Hello,
We’re using TO (OpenWrt omnia 15.05 r47055) as AP/DNS/router for two office locations. In both places I have been getting reports about “randomly not working pages”, however I wasn’t able to track any specific site, due to lack of good reports.
Currently I managed to find one issue myself, as well as got one valid report.
Issue 1: No result returned by TO even when using +trace
$ dig logs.us-east-2.amazonaws.com @192.168.5.1 +trace
; <<>> DiG 9.10.6 <<>> logs.us-east-2.amazonaws.com @192.168.5.1 +trace
;; global options: +cmd
;; Received 28 bytes from 192.168.5.1#53(192.168.5.1) in 0 ms
No result returned by TO, not using trace:
$ dig logs.us-east-2.amazonaws.com @192.168.5.1
; <<>> DiG 9.10.6 <<>> logs.us-east-2.amazonaws.com @192.168.5.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43723
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;logs.us-east-2.amazonaws.com. IN A
;; Query time: 104 msec
;; SERVER: 192.168.5.1#53(192.168.5.1)
;; WHEN: Mon Mar 30 14:30:08 CEST 2020
;; MSG SIZE rcvd: 57
OK from any other DNS server (yes, i also checked clodflare DNS servers, which I use as forwarders):
$ dig logs.us-east-2.amazonaws.com @8.8.8.8
; <<>> DiG 9.10.6 <<>> logs.us-east-2.amazonaws.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64203
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;logs.us-east-2.amazonaws.com. IN A
;; ANSWER SECTION:
logs.us-east-2.amazonaws.com. 59 IN A 52.95.22.49
;; Query time: 36 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Mar 30 14:30:44 CEST 2020
;; MSG SIZE rcvd: 73
Second issue regards domain hypno.nimja.com
- it does not resolve when using TO as DNS, resolves from other DNS servers.
kresd is configured for TLS forward:
net.ipv6=false
policy.add(policy.all(
policy.TLS_FORWARD({
{'1.1.1.1', hostname='cloudflare-dns.com', ca_file='/etc/ssl/certs/DigiCertECCSecureServerCA.pem'},
{'1.0.0.1', hostname='cloudflare-dns.com', ca_file='/etc/ssl/certs/DigiCertECCSecureServerCA.pem'}
})
))
Do you have any tips how we can DNS lookup work more reliable in internal network with Turris Omnia?
Best,
Marek Obuchowicz
KoreKontrol Germany