OpenWrt will not resolve amazonaws.com

I had a problem a year or two ago with rebind, and rebind_protection is set to 0. I have now encountered another weird error: when at home going through OpenWrt, I cannot download https://github.com/Microsoft/artifacts-credprovider/releases/latest/download/Microsoft.NuGet.CredentialProvider.tar.gz

It ends up redirecting to amazonaws.com.

I have tried various troubleshooting on connected computers, but I figured I would ssh into OpenWrt to see what it does. It cannot resolve unless I specify google or some other DNS on the cli.

root@R7800:/# nslookup amazonaws.com
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find amazonaws.com: NXDOMAIN
** server can't find amazonaws.com: NXDOMAIN
root@R7800:/# nslookup amazonaws.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Name:      amazonaws.com
Address 1: 72.21.206.80
Address 2: 207.171.166.22
Address 3: 72.21.210.29
*** Can't find amazonaws.com: No answer

At this point, I put in google's 8.8.8.8 at the top of OpenWrt's DNS configuration, but it still won't resolve normally (only if I do an nslookup with the DNS IP specified, and that works both ssh'ed in and on clients).

Can someone please help me?

Please post here the output of the following command, copy and paste the whole block:

uci show dhcp; \
ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
1 Like
> ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].serversfile='/tmp/adb_list.overall'
dhcp.@dnsmasq[0].rebind_protection='0'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='10m'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dhcp.@host[0]=host
dhcp.@host[0].name='minerserver'
dhcp.@host[0].dns='1'
dhcp.@host[0].mac='E0:CB:4E:F6:B5:F6'
dhcp.@host[0].ip='192.168.1.150'
dhcp.@host[0].leasetime='12h'
dhcp.@host[0].duid='0001000121470ee8e0cb4ef6b5f6'
dhcp.@host[0].hostid='fdb8:d8e4:6f5c'
dhcp.@domain[0]=domain
dhcp.@host[1]=host
dhcp.@host[1].name='xxxxx-US-LE2'
dhcp.@host[1].dns='1'
dhcp.@host[1].mac='F8:CA:B8:66:96:AE'
dhcp.@host[1].ip='192.168.1.200'
dhcp.@host[1].leasetime='12h'
dhcp.@host[1].duid='00010001248b4542c8f7507f7339'
dhcp.@host[1].hostid='fdb8:d8e4:6f5c'
dhcp.@host[2]=host
dhcp.@host[2].name='xxxxx-US-LE2'
dhcp.@host[2].dns='1'
dhcp.@host[2].mac='C8:F7:50:7F:73:39'
dhcp.@host[2].ip='192.168.1.201'
dhcp.@host[2].leasetime='12h'
dhcp.@host[2].duid='00010001248b4542c8f7507f7339'
dhcp.@host[2].hostid='fdb8:d8e4:6f5c'
lrwxrwxrwx    1 root     root            16 Aug 16  2018 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            32 Oct 28 11:13 /tmp/resolv.conf
-rw-r--r--    1 root     root           202 Oct 28 11:42 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver 8.8.8.8
nameserver 9.9.9.9
nameserver 84.200.69.80
nameserver 149.112.112.112
nameserver 84.200.70.40
# Interface wan6
nameserver 2001:558:feed::1
nameserver 2001:558:feed::2
root@R7800:~#

@mtrtm, welcome to the community!

This is set to prevent a DNS server giving a Private IP as a reply. It's s security feature on be default in OpenWrt. Rebind is likely unrelated to this issue.

Odd, I don't get a redirection.

  • Do you have any rules to redirect DNS requests?
  • What's your LAN and WAN config?

To the exception of these two servers, which could not be reached, all other IPv4 NS replied to me something.
Do you have some adblocking software by any chance?

It did for me too:

root@koutsomoura:/tmp# wget https://github.com/Microsoft/artifacts-credprovider/releases/latest/download/Microsoft.NuGet.CredentialProvider.tar.gz
Downloading 'https://github.com/Microsoft/artifacts-credprovider/releases/latest/download/Microsoft.NuGet.CredentialProvider.tar.gz'
Connecting to 140.82.118.3:443
Redirected to /Microsoft/artifacts-credprovider/releases/download/v0.1.19/Microsoft.NuGet.CredentialProvider.tar.gz on github.com
Redirected to /137821967/f5650d00-e5c1-11e9-883e-eb2efdea787c?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20191028%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20191028T184451Z&X-Amz-Expires=300&X-Amz-Signature=927203a8916e0ea5ff8eb5661b83785fe3f7786ad89faad2d6a1dc2d8e7628dd&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DMicrosoft.NuGet.CredentialProvider.tar.gz&response-content-type=application%2Foctet-stream on github-production-release-asset-2e65be.s3.amazonaws.com
Writing to 'f5650d00-e5c1-11e9-883e-eb2efdea787c?X-Amz-Algorithm=AWS4-HMAC-SHA256'
f5650d00-e5c1-11e9-8 100% |*******************************|  3099k  0:00:00 ETA
Download completed (3174216 bytes)
2 Likes

I stand corrected, it did redirect for me.

Shoot - I didn't even think it was adblock, disabling adblock fixed the issue. Problem solved.

3 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.