CommScope RUCKUS Community Forums

ctay · ‎04-04-2023

Hello. R610 AP on Unleashed 200.13.6.1.319.

TLDR: Unleashed doing DNS lookups and outbound HTTP to Apple (and others), part of Internet Checking functionality, can be disabled in limited fashion, but prefer to completely disable.

Logging devices in same environment have been recording excessive DNS lookups and outbound HTTP to captive.apple.com from the AP. After some topic searching here and elsewhere it appears to be a function of the Internet Connectivity checking with Unleashed. I see outbound traffic every 65 seconds initially caught in Suricata IDS logs (outbound HTTP, curl User-Agent), but also seen in Unbound DNS logs.

Using the Internet-check CLI command via SSH I managed to disable the checks. The functionality appears to contact captive.apple.com, but falls back to www.microsoft.com and then support.ruckuswireless.com if unable to reach first. All three were disabled, but now every 35 seconds I'm seeing DNS lookups to www.apple.com , along with IPv4 and IPv6 Reverse DNS lookups for same domain. Obviously the prior attempt to disable the Internet Checking is limited and actually creates more log spam than before.

Are there possibly any undocumented CLI commands to disable the remaining attempts?

While this is not a large issue by any means, I prefer to not have the AP reach out if not necessary and create log spam. For the time being, I left support.ruckwireless.com check enabled reducing lookups to 65 seconds and have a host override in Unbound to blackhole the request. Still creates some log spam which can't be filtered, though I can purge ever so often when needed. Thanks.

CLI command reference:

https://docs.commscope.com/en-US/bundle/unleashed-200.13-commandref/page/GUID-B6343A24-59CA-4711-815...

Previous mention of issue within this forum:

https://community.ruckuswireless.com/t5/Access-Points-Indoor-and-Outdoor/DNS-Requests-to-baidu-com-f...

sanjay_kumar · ‎04-07-2023

Hi @ctay
The command is as below from CLI :

ruckus> en
ruckus# config
You have all rights in this mode.
ruckus(config)# system

ruckus(config-sys)# show internet-check
Internet Check:
Company = apple, Enable = 1

Internet Check:
Company = microsoft, Enable = 1

Internet Check:
Company = ruckus, Enable = 1

Now to disable this use the below command:

ruckus(config-sys)# no internet-check all
The internet check settings have been updated.
ruckus(config-sys)# end
Your changes have been saved.

To cross check:
ruckus(config)# system
ruckus(config-sys)# show internet-check
Internet Check:
Company = apple, Enable = 0

Internet Check:
Company = microsoft, Enable = 0

Internet Check:
Company = ruckus, Enable = 0

I would recommend using this function in 200.14, which is about to release in next week.

View solution in original post

ctay · ‎04-20-2023

I can confirm the fix appears to be working in this update. After upgrade to 200.14 and resetting Internet Checking, the AP would start its cycle of 65 sec DNS lookups to captive.apple.com, but after disabling Internet Checking via CLI, all further DNS traffic ceased. Thanks Sanjay.

View solution in original post

ctay · ‎04-08-2023

Hi Sanjay. Thank you for looking into this, but unfortunately, these actions I’ve already taken and the outbound traffic actually increased.

My current output from command "show internet-check":

Internet Check:
Company = apple, Enable = 0

Internet Check:
Company = microsoft, Enable = 0

Internet Check:
Company = ruckus, Enable = 0

DNS records seen from AP every 35 seconds: (truncated to remove irrelevant internal info)

www.apple.com. AAAA IN
www.apple.com. A IN
211.200.55.23.in-addr.arpa. PTR IN
a.c.a.1.0.0.0.0.0.0.0.0.0.0.0.0.9.8.8.1.0.0.4.c.8.0.4.1.0.0.6.2.ip6.arpa. PTR IN
a.c.a.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.8.1.0.0.4.c.8.0.4.1.0.0.6.2.ip6.arpa. PTR IN

If I were to re-enable the checks above, the traffic would appear as such every 65 seconds: (command: "internet-check all")

captive.apple.com A IN

If apple were disabled (command: "no internet-check apple"), every 65 seconds:

www.microsoft.com A IN

If microsoft was then disabled (command: "no internet-check microsoft"), every 65 seconds:

support.ruckuswireless.com A IN

Of course if I were to disable ruckus (command: "no internet-check ruckus"), the end result would show none enabled (same as command: "no internet-check all"), but new additional traffic is seen now every 35 seconds instead.

This is why I removed valid DNS services from the AP (pointed to false DNS server in IP settings). It was my only viable workaround to stop the log spam. I was hoping there was an undocumented command as your findings are not any different than my actions already performed.

There appears to be bug in the functionality to disable all Internet-checking.

sanjay_kumar · ‎04-09-2023

Hi @ctay
Yes, I have already tested this and go the same result, I have worked on this internally and it has been fixed in 200.14.
Which is why I mentioned in my previous comment to implement this on 200.14 version.

ctay · ‎04-10-2023

Thanks for the update Sanjay. The invalid DNS setting works well enough for my environment, but it's good to know a fix is on the way for others interested.

sanjay_kumar · ‎04-10-2023

Hi @ctay
I just tested this on 200.14 pre-release and it is working fine when we disable "internet-check"
There are no DNS request made from the AP.

sanjay_kumar · ‎04-18-2023

Hi @ctay

200.14 is released, you can check and let me know.

CommScope RUCKUS Community Forums

DNS lookups and outbound HTTP to Apple from Ruckus AP