says it's disconnected from the Internet (Internet still works fine)

Is there any way to stop the pinging/DNS querying but still have the main page say Connected and show my IP and stuff

Asus RT-AX53U, Firmware 3.0.0.4.386_67508

My nvram is currently
dns_probe=0
dns_probe_timeout=8
dns_probe_host=dns.msftncsi.com
dns_probe_content=
 
Is there any way to stop the pinging/DNS querying but still have the main page say Connected and show my IP and stuff
No, because the Connected/Disconnected status is a reflection of the success or failure of the DNS query. If you deliberately disable the DNS query you have to live with the incorrect status in the GUI.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top