DNS resolver dropouts (or hangs?)

I experience annoying DNS dropouts: a browser answers “server not found” for some sites. By coincidence, I have found a cure: login to foris, go to dns and check + uncheck “Use forwarding”. Only then press save. It answers in green “Configuration was successfully changed” i.e. no visible change in the configuration at all. However, after this dns always works again.
Both Use forwarding and Disable DNSSEC are unchecked.

I already do experience dns not resolving since long time ago, time to time it stopped answering. The cure then was to switch the use forwarding to the opposite value regardless on how it was originally set (for an enduser it didn’t make any difference if the forwarding was set or not).
The behaviour looks very similar now, but now it happens every second day or so which gets really annoying even it can be cured as mentioned above (I don’t know, though, if this could have helped earlier).

My HW:
foris version: 97.13
|Device |Turris Omnia - rtrom01|
|Turris OS version |3.10.3|
|Kernel version |4.4.138-1e8e1b4c23f383e990eb3c4f490f5f2e-1|

I don’t know how or why the subject has changed. I named it different way (“DNS resolver dropouts”). Moreover - I do not like someone has changed that without any word.

Anyway - I DO NOT TRY TO UNCHECK the dns forwarding. It stays always unchecked. What I wanted to report is that something it Turris hangs/crashes/whatever and then without doing any change, if I force the configuration again, it starts working for a while (but unfortunately, recently this while is short).

I just added the DNS tag; perhaps someone else tried to edit the title in the meantime, or it was a strange bug? Feel free to fix the title.

My guess is that this check+uncheck is just a way to restart the resolver. (Restarts keep the cache in /tmp by default now, so it’s almost for free.)

OK, changed it back. It might not be the best title but the new one did not make any sense. If it is a bug ten I hope the forum support will be able to see the logs.

I am no expert in linux (the less in Turris) and really do not know what is wrong. Most of the configuration is default, I did not make special crafting…
I could provide more info if I am suggested what is to be done.

To help us pinpoint the cause in your case, you can gather verbose logs for the failing moment.

I already have a couple recent failure logs from my own router, waiting for analysis, and the behavior seems similar. Therefore it’s very well possible that your cause is the same and the logs wouldn’t bring additional information, but I don’t know for sure in advance, so if you feel like it, you can gather them anyway…

OK, I’m willing to help :slight_smile:
When it fires again, I’ll send it. Thanks for hints.

1 Like

Thanks, the log parts look exactly as my own, so I’m confident that the root cause and solution will be the same. I hope I can solve this soon, as it seems not to be such a rare problem…

Hi there, no news after one month? Turris updated, now at 3.10.5 and it is still the same - every day, dns hangs and I have to log in and press the save button to bring it to work. I’m quite fed up.

I’m sorry, there’s no real news; upstream ticket. I haven’t managed to find the root cause, and apparently it hasn’t happened on my Omnia during the past three weeks, so it’s more difficult to uncover without a reproducer.

I believe it would significantly help me if I had a cache file from a moment when a name fails this way, because by spoofing system date I could repeat that failure at will and inspect what exactly is happening. On Omnia it’s located in /tmp/kresd/*.mdb.

Sending the cache is some privacy exposure, as it contains names that you queried and some timestamps on them, etc. – though I’d promise to only look at the failing name and names of nameservers required to resolve that name (transitively).

Hello, I am facing the same or similar problem of DNS resolver dropouts. Sometimes “server not found displayed” and after couple of refreshes its displayed again. I am just sending verbose logs and cache file to tech.support@turris.cz

According to the log this problem seems entirely different, most likely an issue in ISP’s resolver.

Stále kvoká, stále kvoká… ;-(

Hello guys,

I’m fine that you’re asking about the update for this bug because I’d do that same and in this case, I don’t have good news for you, but I can give you the workaround to avoid this bug, so it will not be so annoying.

We’re still discussing this matter (mostly @vojtech.myslivec together with @vcunat from Knot Resolver team) to be able to get more details, so we would be able to reproduce it more frequently as it is happens on the irregular basis. Right now, we’re not sure, where the issue might be.

My personal opinion about this issue is that it affects somehow mostly on domains hosted at IGNUM because I didn’t see that this issue happens on other domains, yet, but Vláďa told me that it’s not probably their fault, either.

The quick workaround, what I can offer for you is to enable DNS forwarding, but I don’t know, who is your ISP. There are some cases when you don’t want to forward your DNS traffic to their servers because some of them are using an old version of BIND (DNS software) and Vojta found that there is some issue with DNSSEC, which was fixed recently in version 9.9.0 and there might be other issues.

I recommend you to forward DNS traffic to for example CZ.NIC ODVR, Cloudflare (which is using Knot DNS Resolver), Quad9.

In Turris OS 3.11, there should be the way in Foris to do it by just a few clicks together with DNS over TLS. I’ll add this option as a comment into the linked issue.

We’re so sorry for any inconvenience caused by this bug.

2 Likes

It’s a fault of knot-resolver, at least primarily – I’m certain. I have already seen it with other hosters than Ignum (e.g. “udag” in the ticket linked above), but all cases of this bug reported by others (Omnia users) have been Ignum so far.

1 Like

Same problem here. I can only get dns to work again if i reboot… And i have cloudfare enabled…

If you use forwarding, it’s certainly a different problem. Please gather verbose logs for a failing moment.

2 Likes

Now I am really confused.
Yesterday, some addresses didn’t resolve again. I decided to stop fiddling with that like every day before and Based on Pepe’s advice, I enabled the DNS forwarding. It started to work. Or at least I thought so.

However, today in the morning, the problem reappeared - some addresses didn’t resolve:
jizdnirady.idnes.cz
nyx.cz
kecy.roumen.cz
www.sk-motorlet.cz
(all of them are linked to ignum)
So I unchecked the “Use forwarding” in Turis and it started to work again - it seems it behaves exactly the same as before.

Here is what I did yesterday:
In Luci / Network / DHCP and DNS, I have added 193.29.206.206 and 217.31.204.130 in “DNS forwardings” (which should be the CZ.NIC ODVR) and hit the “Save & Apply” with no positive result, the addresses still didn’t resolve. As it was not clear to me whether this actually turns forwarding on or something more is needed, I looked around Luci but didn’t find any other settings which would clearly set it on. Then I logged in Foris, checked the “Use forwarding” option in DNS and hit Save. The addresses started to resolve so I thought all is done and it will stop bothering me. Nope.
(this is a bit confusing for me too - I didn’t figure out where to put the dns IPs in Foris and I didn’t figure out where to turn forwarding on in Luci)
I admit I might have screwed the configuration somehow and maybe I did not set the forwarding at all - but I did the best I knew. I also admit that I might have done some other configuration changes months/years ago which I forgot about at all (I mean somewhere “inside” the system via ssh). But I am not aware of that and I do not know what/how to check now. I am not a linux guru and this is getting to be behind the border of my confident knowledge.

Foris says:
foris version: 97.13
Device Turris Omnia - rtrom01
Serial number 47244686918
Turris OS version 3.10.8
Kernel version 4.4.161-0a333a8e606ab056173befac424900d2-1

Luci says:
Model Turris Omnia
Firmware Version OpenWrt omnia 15.05 r47055 / LuCI 526a8767846acbe57c521912b35feb4d97354db6 branch (git-18.145.30016-526a876)
Kernel Version 4.4.161-0a333a8e606ab056173befac424900d2-1
(why does not Luci report the OS version and Foris the firmware version?)

My provider is Centrio.

Also, I do not understand Pepe’s note about Turris OS 3.11; is it a pre-advice for when 3.11 will be available?

Within 2 hours since my last message, the issue triggered twice again :roll_eyes:
The usual cure (Foris, press Save at DNS without any change) helped for that moment. What was new is that uloz.to failed and a to my understanding, it is not ignum-tied.

I don’t mean to hijack this thread, but I’m seeing significant issues with DNS for about past two weeks.

These issues are visibile as “Resolving host…” message in my Chrome. Every website sits in this state for several seconds. Web browsing performance is significantly lower as this is not the only DNS resolution that’s happening when a page is loaded.

Did you see any change in DNS resolution performance on stock settings routers?