DNS queries choked when copying files over network

Installing and Using OpenWrt
1

I flashed OpenWRT on my router for the first time today and everything performed fine until I started copying files to my NAS. When doing so, the computer I'm copying can't send/receive DNS queries.

I have DNS and DHCP disabled in my OpenWRT configuration and I'm using pihole as DHCP and DNS server. I suspected it could be fixed with QoS, so I installed SQM but to no avail. As soon as I start copying over the network, the pre-established connection remain (like voice conversations), but DNS queries are completely halted. I really am clueless on this one.

2

How are the devices connected?

1 Like
3

Just pointing this out. While the forum has many knowledgeable folks, if you are having PiHole issues, you might want to post your issue on a relevant forum relating to the PiHole platform, as well.

Your PiHole DHCP server should also be announcing the DNS address and Gateway, and your OpenWrt should have a static IP. I'm sure you already have all of this, but just running through the checklist.

Is it possible that your maxing out the router or network throughput? What device is it? Are you able to console/ssh before starting the transfer and run tcpdump (tcpdump -i br-lan -vvv dst port 53 (replace br-lan with whatever your LAN interface name is) and start the file transfer. This will at least show you if DNS requests are being received at the router at all.

Could it be that the PiHole can't keep up? What is seen on the PiHole when you transfer?

2 Likes
4

Both NAS and computer are connected via wired connection to the router, as is the PiHole machine? In that case SQM out of the box is not going to help as that traffic will mostly likely all travel over the L2 switch of your router, where SQM does not see anything.

3 Likes
5

All devices are connected through ethernet.

6

I want to point out that before I flashed OpenWRT I didn't have these issues, that's why I'm singling out OpenWRT here. I have used pihole for more than a year and it has never been an issue. All devices in question (my pc, DNS&DHCP-server and NAS) are connected through ethernet. The DHCP and DNS services are shut down on OpenWRT just like they were on the stock firmware from Netgear. I've tried to clone it as close to 1:1 as I can. I will return with the results of tcpdump as soon as I can.

1 Like
7

layout
layout1045×552 20.9 KB

8

Hi,

Actually br-lan was the name of the lan port on my router. Here is the output, started about 1 minute before I started copying (from the second capture)

root@OpenWrt:~# tcpdump -i br-lan -vvv dst port 53
tcpdump: listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
12:23:54.155501 IP (tos 0x0, ttl 128, id 36273, offset 0, flags [none], proto UDP (17), length 80)
    192.168.1.2.63190 > 192.168.1.1.53: [udp sum ok] 3830+ A? tile-service.weather.microsoft.com. (52)
12:24:37.435071 IP (tos 0x0, ttl 128, id 36276, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.55295 > 192.168.1.1.53: [udp sum ok] 37180+ AAAA? g.live.com. (28)
12:24:37.435452 IP (tos 0x0, ttl 128, id 36277, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.60194 > 192.168.1.1.53: [udp sum ok] 43444+ A? g.live.com. (28)
12:24:40.463261 IP (tos 0x0, ttl 128, id 36279, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.55295 > 192.168.1.1.53: [udp sum ok] 37180+ AAAA? g.live.com. (28)
12:24:44.487628 IP (tos 0x0, ttl 128, id 36281, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.55295 > 192.168.1.1.53: [udp sum ok] 37180+ AAAA? g.live.com. (28)
12:24:45.950665 IP (tos 0x0, ttl 128, id 36283, offset 0, flags [none], proto UDP (17), length 76)
    192.168.1.2.63823 > 192.168.1.1.53: [udp sum ok] 36189+ A? self.events.data.microsoft.com. (48)
12:24:45.950969 IP (tos 0x0, ttl 128, id 36284, offset 0, flags [none], proto UDP (17), length 76)
    192.168.1.2.64064 > 192.168.1.1.53: [udp sum ok] 27638+ AAAA? self.events.data.microsoft.com. (48)
12:24:54.929472 IP (tos 0x0, ttl 128, id 36286, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.50733 > 192.168.1.1.53: [udp sum ok] 39039+ A? arc.msn.com. (29)
12:24:54.929785 IP (tos 0x0, ttl 128, id 36287, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.61732 > 192.168.1.1.53: [udp sum ok] 8314+ AAAA? arc.msn.com. (29)
12:24:57.931198 IP (tos 0x0, ttl 128, id 36289, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.50733 > 192.168.1.1.53: [udp sum ok] 39039+ A? arc.msn.com. (29)
12:24:58.549886 IP (tos 0x0, ttl 128, id 36291, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.61411 > 192.168.1.1.53: [udp sum ok] 3686+ AAAA? g.live.com. (28)
12:24:58.550214 IP (tos 0x0, ttl 128, id 36292, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.60660 > 192.168.1.1.53: [udp sum ok] 22985+ A? g.live.com. (28)
12:25:01.565871 IP (tos 0x0, ttl 128, id 36294, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.61411 > 192.168.1.1.53: [udp sum ok] 3686+ AAAA? g.live.com. (28)
12:25:01.935752 IP (tos 0x0, ttl 128, id 36296, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.50733 > 192.168.1.1.53: [udp sum ok] 39039+ A? arc.msn.com. (29)
12:25:03.996746 IP (tos 0x0, ttl 128, id 36298, offset 0, flags [none], proto UDP (17), length 55)
    192.168.1.2.51763 > 192.168.1.1.53: [udp sum ok] 59223+ A? gmail.com. (27)
12:25:05.553807 IP (tos 0x0, ttl 128, id 36300, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.61411 > 192.168.1.1.53: [udp sum ok] 3686+ AAAA? g.live.com. (28)
12:25:07.029098 IP (tos 0x0, ttl 128, id 36302, offset 0, flags [none], proto UDP (17), length 55)
    192.168.1.2.51763 > 192.168.1.1.53: [udp sum ok] 59223+ A? gmail.com. (27)
12:25:11.029695 IP (tos 0x0, ttl 128, id 36304, offset 0, flags [none], proto UDP (17), length 55)
    192.168.1.2.51763 > 192.168.1.1.53: [udp sum ok] 59223+ A? gmail.com. (27)
12:25:15.064029 IP (tos 0x0, ttl 128, id 34003, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.57980 > dns.google.53: [udp sum ok] 3167+ A? google.com. (28)
12:25:16.078812 IP (tos 0x0, ttl 128, id 36307, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.57983 > 192.168.1.1.53: [udp sum ok] 50001+ A? google.com. (28)
12:25:18.264724 IP (tos 0x0, ttl 128, id 36311, offset 0, flags [none], proto UDP (17), length 61)
    192.168.1.2.59596 > 192.168.1.1.53: [udp sum ok] 25664+ A? ssl.gstatic.com. (33)
12:25:18.341939 IP (tos 0x0, ttl 128, id 36312, offset 0, flags [none], proto UDP (17), length 64)
    192.168.1.2.61338 > 192.168.1.1.53: [udp sum ok] 6457+ A? consent.google.com. (36)
12:25:18.604472 IP (tos 0x0, ttl 128, id 36315, offset 0, flags [none], proto UDP (17), length 61)
    192.168.1.2.49238 > 192.168.1.1.53: [udp sum ok] 29242+ A? www.gstatic.com. (33)
12:25:19.623658 IP (tos 0x0, ttl 128, id 36318, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.55714 > 192.168.1.1.53: [udp sum ok] 4443+ AAAA? g.live.com. (28)
12:25:19.623979 IP (tos 0x0, ttl 128, id 36317, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.60128 > 192.168.1.1.53: [udp sum ok] 64725+ A? g.live.com. (28)
12:25:21.276014 IP (tos 0x0, ttl 128, id 36320, offset 0, flags [none], proto UDP (17), length 61)
    192.168.1.2.59596 > 192.168.1.1.53: [udp sum ok] 25664+ A? ssl.gstatic.com. (33)
12:25:21.353235 IP (tos 0x0, ttl 128, id 36321, offset 0, flags [none], proto UDP (17), length 64)
    192.168.1.2.61338 > 192.168.1.1.53: [udp sum ok] 6457+ A? consent.google.com. (36)
12:25:21.615313 IP (tos 0x0, ttl 128, id 36324, offset 0, flags [none], proto UDP (17), length 61)
    192.168.1.2.49238 > 192.168.1.1.53: [udp sum ok] 29242+ A? www.gstatic.com. (33)
12:25:22.367881 IP (tos 0x0, ttl 128, id 36326, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.64718 > 192.168.1.1.53: [udp sum ok] 28438+ AAAA? arc.msn.com. (29)
12:25:22.368204 IP (tos 0x0, ttl 128, id 36327, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.58880 > 192.168.1.1.53: [udp sum ok] 44940+ A? arc.msn.com. (29)
12:25:22.630226 IP (tos 0x0, ttl 128, id 36329, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.55714 > 192.168.1.1.53: [udp sum ok] 4443+ AAAA? g.live.com. (28)
12:25:24.876206 IP (tos 0x0, ttl 128, id 36331, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.49661 > 192.168.1.1.53: [udp sum ok] 46820+ A? youtube.com. (29)
12:25:25.276557 IP (tos 0x0, ttl 128, id 36333, offset 0, flags [none], proto UDP (17), length 61)
    192.168.1.2.59596 > 192.168.1.1.53: [udp sum ok] 25664+ A? ssl.gstatic.com. (33)
12:25:25.354044 IP (tos 0x0, ttl 128, id 36334, offset 0, flags [none], proto UDP (17), length 64)
    192.168.1.2.61338 > 192.168.1.1.53: [udp sum ok] 6457+ A? consent.google.com. (36)
12:25:25.387926 IP (tos 0x0, ttl 128, id 36336, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.58880 > 192.168.1.1.53: [udp sum ok] 44940+ A? arc.msn.com. (29)
12:25:25.616169 IP (tos 0x0, ttl 128, id 36339, offset 0, flags [none], proto UDP (17), length 61)
    192.168.1.2.49238 > 192.168.1.1.53: [udp sum ok] 29242+ A? www.gstatic.com. (33)
12:25:26.635472 IP (tos 0x0, ttl 128, id 36341, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.55714 > 192.168.1.1.53: [udp sum ok] 4443+ AAAA? g.live.com. (28)
12:25:27.883947 IP (tos 0x0, ttl 128, id 36343, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.49661 > 192.168.1.1.53: [udp sum ok] 46820+ A? youtube.com. (29)
12:25:29.393840 IP (tos 0x0, ttl 128, id 36345, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.58880 > 192.168.1.1.53: [udp sum ok] 44940+ A? arc.msn.com. (29)
12:25:30.685171 IP (tos 0x0, ttl 128, id 36347, offset 0, flags [none], proto UDP (17), length 61)
    192.168.1.2.61338 > 192.168.1.1.53: [udp sum ok] 43711+ A? play.google.com. (33)
12:25:31.885586 IP (tos 0x0, ttl 128, id 36349, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.49661 > 192.168.1.1.53: [udp sum ok] 46820+ A? youtube.com. (29)
12:25:33.688572 IP (tos 0x0, ttl 128, id 36351, offset 0, flags [none], proto UDP (17), length 61)
    192.168.1.2.61338 > 192.168.1.1.53: [udp sum ok] 43711+ A? play.google.com. (33)
12:25:34.458602 IP (tos 0x0, ttl 128, id 36353, offset 0, flags [none], proto UDP (17), length 76)
    192.168.1.2.59117 > 192.168.1.1.53: [udp sum ok] 55713+ A? mobile.pipe.aria.microsoft.com. (48)
12:25:34.458943 IP (tos 0x0, ttl 128, id 36354, offset 0, flags [none], proto UDP (17), length 76)
    192.168.1.2.54732 > 192.168.1.1.53: [udp sum ok] 26641+ AAAA? mobile.pipe.aria.microsoft.com. (48)
12:25:35.925125 IP (tos 0x0, ttl 128, id 34004, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.54734 > dns.google.53: [udp sum ok] 42782+ A? google.com. (28)
12:25:36.940085 IP (tos 0x0, ttl 128, id 36357, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.54736 > 192.168.1.1.53: [udp sum ok] 14721+ A? google.com. (28)
12:25:37.692910 IP (tos 0x0, ttl 128, id 36359, offset 0, flags [none], proto UDP (17), length 61)
    192.168.1.2.61338 > 192.168.1.1.53: [udp sum ok] 43711+ A? play.google.com. (33)
12:25:40.711549 IP (tos 0x0, ttl 128, id 36361, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.64090 > 192.168.1.1.53: [udp sum ok] 45277+ AAAA? g.live.com. (28)
12:25:40.711870 IP (tos 0x0, ttl 128, id 36362, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.65330 > 192.168.1.1.53: [udp sum ok] 45966+ A? g.live.com. (28)
12:25:41.003737 IP (tos 0x0, ttl 128, id 36364, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.61660 > 192.168.1.1.53: [udp sum ok] 58852+ A? youtube.com. (29)
12:25:43.723319 IP (tos 0x0, ttl 128, id 36366, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.64090 > 192.168.1.1.53: [udp sum ok] 45277+ AAAA? g.live.com. (28)
12:25:43.723615 IP (tos 0x0, ttl 128, id 36367, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.65330 > 192.168.1.1.53: [udp sum ok] 45966+ A? g.live.com. (28)
12:25:44.002373 IP (tos 0x0, ttl 128, id 36369, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.61660 > 192.168.1.1.53: [udp sum ok] 58852+ A? youtube.com. (29)
12:25:47.727328 IP (tos 0x0, ttl 128, id 36372, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.65330 > 192.168.1.1.53: [udp sum ok] 45966+ A? g.live.com. (28)
12:25:47.727634 IP (tos 0x0, ttl 128, id 36373, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.64090 > 192.168.1.1.53: [udp sum ok] 45277+ AAAA? g.live.com. (28)
12:25:48.002987 IP (tos 0x0, ttl 128, id 36375, offset 0, flags [none], proto UDP (17), length 57)
    192.168.1.2.61660 > 192.168.1.1.53: [udp sum ok] 58852+ A? youtube.com. (29)
12:25:51.811600 IP (tos 0x0, ttl 128, id 36377, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.64839 > 192.168.1.1.53: [udp sum ok] 11228+ A? g.live.com. (28)
12:25:52.017891 IP (tos 0x0, ttl 128, id 34005, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.64841 > dns.google.53: [udp sum ok] 48143+ A? google.com. (28)
12:25:53.028666 IP (tos 0x0, ttl 128, id 36380, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.64842 > 192.168.1.1.53: [udp sum ok] 34430+ A? google.com. (28)
12:25:54.477590 IP (tos 0x0, ttl 128, id 36383, offset 0, flags [none], proto UDP (17), length 76)
    192.168.1.2.54116 > 192.168.1.1.53: [udp sum ok] 54225+ A? mobile.pipe.aria.microsoft.com. (48)
12:25:54.477914 IP (tos 0x0, ttl 128, id 36382, offset 0, flags [none], proto UDP (17), length 76)
    192.168.1.2.50814 > 192.168.1.1.53: [udp sum ok] 15717+ AAAA? mobile.pipe.aria.microsoft.com. (48)
12:25:54.830543 IP (tos 0x0, ttl 128, id 36385, offset 0, flags [none], proto UDP (17), length 56)
    192.168.1.2.64839 > 192.168.1.1.53: [udp sum ok] 11228+ A? g.live.com. (28)
^C
62 packets captured
62 packets received by filter
0 packets dropped by kernel
9

Traffic between your devices travels trough the router's internal switch, it does not even reach the 'br-lan' interface, or the router's CPU. As others pointed out, there is nothing OpenWrt or SQM can do here.

10

I can agree that SQM might not fix this issue, it was a wild guess. But pointing out that OpenWRT isn't part of the problem when it's the only factor in the equation that has changed before this issue emerged isn't logical.

11

Since the Pi-Hole is acting as a DHCP and DNS, you do not need the OpenWrt router at all, do you? Plug the computer directly on the switch, switch the router off, and tell us what happens then.

Of course, all this is only valid unless you made some weird configuration that you have not explained to us...

12

I use the router for, well, routing and as a default gateway. The pihole machine doesn't have enough ports to act like a router.

As mentioned before, everything works fine until I start copying over the local network. It just doesn't make sense to me and therefore I'm turning to the OpenWRT forums as the only thing that changed is the router firmware.

13

Here's another example:

  1. Starting copy, querying devices on local network (mapped by my DNS - PiHole)

  2. Output of nslookup from PC:

C:\Users\admin>nslookup docker.local
Server:  pi.hole
Address:  192.168.1.23

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    docker.local
Address:  192.168.1.136


C:\Users\admin>nslookup docker.local
Server:  pi.hole
Address:  192.168.1.23

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Name:    docker.local
Address:  192.168.1.136
  1. Stopping copy
  2. Output of nslookup from PC:
C:\Users\admin>nslookup docker.local
Server:  pi.hole
Address:  192.168.1.23

Name:    docker.local
Address:  192.168.1.136

But: after starting dnsmasq it seems to work fine. WAN speeds seem a bit choked (getting about 50/50 when copying), but it was better than before, DNS requests are now resolved. I have 100/100mbps and gigabit ethernet to all devices across the internal network. I don't know why dnsmasq needs to be running for this to work somewhat properly, but it does. Looking at both nslookup and wireshark, my pihole server at 192.168.1.23 is the resolver.

14

This is wrong.
Stop trying to resolve domain .local with nslookup.
The domain .local is reserved for mDNS and is not supposed to be resolved by any DNS server.
Change your home network to use some other domain, e.g. .lan.

1 Like
15

If you have NAS -> gigabit switch -> 10/100 switch -> PC I could see the switch choking trying to take gigabit from the NAS then reformat it to 100.

If it is the L2 network itself choking you could test it with pings instead of anything more complicated.

1 Like
16

Thanks for the information, I declared .local in my DNS as well as docker.local in the hosts file. Nonetheless, it's off-topic and still doesn't change the fact why copying chokes these requests when dnsmasq is off in openwrt.

17

That is true, though the connection goes like this:

NAS: PC ->Gigabit router (openwrt) -> Gigabit switch -> Hypervisor:NAS

WAN connections: PC -> Gigabit Router (openwrt) -> WAN

Copying to the NAS should logically not interfere or choke the outbound connection nor DNS queries like this.

18

I don't have any suggestion beside my first thought right after I saw the drawing with the bridged VM network (maybe misconfigured?) and the symptoms: Could it be switching loop?
Pls. ignore if it is completley nonsense. :smiley:

19

You do not need any routing to connect from the computer to the NAS and the PiHole. Just to rule out OpenWrt, you can plug the computer directly to the switxh, and test again.

2 Likes
20

It's not, it worked fine before.