DNS issues after upgrading from 22.03 to 23.05.0 (WRT1900ACS)

Hi all,

I upgraded my main router (TP-Link WRT1900ACS) from 22.03 to 23.05 the second time today. I already tried it two weeks ago, but rolled back, as I had no time to debug the issues I was seeing.

Unfortunately, I see the same issues today.

  • DNS requests are intermittently failing, both against the OpenWRT internal DNS-Server as well as against resolvers in the local network (that do NOT query the OpenWRT router)
  • Connectivity checks in various devices claim that the network does not have an internet connection

Some devices could be "fixed" by rebooting, others still fail to work even after multiple reboots. I enabled logging the DNS queries in the router and I see them being resolved, but apparently the devices's connectivity checks are still not pleased and still report errors.

Are there any known issues regarding DNS? Has something changed in dnsmasq that I would need to adapt?
Are DNS packages being filtered differently on firewall level? As it is not only the OpenWRT DNS server, but also DNS resolvers behind it, I am totally puzzled what this could be...

Any ideas on what to check and where to debug further are highly appreciated...

Thanks in advance,
Johannes

For the most part, DNS is a pure software feature with very little hardware specifics - so usually one would assume the behaviour to be identical on all devices (obviously there may still be issues specific to a particular arch or network setup, but relatively few). So far I'm not aware of any similar sounding reports about 23.05, nor 'should' there be any larger configuration changes between them.

Before going into it any deeper -and considering that you have a dual-firmware device which makes this rather easy- I would suggest to flash 23.05.0 again, not retaining configuration settings and having a look with that (reboot the client used for testing after having flashed OpenWrt). If it works, great - then there is no problem and you can compare the new config with your old one - if it doesn't, luci-advanced-reboot lets you go back to your untouched 22.03.x installation in a jiffy.

3 Likes

How could the OpenWrt router affect requests against other nodes in the network? This could give us a clue about the issue.

1 Like

You could also try to move Openwrt as DNS, out of the equation, and set 8.8.8.8 or some other public DNS as resolver, for those devices that don't require the local DNS.

Exactly.

I did some more testing. To me it looks like DNS connections via TCP to hosts outside the network are affected the most.

e.g. dig openwrt.org @9.9.9.9 +notcp works from a machine behind the router, while dig openwrt.org @9.9.9.9 +tcp fails (communication error with 9.9.9.9 or similar).

DNS requests against the router work with both TCP and UDP.

As I can see successful DNS requests in the router's log when machines do their connectivity check, I assume that they use a TCP connection to connect to that connectivity check URL. And if this one also breaks, the devices report missing internet connectivity.

TL;DR
I rolled back (again) and will repeat the update without keeping the configuration. Start from a clean state and integrate the configuration back piece by piece.
(Which sucks and will be a lot of work, but I do not want to stay on 22.03 forever...).

As I wrote, several machines are not using the router as DNS server. But I get the errors both when using external DNS like 9.9.9.9 and when using internal resolvers (that are connection to root servers and authoritative servers during lookups). And I get the error most often, as soon as TCP is involved in the DNS requests, while UDP works (most of the time, at least).

I can dig the DNS at 9.9.9.9, using either TCP or UDP, without issues. Have you changed anything on the firewall, from the default config?

:slight_smile:

I have 9 VLANs, several rules that allow access between certain networks, etc. pp.

BUT: All of that is working fine on 22.03 and I can dig @9.9.9.9 example.org with both TCP and UDP from all hosts inside the networks.

A post was split to a new topic: DNS problems since upgrading to 23.05, with WireGuard VPN