NEED SOME HELP?

 @Billx 

I have now amended by bug report on these system log messages & their severity classification. I have stated that these messages are swamping the system log & have requested a "Save to PC" facility be added to the system log page.

Then when I see the file format they use, hopefully CSV, but most syslog servers that offer this facility only use text files. Either way, when I know the format, I'll write an application to edit out the DNS resolution errors (or anything else). Then automatically save the edited file in CSV format. Alternatively, I might use the file from the router & import it straight into a syslog server application I wrote a few years ago, if that will provide better customisation options to make the rest of the log easier to navigate.

Hi @Billx 

Where in my posts did I ever say that changing the Severity drop down would stop the DNS resolution failure log messages from getting in the log?

You said:-

"Only if it has the lightest severity, right at the top, will you be able skip those entries, and see only the rest" - do you read my any of my posts? That is exactly whatI have been saying that only if the Severity classification in both the 5364 & 5464 DNS resolution failure messages were changed from Error to Info, could they be filtered out.

All that will do anyway is to stop them from being displayed. Even then that would also filter out any other Info messages that might be desirable to view. Your suggestion of setting the severity filter to "Critical or lower" will in 99.9% of messages, display nothing at all, so that will be of no use.

The only way is for Sagemcom to fix the bug I raised to TalkTalk, where the DNS messages are wrongly classified as "Error".

Whilst the messages conform to the industry standard syslog format, it is down to the manufacturer as to what events that they choose to write to this log. 

I have campaigned to get a "Save to PC" option, "Output to a syslog server" & a "Clear log" button to be added to most TalkTalk routers. However, I have been told in the past that they were not part of the design requirements. If the GUI at least had a "Save to PC" option, then I could write an application to strip out all of the DNS resolution failure entries. 

There is no point keep attaching these logs of yours, I can't possibly know what devices of yours are making these DNS queries, so I do not look at them. All you can do is to try using the Nirsoft's "DNS Query Sniffer" or if you have the skills required, you could use Wireshark. By running Wireshark on a couple of PCs I was able to locate my device and the offending website. These are not going to help though if the operating system on all of your devices does not support Wireshark (there are versions for Windows & Linux, I am not sure about MACoS), DNS Query Sniffer is Windows only.

Hi @Billx 

Of course I read that, just because Sagemcom log these failures, doesn't mean all routers do. The fact that the router's DNS server logs these entries is not a bug. The problem as I said before is the fact that the router's DNS server wrongly sets its severity level in the system log to "Error" as I said in my previous post. This means that you cannot filter them out. If they were set to "Informational", then it would be a breeze to hide them via the Severity dropdown box in the UI. You would just set it to "Notice or lower":-

Severity filtering

However, as I also said in my previous post, I have already raised this severity level problem as a bu with TalkTalk

I get a lot to "mediaforce.grapeshot.co.uk", which sounds like malware, but it isn't. It is part of several newspaper websites, that required my PC to resolve this, but it fails as there is no such site. The only way to stop them is to not use their websites!

You need to find which device is generating these DNS requests & investigate them further. Mine was more involved as that one got a CNAME back which is an alias to another site, or maybe a third one & only then did I find the culprit.

HI @Billx 

Your other thread has dealt with so many issues, but I don't think that this was mentioned there. That is the way it should be anyway, one thread per problem is always best. 

The DNS server within your 5464 router logs any domain names that it cannot resolve by making recursive DNS queries up the DNS server hierarchy. This part of your opening post is normal behaviour, not a bug.

However, there is a bug in the severity level assigned to these messages. If you look at the severity column, they are classed as "Error". That is the highest severity reserved for serious problems within the router itself. These unresolved DNS queries should have a severity level of Info, not Error, as that is exactly what they are. Your devices or websites that link on to other sites that are requiring your device to visit an element of their web page that is not up to date. If they are correctly classified as informational, as they should be, then you can easily filter them out from the router's GUI if required.

I have already reported this bug to TalkTalk.

OK thanks for trying. Do you know which of your devices is trying to connect to moa-upload-eu.allawnos.com?

Chris

Hi Billx,

Could you try switching the ONT and router off for 30 minutes then switch back on and monitor to see if the DNS error continue

Chris