Disable or reduce the frequency of query[A] captive.apple.com from 10.0.0.134

pfuskdkf · April 13, 2026, 4:33am

Hi, I am using GL.INET Flint as a repeater.

In the main router, also running openwrt 25,logread shows query[A] captive.apple.com from $GLINET_REPEATER_IPV4 is flooding the log every few seconds.

Here’s connection setup:

A main router from the ISP → wired → personal main router (openwrt 25) → wifi → GL.INET Flint AX1800 Repeater.

As you can see, logread is being flooded and is it not able to capture other important events (if it did, it gets pushed away by the capative message)

Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628275 10.0.0.134/47243 cached captive-geo.origin-apple.com.akadns.net is
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628275 10.0.0.134/47243 cached captive.g.aaplimg.com is 17.253.5.138
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628275 10.0.0.134/47243 cached captive.g.aaplimg.com is 17.253.5.153
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628276 10.0.0.134/46268 query[A] captive.apple.com from 10.0.0.134
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628276 10.0.0.134/46268 cached captive.apple.com is
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628276 10.0.0.134/46268 cached captive-cidr.origin-apple.com.akadns.net is
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628276 10.0.0.134/46268 cached captive-geo.origin-apple.com.akadns.net is
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628276 10.0.0.134/46268 cached captive.g.aaplimg.com is 17.253.5.153
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628276 10.0.0.134/46268 cached captive.g.aaplimg.com is 17.253.5.138
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628277 10.0.0.134/55848 query[A] captive.apple.com from 10.0.0.134
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628277 10.0.0.134/55848 cached captive.apple.com is
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628277 10.0.0.134/55848 cached captive-cidr.origin-apple.com.akadns.net is
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628277 10.0.0.134/55848 cached captive-geo.origin-apple.com.akadns.net is
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628277 10.0.0.134/55848 cached captive.g.aaplimg.com is 17.253.5.138
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628277 10.0.0.134/55848 cached captive.g.aaplimg.com is 17.253.5.153
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628278 10.0.0.134/58481 query[A] captive.apple.com from 10.0.0.134
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628278 10.0.0.134/58481 cached captive.apple.com is
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628278 10.0.0.134/58481 cached captive-cidr.origin-apple.com.akadns.net is
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628278 10.0.0.134/58481 cached captive-geo.origin-apple.com.akadns.net is
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628278 10.0.0.134/58481 cached captive.g.aaplimg.com is 17.253.5.153
Sun Apr 12 21:33:05 2026 daemon.info dnsmasq[1]: 628278 10.0.0.134/58481 cached captive.g.aaplimg.com is 17.253.5.138
Sun Apr 12 21:33:06 2026 daemon.info dnsmasq[1]: 628279 10.0.0.134/34425 query[A] captive.apple.com from 10.0.0.134
Sun Apr 12 21:33:06 2026 daemon.info dnsmasq[1]: 628279 10.0.0.134/34425 cached captive.apple.com is
Sun Apr 12 21:33:06 2026 daemon.info dnsmasq[1]: 628279 10.0.0.134/34425 cached captive-cidr.origin-apple.com.akadns.net is
Sun Apr 12 21:33:06 2026 daemon.info dnsmasq[1]: 628279 10.0.0.134/34425 cached captive-geo.origin-apple.com.akadns.net is
Sun Apr 12 21:33:06 2026 daemon.info dnsmasq[1]: 628279 10.0.0.134/34425 cached captive.g.aaplimg.com is 17.253.5.138
Sun Apr 12 21:33:06 2026 daemon.info dnsmasq[1]: 628279 10.0.0.134/34425 cached captive.g.aaplimg.com is 17.253.5.153
Sun Apr 12 21:33:06 2026 daemon.info dnsmasq[1]: 628280 10.0.0.134/34688 query[A] captive.apple.com from 10.0.0.134
Sun Apr 12 21:33:06 2026 daemon.info dnsmasq[1]: 628280 10.0.0.134/34688 cached captive.apple.com is
Sun Apr 12 21:33:06 2026 daemon.info dnsmasq[1]: 628280 10.0.0.134/34688 cached captive-cidr.origin-apple.com.akadns.net is
Sun Apr 12 21:33:06 2026 daemon.info dnsmasq[1]: 628280 10.0.0.134/34688 cached captive-geo.origin-apple.com.akadns.net is
Sun Apr 12 21:33:06 2026 daemon.info dnsmasq[1]: 628280 10.0.0.134/34688 cached captive.g.aaplimg.com is 17.253.5.153
Sun Apr 12 21:33:06 2026 daemon.info dnsmasq[1]: 628280 10.0.0.134/34688 cached captive.g.aaplimg.com is 17.253.5.138
Sun Apr 12 21:33:10 2026 daemon.info dnsmasq[1]: 628281 10.0.0.134/34310 query[A] captive.apple.com from 10.0.0.134
Sun Apr 12 21:33:10 2026 daemon.info dnsmasq[1]: 628281 10.0.0.134/34310 cached captive.apple.com is
Sun Apr 12 21:33:10 2026 daemon.info dnsmasq[1]: 628281 10.0.0.134/34310 cached captive-cidr.origin-apple.com.akadns.net is
Sun Apr 12 21:33:10 2026 daemon.info dnsmasq[1]: 628281 10.0.0.134/34310 cached captive-geo.origin-apple.com.akadns.net is
Sun Apr 12 21:33:10 2026 daemon.info dnsmasq[1]: 628281 10.0.0.134/34310 forwarded captive.apple.com to 1.1.1.1
Sun Apr 12 21:33:10 2026 daemon.info dnsmasq[1]: 628281 10.0.0.134/34310 reply captive.apple.com is
Sun Apr 12 21:33:10 2026 daemon.info dnsmasq[1]: 628281 10.0.0.134/34310 reply captive-cidr.origin-apple.com.akadns.net is
Sun Apr 12 21:33:10 2026 daemon.info dnsmasq[1]: 628281 10.0.0.134/34310 reply captive-geo.origin-apple.com.akadns.net is
Sun Apr 12 21:33:10 2026 daemon.info dnsmasq[1]: 628281 10.0.0.134/34310 reply captive.g.aaplimg.com is 17.253.5.140
Sun Apr 12 21:33:10 2026 daemon.info dnsmasq[1]: 628281 10.0.0.134/34310 reply captive.g.aaplimg.com is 17.253.5.131

admon · April 13, 2026, 3:49pm

Uhm, I might be wrong, but this seems more like something the Apple devices do when they connect to your AP?

xize11 · April 13, 2026, 4:12pm

You can disable rebind protection in the dns settings in the gl ui.

I know that in some modern versions of luci (the advanced settings) you also have a way to have rebind protection still work but with a list to ignore certain domains.

Rebind protection happens when a external domain points to a local ip, or when a upstream dns points to a domain with a local ip.

The captive url is a placeholder url for captive portal detection by iphones it does that on every wifi AP

pfuskdkf · April 14, 2026, 4:16am

well, I do not have any apple devices. The 10.0.0.134 is the Gl.inet Flint router.

pfuskdkf · April 14, 2026, 8:06pm

Apparently I asked this question 6 months ago, and it is considered as ‘normal behavior’ by GL.INET.

In my opinion, this is unacceptable.

There should exist a button to turn it off, as having this feature turned on causes flooding of the log with useless information. @bruce I would like to submit a feature/bug request to have the option of turning this feature off.

Thanks.

EBE · April 14, 2026, 11:00pm

I know I get all these in my logs, but we do have HomePod Minis, Apple Watches, iPhones, iPads, and of course with Siri use so I expect this kind of traffic (even though there’s a lot of it), but are you sure you don’t have guests or others with Apple devices in range - or a Wi-Fi / guest hotspot?

will.qiu · April 16, 2026, 1:58am

Hi,

We’ve confirmed this further with our R&D team.

Currently, when using the Repeater function, the device will automatically detect whether the upstream hotspot is a public network with a Captive Portal by accessing captive.apple.com. Based on the response, it determines the status:

If it is not a Captive Portal, the behavior stops.
If it is a Captive Portal, it will continue to check periodically to determine whether re-authentication is needed.

Could you please confirm the following:

Does your main router’s SSID have a Captive Portal–like service deployed (e.g., hijacking the DNS for captive.apple.com and redirecting it to another website)?
Please let us know the current firmware version of your Flint. You can find it under Admin Panel → System → Upgrade.
Please export the logs and send them to us via private message. We’ll review them for further analysis.

How to export logs:

How to send private messages:

pfuskdkf · April 20, 2026, 5:20am

The repeater runs on vanilla FW from GL.iNET, it is the latest GL.INET as of 4/19/2026, 4.8.3. Something like that.

The main AP with Capative log flooding ran on Openwrt v24. (the latest stable release). It was a TPlink Archer C7 v5 device.

However, I recently swapped out the TP-link AP with Flint2 running openwrt v25. Flint 2 is currently giving a USB error which is a separate issue.

I’ll keep an eye out for the captive portal, and see if it will show up on the new AP.

will.qiu · April 20, 2026, 9:03am

Thanks for the update.
If the problem is still occurring while Flint 2 is a new AP, please export the logs and DM us as above so that we can check.

Thank you for your understanding and cooperation.