My Turris Omnia started recently (around 6th October) to fail when resolving some web pages. I did not change any setting, however it seems that problems are mostly with generally less frequently visited sites, e.g. google.com is resolving fine, synology pages are failing. Sometimes multiple reloads in the web browser do the trick and web page resolves, sometimes it does not. When I bypassed Omnia everything works fine.
I am currently on Turris OS 3.10.7.
I have tried some tinkering with DNS settings, however those rendered Omnia not resolving at all, so I had to revert to the latest snapshot.
I am using unbound and got similar resolution failure since a few weeks ago. Restarting the resolver is enough to make thinks working again. I did not have time to investigate further though.
I know about some issues that appear the same way, also from a few forum users, but those started much earlier than this month and reverting seems not a good way for that one (it would need to go far back and thus bring security issues). Gathering verbose logs would confirm if itās likely to be the same issue.
You may prefer to send the logs privately or provide just the relevant portion (shortly around the query time), as longer lists of resolved names themselves are often considered private.
So you guys have confirmed about the DNS resolve issue and it has not been fixed right?
At the moment what is the best config to use? Because for the past couple of months i just put only the address of the repo and project manually in the hosts file to at least get a pkgupdate resolv and with it having newer Turris-OS updates.
For reference, logs for the OP indicated itās most likely caused by the ISP intercepting DNS packets. I havenāt noticed any message from protree yet.
There is one elusive unsolved issue. It only causes occasional problems for some domains AFAIK, so if your DNS doesnāt work at all (not clear from what you write), itās probably something else. Forwarding should work around the linked issue, but that setup is sensitive to āqualityā of the forwarded-to servers, and with ISPs it relatively often leads to problems on some names. (They tend to use BIND versions that are several years old and thus buggy around some edge cases.)
You may also like Using dns over tls or https, but there you give your data to yet another party, so it dependsā¦ I donāt think any of the options is always superior.