Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ATT Modem DNS Hijack on Failover

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      daltonch
      last edited by

      I have 2 WAN's, ATT Fiber (WAN1) and TMobile 5g (WAN2). This morning was my first 'real' failure of ATT Fiber, pfSense detected it and properly marked it as down and traffic started routing through TMobile, as the day went on weird issues started popping up, apps not working, sites not loading, certificate errors. Eventually I tracked it down to DNS Hijacking by the ATT Modem. A nslookup www.google.com would return the management IP of the ATT Modem (192.168.1.254). This was confirmed by looking at the certificates that were erroring and seeing "Telco CPE dsldevice.domain_not_set.invalid" in the cert. I unplugged the ethernet cable from the ATT Modem and everything started working properly on the failover WAN2 (TMobile). When I looked in pfSense prior I saw WAN 1 reporting the WAN IP as '192.168.1.254' the ATT Management IP of the modem and the connection was Offline, Packetloss, instead of the proper routable IPv4 IP I normally have (makes sense, we are in an ATT outage). So pfSense detected that the WAN 1 (ATT) was down, but somehow my DNS was being hijacked by the ATT Modem. Is there anything in pfSense I can do to prevent this? I'd like the failover to work w/o intervention from me in the event I'm out of town and the connection goes down my family should be non the wiser.

      Thanks

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.