Cisco Meraki MR52 no DNS after upgrade to 23.05.3

Hello I am using a Cisco Meraki MR52 as an access point on my Lan. It ws running 23.05.0 and I upgraded it to 23.05.3 now there is no DNS resolution on the lan connection. IF I SSh in I cannot resolve anything. It is like there is no local resolver and queries are not being forwarded to our lan DNS server.

I have no idea where to start diagnosing this.

All the settings are the same as for 23.05.0 the network connection configs look exactly the same.

resolv.conf has the correct lan DNS IP address in it.

Can anyone assist please as we have no service from this AP to the internet.

Cheers
Spart

can you connect via ssh to this AP?

if DNS resolution fails, can you ping its gateway and internet through IP addresses (example gateway 192.168.1.1, internet 8.8.8.8)?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall

@ncompact Thank you for the response.

No I cannot ping anything outside of the lan and cannot ping the gateway either.

I have just reflashed it with the base 23.05.0 image it originally had.

Without touching the config again. All is now working again and DNS resolution and internet are working for all devices connecting to the AP.

Have you had the chance to notice any differences in the configuration files?

or do you have some vlan that is not present on the new configuration?

@ncompact No vlans.

Simple lan config AP is 'dumb' and simply connects wifi clients to the network. DHCP and DNS are all centrally managed.

I did not try to install the new firmware then reset to factory and reconfig from scratch as a dumb AP. Maybe there is something screwed in the config on the latest 23.05.3 image.

Thanks for responding.

Let's take a look at the configuration as previously requested. This will help us understand what is happening on your device and if there are any predictable issues related to the config.

Messages crossed.

I will need to reflash again to the latest build as it is now downgraded back to 23.05.0.

I will find some time to do this and try again and post updates to this thread.

Cheers
Spart

If you're trying to keep settings from 23.05.0 > 23.05.3, the current configuration you have in 23.05.0 is fine for us to review.

@ncompact @psherman
Please see the configs as requested below. I am just about to try and upgrade to 23.05.3 on the same MR52. I have pulled it from the network and replaced it with a MR33 for now until I can get this working.

# ubus call system board
{
	"kernel": "5.15.134",
	"hostname": "TWHG246MR52",
	"system": "ARMv7 Processor rev 0 (v7l)",
	"model": "Meraki MR52",
	"board_name": "meraki,mr52",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.0",
		"revision": "r23497-6637af95aa",
		"target": "ipq806x/generic",
		"description": "OpenWrt 23.05.0 r23497-6637af95aa"
	}
}
# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'
	option ipv6 '0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	list ipaddr 'xx.xx.xx.xx/24'
	option gateway 'xx.xx.xx.xx'
	option broadcast 'xx.xx.xx.xx'
	list dns 'xx.xx.xx.xx'
	option delegate '0'
	list dns_search 'xxxxxxx.xxxxx'

config device
	option name 'eth1'
	option ipv6 '0'

config device
	option name 'eth0'
	option ipv6 '0'

# cat /etc/config/dhcp

config dnsmasq
	option rebind_protection '1'
	option expandhosts '1'
	option cachesize '1000'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	list server 'xx.xx.xx.xx'
	option local '/lan/'
	option domain 'lan'
	option domainneeded '1'
	option rebind_localhost '1'
	option localise_queries '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ignore '1'
	option dynamicdhcp '0'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

# cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

I just upgraded it and I get the same issue no DNS resolution and no access to the internet from the device. I cannot for instance refresh the software or use any of the diag tools. They fail.

# ping bbc.co.uk
ping: bad address 'bbc.co.uk'
# nslookup bbc.co.uk
;; connection timed out; no servers could be reached

I can ping other devices on the network but not the gateway which is also the DHCP and DNS server for the lan. The DHCP server must be working as my mobile is assigned an IP or maybe it is just remembering the old one it had.

But there is no DNS .

The output from these three commands is identical between the 2 versions. Line be line character by character.
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall

Obviously the
ubus call system board command returns the latest firmware

# ubus call system board
{
	"kernel": "5.15.150",
	"hostname": "TWHG246MR52",
	"system": "ARMv7 Processor rev 0 (v7l)",
	"model": "Meraki MR52",
	"board_name": "meraki,mr52",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.3",
		"revision": "r23809-234f1a2efa",
		"target": "ipq806x/generic",
		"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
	}
}

Weirdly I can connect from a wireless device and browse the internet.

Do not redact RFC1918 addresses:

@psherman The 2 configs are identical line by line.

Cheers
Spart

All the redacted information means we have no idea what is going on. Can you post it without redacting RFC1918 addresses? (they don't reveal anything sensitive about your network).

All I have done is to take the lan IP info out. It is irrelevant as both configs version 23.05.0 and 23.05.3 are identical. I have also tried 23.05.2 and that is the same. No DNS or internet access from the device.

Flashed back to 23.05.0 and I now have DNS and internet access from the device I can use the diag tools an refresh the software.

To be clear, this gives us absolutely no useful information.

The information (aside from maybe the last line) is not secret information, but it is essential if we are going to help you.

@psherman I am sorry I can't see the issue here. Put in any address you like. They are identical lines between the 2 configs. 23.05.0 works and 23.05.2 or 23.05.3 do not. With exactly the same lan config!

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	list ipaddr '192.168.1.246/24'
	option gateway '192.168.1.1'
	option broadcast '192.168.1.255'
	list dns '192.168.1.1'
	option delegate '0'
	list dns_search 'local.home'

It is directly relevant because we're talking about your specific configuration and trying to understand if there is something that is invalid or may have a syntax that may behave differently than expected.

Did you provide your real information there?

What is the upstream device? Is it a router or a direct ISP connection? What port is it connected to?

Yes.
It's a router upstream.
eth0
I have compared the configs between firmware versions they are IDENTICAL!

What address is here? Is this your upstream router?

192.168.1.1
Yes

on 23.05.0 the local listener/forwarder answers and on anything newer the local listener/forwarder does not.