DNS - Stumped Again

Just to clarify

Pinging isn't an issue, it's DNS that is the issue?

And you've 100% confirmed that the dnscrypt-proxy2 configuration is correct, and that the servers it is using to make the (encrypted) DNS are fully functional?

Not at all - I knew what I was getting into.

I build new every 2-4 weeks on average - new defconfig->(.config). Nothing changes typically. Anything I change/add in current gets added to .config via nconfig for the next build or ./files.

How do you explain that a 23 day uptime run suddenly fails?

one explanation: the servers used by dnscrypt-proxy2 are not running - but you've done that troubleshooting and found nothing wrong

Affirmative. .toml date is 9/21. I'm running on my ISP New Guy setup. Everything hooked to my switch, uplink to their modem, their DNS . . . , whatever, out of ~80 dnscrpt-proxy resolvers, I get a response from the first random 5. all are TIME OUT's on OpenWrt, I can try a few more if you want, but I can get to them ( as well as the relays URL's).

DNS is the issue? - trying to figure that out, but all the players seem to be in place.

I'm confused... you are saying it is DNS, but you were not even able to ping any IP addresses (such as That points to a more fundamental problem of connectivity. DNS, of course, won't work in that context -- I'd recommend resolving the general connectivity issue first so that you can ping via IP. Am I missing something?

1 Like

The standard ISP support usually demands you connect a real pc directly to their delivery point when this happens and check if it then works?

That is the only way to know if the fault is in ISP or home network.

he never said that ... he just said he can't ping anything outside - without specifying if he was using a hostname or an IP address ... the lack of detail makes his issue confusing to say the least.

Undoubtedly, it will end up a simple issue

You're right, the OP did not explicitly say that ping via IP was not working. I asked for that test and the response was:

I assumed that it was in response to my question about issuing ping from the router.
@RuralRoots - can you clarify?

I mean, if it turns out pinging fails, then it's not a DNS issue at all

1 Like

Exactly why I had asked for this test.

All local devices have static leases - infinite
boot to OpenWrt router:
I get ISP lease - I call SSH
I ping - Nadda
I ping google.com - Nadda
I ping - Response - no loss
I ping HP_ProBook.lan/localnet - Response - no loss
I ping Dnscrypt Resolver - Nadda
I ping dnscrypt resolver IP - Nadda
DNS works - sort of.

I move external switch uplink from 1900ACS WAN to ISP modem.
All devices connect, all devices have internet access - DHCP.
I ping - Reponse
I ping google.com - Response
I ping - Response - no loss
I ping HP_ProBook.lan/localnet - Response - no loss
DNS works via ISP - all.

Cool your jets gentlemen. It's coming up to +3AM local and I fear my probably inane blubberings are not being conducive. I need some time to digest/assimilate all the above and get my head around your responses - Soon.

How have you actually physical set up this rig? Do you have modem-router-switch or modem-switch-router?
Shouldn’t the switch be connected to a router lan port?
If you have switch to wan you will run it trough firewall on a normal setup and then everything is blocked like you say?

Of course you can run modem to switch and then internet bidirectional on one port/cable to router and back. But that vlan config in switch won’t work if you just move the switch uplink cable from router to modem.

I'd be interested seeing a WireShark trace during an outside ping attempt.

1 Like

Right, so it's not a DNS issue at all - it's maybe a routing issue

Not sure why any "jets" need "cooling" - do you know what that phrase means? Nobody needs to calm down - everyone is cool, calm and collected trying to help

Well he probably has pinged the whole world or at least the ISP network?
When I before used to log firewall dropped packages it actually sometimes catched as scr IP and I don’t have that IP…
This is usually explained as miss configured networks close by.

I guess he got exhausted and said it before falling asleep.

But this is kind of a global forum where the sun always shines somewhere so someone always have day or night.

1 Like

So as stated a few times now (and why I asked back in #6), this is a general connectivity issue, not DNS specific.

Please draw a diagram of your network topology -- maybe 2 diagrams (1 with the configuration in question, the other with a setup that appears to work).

1 Like

My apologies folks. Frankly I was overly tired and the pace of the conversation and queries overwhelmed my state of mind atm. I respect and welcome all of your comments and suggestions.

Normal setup : I run a 10. network scheme. I have a GS308T - OOTB other than enabling SNMP and setting IP. Port 1 is patched to 1900ACS Lan port (my 'Uplink'). WAN port of 1900ACS is patched to ISP router. A WiFi AP goes to port 2 of switch for IOT/Guest/Trusted on different subnets ( - - and my NetMon, Main, and DevBox machines connect by wire to switch ports 3-5. I really don't need vlans in my use case - its worked without hiccup for over a year. I build over-night, flash it, login - same old, same old and life continues normally.

I use a host file and static DHCP leases for everything I trust.

ATM and to get here, I move uplink from 1900ACS to ISP modem and change my trusted devices to use DHCP/DNS from the ISP.

I'm out of my depth. You're right, it's not DNS specific. As said, I can get to everything on my localnet - IP or hostname.

Could you draw this, please. I'm having a hard time understanding the physical configuration.

1 Like

Make sense? Guest on - IOT on - Trusted on DHCP on all IOT/Guest access. Wired/wifi trusted devices on static lease.