DNS resolving stopped working

I am lost, again.

I had set up my TO to handle local DNS resolving and DNS forwarding for external domains (a least that is how I think it worked). After changing ISP (from DSL to Fiber) it stopped working and I am not skilled enough for handling this myself apparently.

I have read many guides and form posts, tried out a bunch of stuff, but I still cannot make this work. Changed configurations for Kresd but it does not seem to change anything.

First of all, is there a way to export my configuration so that someone maybe could find out what I did wrong. Can someone please point me to a solid article on how to set this up?

I am on the latest version 3.10 currently.

Suppose you have seen those (recent) posts related to fibre and ipv6. Is your issue with DNS over ipv6 or ipv4?

And there is a guide for DNS debugging https://doc.turris.cz/doc/en/howto/dnsdebug

If you forward on ISP resolver(s), and this started on ISP switch, my best bet is that they break some DNSSEC records or something. I would first try without forwarding (i.e. standard iteration; just unchecking the box in Foris normally).

I did not actually switch to fibre directly for the TO, there is still a converter in front so the TO gets RJ45. Going to try out the debugging article though. Thanks!

That was my guess also but I did try to uncheck the box and it did not help me unfortunately.

Ok, when going through the debugging manual, enabling resolver-debug package, enabling verbose logging, trying to visit a site, disabling debugging and finally, printing log file. I can see none of the sites I am trying to visit in the log file, I should be able to do this right?
Here is my log file: https://pastebin.com/4nHLmyEk

Strange thing, my main laptop is resolving DNS without any issues, I have disabled VPN, run ipconfig /flushdns but it still works. All other devices I have tried is failing.

the link to the logfile produces

404
Page not found

Updated the URL. https://pastebin.com/4nHLmyEk

If needed, here is my settings in Foris:

That is curious. At least it indicates that DNS is working on the router and at least one of its clients, unless that is if there is a particular DNS server stipulated on the main laptop other than the router.

Are the clients are all connecting the same way to the router, e.g. lan/wlan? Can you ping/traceroute the other clients from the main laptop/router? Can the other clients ping the router?

After some time DNS resolving stopped working on my laptop so I guess it was just some kind of local caching of DNS servers.

All clients are connected on the same LAN either through cable or WiFi, I can ping them in all different directions and I can ping outside IPs as well. If I manually add the IP of a DNS on a client that client can then resolve outside hosts.

Seems that all the necessary connectivity is there except between those troubled clients and kresd, that is excluding the main laptop apparently.

As I am using unbound as resolver I am not much help with kresd specifics. The only thing perhaps noticable from the logs

info kresd[7129]: net.ipv6 = false

It is not clear to me whether that means ipv6 is disabled for kresd or whether a dns query made by kresd just did not produce an ipv6 result. If the former and the troubled clients are querying over ipv6 only then it could explain the issue.
I am not aware whether kresd features access control, i.e. limiting queries to particular subnets/ips.

Maybe someone with better knowledge of kresd can chime in and get this sorted.

@Larre could you disclose the device type and related OS of all clients, just to see whether there is a potential pattern, particularly with the OS?

Like I said, after a while DNS resolving stopped also on my laptop. There is no pattern, I have a mix of devices, connected and wireless. Apple TVs, iPhones, Mac, PCs.

I could really need some guidance on how a standard configuration should look. Is the first post in this thread still valid? Dnsmasq .lan domain while still using knot resolver - SW help - Turris forum

At least it is ruled out then, just wanted to make sure.

The (official/community) documentation spread for caching resolvers on TO appears to be rather thin in general. Seems there is basically nothing for kresd on OpenWRT.

Hope that you find the necessary information somewhere in the forum or someone with kresd knowledge to lend a hand. My box is doing fine with unbound as caching resolver, thus have to excuse me from further input on kresd.

1 Like

@larre So, after restart DNS works OK (based on the logs sent to support), but after some time it completely stops working on all devices and all (web site) names, until you restart the router again?

Or does it only affect some devices and not others? (That might suggest some of them switching to asking a different IP than your router.)

The net.ipv6 = false thing seems normal. You apparently don’t have working IPv6, so Omnia scripts detect that after some seconds and send this command to knot-resolver, so that it doesn’t try using IPv6 for contacting servers (as that would be futile and would increase latency).

I had a similar problem last month after a firmware update. Here’s how my issue was resolved. Not sure this will help you, but worth checking:

1 Like

It might work for a little while, really haven’t noticed. But it is the same for all devices. Only my work laptop (that is on a VPN) continues working (as long as it is on VPN).
How would I go about to resolve this? Should I try to factory reset the whole router maybe?

My best suspect ATM is that something filled your /tmp. I can occasionally see such reports on the forum. With filled /tmp the DNS service typically gets broken, but I suppose routing may continue to work, allowing your laptop to use DNS via its VPN.

If this still happens for you, I would try to ssh to the router in the non-working moment, inspect df /tmp and find what files filled it if has no space left.

Here is the result:

root@turris:/# df /tmp
Filesystem           1K-blocks      Used Available Use% Mounted on
tmpfs                   515700      1288    514412   0% /tmp
root@turris:/#

I guess this seems pretty ordinary.

I did not know about Schnapps before so I reset the router to a date when I know it was working, before I switched my ISP. After a few restarts it seems to work again, DNS is running with the previous settings and is routing internal and external traffic. This is really strange if you ask me.

I will let it run now and see if it goes down again, in that case, I will check files on /tmp again.

Thank you for now.

1 Like