I can’t access any websites under domain when using my router as the DNS server.


$ dig @

; <<>> DiG 9.10.6 <<>> @
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16475
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;	IN	A

;; AUTHORITY SECTION: 10800	IN	SOA nobody.invalid. 1 3600 1200 604800 10800

;; Query time: 72 msec
;; WHEN: Fri Nov 19 01:44:48 CET 2021
;; MSG SIZE  rcvd: 91

If I query another DNS server (my AdGuard Home) it works:

$ dig @ 

; <<>> DiG 9.10.6 <<>> @
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11423
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;	IN	A


;; Query time: 32 msec
;; WHEN: Fri Nov 19 01:45:32 CET 2021
;; MSG SIZE  rcvd: 68

My DNS settings in reForis are simply forwarding them to my AdGuard Home running in the IP above. I have no idea why Turris still tries to do some DNS before sending it to my AdGuard Home (that’s for me totally unexpected).

I also tried disabling Sentinel, without any changes. I found the following thread that mentions Turris Greylist, not sure if they’re connected:

How to fix this?

This certainly looks like blocked on DNS level. (The SOA record is a fake one.) Perhaps you use the adblock package?

I had, but I have uninstalled it.

In reForis → Package Management → Packages, here’s what I have installed:

Everything under Advanced security & analytics - Turris Sentinel
Hardening → Common passwords filter
LuCi Extensions: None
LXC Utilities
Network monitoring and parental control → Internet connection speed measurement

And that’s all.

I wonder if the uninstallation could have left some remains. If you can, log in by ssh and edit file /etc/config/resolver. In section config resolver 'kresd' remove line list rpz_file '/etc/kresd/adb_list.overall'.

Then you’ll need to reload the resolver, e.g. command /etc/init.d/resolver restart or any UI action touching its configuration, etc.

My quick test confirmed that the RPZ configuration remained after opkg remove adblock. @dibdot maintains the package in openwrt; maybe it’s not hard to fix?

Thanks! That worked :slight_smile:

Do you want me to open a separate bug, or us this here enough?

I’d probably first wait for reaction from the maintainer. Then the bug would most likely go to

Just disable adblock before you remove the package - that removes any adblock related config entries, too.

This topic was automatically closed after 60 days. New replies are no longer allowed.