Updater error, no resolving by local DNS server

dns

#1

My Turris Omnia (ver. 3.11.1) cannot be updated because DNS resolving does not work. My WAN interface is set to use a DHCP assignment of IP address (and DNS servers).

Errors displayed by Forris

Updater failed:
unreachable: https://repo.turris.cz/omnia/lists/base.lua: Couldn’t resolve host ‘repo.turris.cz’

and more similar errors.

resolv.conf file content

root@turris_jis:~# cat /etc/resolv.conf
search lan
nameserver 127.0.0.1
root@turris_jis:~#

DNS resolving test fails, no Answer Section in response:

dig www.seznam.cz

; <<>> DiG 9.11.5 <<>> www.seznam.cz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20249
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.seznam.cz. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan 07 10:45:43 CET 2019
;; MSG SIZE rcvd: 42

root@turris_jis:~#

What I have tried:

  • Replacing local DNS server 127.0.0.1 by provider server in /etc/resolve.conf: It works, but change is not persistent. File is restored to previous state after reboot or other setting changes.
  • Disabling and re-enabling DNS forwarding: It works, but after some days the error occurs again.

Please, advice me:

  • How to set changes in /etc/resolve to be permanent?
  • How to manually force update in situation the DNS temporarily works and before the DNS problem occurs again?

#2

My estimate is that this is the same as Kresd eats file handles for breakfast, lunch and dinner

I’m curious: what kind of forwarding do you use? With TLS or without? (In Foris list of providers, TLS is explicitly mentioned on the corresponding items.) And do you have working IPv6? I assume stable Omnia version.

We’re a bit hindered by the fact that we still haven’t been able to reproduce some of the reported problems :-/ There’s a suspicion that the problem won’t happen without occasional malfunction of connectivity from ISP or some similar elusive condition that we’ve been unable to replicate well-enough so far.

That will work only for Omnia itself, network clients will still use the broken resolver. I’d think it best to try fixing it, but it’s your choice, of course. In your case, just restarting the router/resolver or even reconfiguring the resolver via Foris will most likely work around the problem for long-enough time to download updates.


#3

dnsmasq can advise the router clients which dns server to utilize


#4

Run updater.sh I think. @pepe knows better for sure.

I think I’ve recently seen an option changing the nameserver line, on this forum, but I can’t find it now.

Yes, I know; thanks for providing the details here. I think it would really only make sense together with the resolv.conf change (which I can’t remember how to do).


#5

Or if you bind kresd/unbound to an ip, like I do, instead of letting them listening globally.


option dns in /etc/config/network gets propagated to /tmp/resolv.conf.auto. That file is used as a source for local DNS resolver. Any local query is then according to /etc/resolv.conf sent to local DNS resolver and if such resolver has forwarding enabled then it forwards this request to provided name server



Opening LuCI port forwarding page is very slow (40s)
#6

And do you have working IPv6? I assume stable Omnia version.

Yes, I use IPv6 in my LAN. My IPv6 network is connected via 6RD tunnelling mechanism which is set on Turris Omnia. It is only possibility how to get IPv6 from my ISP. I am using IPv6 GW of my ISP via IPv4 tunnel.
Another problem is that 6RD is set by Luci, but is not supported by Forris. Result is I cannot use WAN page in Foris web management. It displays error page only. From NIC support i have got information that development team does not plan to implement the 6RD support into Foris.

Yes, I use standard Omnia (HW & SW), no special version.


#7

This is the solution I have for some weeks, but is partial only.

Actually my DNS problem is concerned with router only. It occurs for internal DNS requests in router. That is what I have described in my issue and I need your help.

Because all PC’s and phones and other nodes in my LAN had failed very often during wrong DNS server function, I set IP addresses of ISP DNS servers instead of defective and unreliable local DNS kresd address 10.1.1.1. (bind internally to 127.0.0.1 in router). I did it by Luci management on the DHCP & DNS page. My DHCP clients receive external DNS server addresses now. It is OK.

Persistent problem is I cannot update my Turris automatically and some other functions do not work. I do not know how to permanently set external DNS servers for DNS requests of router itself.


#8

Did you try different local_dns_server=, e.g. your ISP, 1.1.1.1, 9.9.9.9? dnsmasq needs to be restarted with each change.

Could you also post the output from dig repo.turris.cz with different local_dns_servers?

Summary

; <<>> DiG 9.11.5 <<>> repo.turris.cz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49680
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;repo.turris.cz. IN A

;; ANSWER SECTION:
repo.turris.cz. 1800 IN CNAME proxy.turris.cz.
proxy.turris.cz. 1800 IN A 217.31.192.69

;; Query time: 589 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; MSG SIZE rcvd: 79

N.B. I am an avid user of unbound on numerous nodes and not facing any of the issues. Or perhaps it is because I have ipv6 disabled everywhere :wink:


#9

Yes, I do expect Unbound to be more reliable, generally.