Well, dnsmasq is filling my syslog with the DNS rebind attacks and gets buried with the normal flow of things.
And it is doing it for a reason to get your attention to rogue websites you are visiting.
Better use your adblocker or BANIP to block those, who knows what else they try to infest you with
It’s NOT giving any useful info of which device is flooding these messages. All it says is that it’s from amazonaws and I have a FireTV Cube. Can’t get rid of the box because of these messages, right? I’m not even sure whether it’s from FireTV Cube either.
Thu Sep 11 07:28:45 2025 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: internal-cubeapm-rbintl-mumbai-pvt-alb-1830547274.ap-south-1.elb.amazonaws.com
Thu Sep 11 07:28:45 2025 daemon.warn dnsmasq[1]: possible DNS-rebind attack detected: internal-cubeapm-rbintl-mumbai-pvt-alb-1830547274.ap-south-1.elb.amazonaws.com
Either find the cause by checking which of your LAN clients triggers this and/or watch your DNS traffic on the router e.g. with:
tcpdump -i any port 53 and udp
or
cat /proc/net/nf_conntrack | grep ' dport=53'
Or just pretend the problem is not there
Do what ever you feel comfortable with 
2 Likes
Wonderful and thank you for giving me insight into finding the culprit.
If it comes as FireTV Cube, not sure what can I do? It’s not like I’m going to any specific website from the box as it’s a streamer and the in-built apps do whatever they do.
Yes that indeed can be a problem which is not easy to solve 
I finally put together a nice one-liner to catch the culprit and indeed, it is FireTV Cube. Sick!
Now, I have to use those firewall rules unless I find another way to avoid it.
tcpdump -i any udp port 53 -n -s 0 -l -vvv \
| awk '/.amazonaws.com/ {
ts=strftime("[%Y-%m-%d %H:%M:%S]");
client=$3;
for (i=1;i<=NF;i++) if ($i ~ /.amazonaws.com/) host=$i;
print ts, "client=" client, "query=" host;
host="";
}'
At least it is good to know, I will steer clear of that 
can you test wifi: ath11k: fix group data packet drops during rekey patch
i don’t know its gonna fix your problem but in my opinion it may seems related to your problem
The patch ath11k: clear the keys properly via DISABLE_KEY it mentioned was reverted in OpenWRT through 940-ath11k-Revert-clear-the-keys-properly-when-DISABLE_K.patch.
Update: I deleted 940-ath11k-Revert-clear-the-keys-properly-when-DISABLE_K.patch and try to apply wifi: ath11k: fix group data packet drops during rekey by adding a new patch (941-xxx), unfortunately it conflicts with the patches applied after (nss/ath11k/236-003-ath11k-...) and requires more rework on the patches, with which I am struggling. It is part of linux 6.12.47, maybe I will just wait for OpenWRT mainline update and patch refresh from qosmio.
you’re right
mainline requires more rework also it need to update 6.16 to 6.16.6 but i managed to work with 24.10-nss branch i just updated mac80211 also added fix group data packet drops during rekey patch
you can test patch with 24.10-nss branch
Maybe you can try it again.
Excellent news for everyone that had issues with nlbwmon not showing any traffic in Luci.
I think a solution (or at least a workaround) finally has been found for nlbwmon not showing any traffic in Luci. Thanks to a guy who debugged it with strace. It works OK for me now and obviously NSS builds are not the fault for nlbwmon not showing anything. I’m finally able to analyze the network traffic more closely.
rmmod nf_conntrack_netlink
modprobe nf_conntrack_netlink
See here.
1 Like
Hi All, sorry for the lack of commits. Been on vacation last few weeks + work/life. Hopefully I can get some time next few days once things settle to update with latest commits upstream.
24 Likes
Hey qosmio, do you have plans to bump kernel to 6.12 on 24.10 branch ?
That makes no sense, 24.10 branch tracks openwrt-24.10.
1 Like
Oh, so it’s in line with official OpenWRT, got it.
1 Like
It's not quite like that. The branch remains in place over time and must be updated.
If you say so… openwrt-24.10 is the stable branch. It won’t get a bump to kernel version 6.12.
Hi, I'm new on this, right now I have my Xiaomi AX3600 on the official openwrt version, last time I tried an nss build was from Agustin Lorenzo and apk didn't work so switched to official branch, how can I go to an nss build again? Can I just sysupgrade?
Do sysupgrade and do not allow it to keep settings. All settings will have to be done manually after upgrade.