Some sites don't resolve properly

Hi there,

I have been using Quad9's DNS servers configured as the default for the WAN interface on my router. For months it worked without any particular issue.

However, now some very common sites can't be found, namely theguardian.com and reddit.com.

I tried changing 9.9.9.9 to 9.9.9.10 (plus the secondary and IPv6 servers) just in case the former ones had these sites blocked, but for some reason, OpenWrt refuses to accept them, even after a router reboot. It still assumes 9.9.9.9.

OpenWrt version 22.03.5.

Any idea why OpenWrt doesn't take the new DNS into account?

That's very strange. I have been using quad9 exclusively for several years, and I have not seen that behavior. I just checked both reddit and Guardian, both come up fine. Can you do a dig or nslookup -debug from one of the affected clients?

Here are the four address I use for upstream from stubby:

        option address 9.9.9.9
        option address 149.112.112.112
        option address 2620:fe::9
        option address 2620:fe::fe

After surfing to theguardian.com in FireFox, I looked it up, no issues.

; <<>> DiG 9.16.1-Ubuntu <<>> theguardian.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44739
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;theguardian.com.               IN      A

;; ANSWER SECTION:
theguardian.com.        3426    IN      A       151.101.1.111
theguardian.com.        3426    IN      A       151.101.65.111
theguardian.com.        3426    IN      A       151.101.129.111
theguardian.com.        3426    IN      A       151.101.193.111

;; Query time: 0 msec
;; SERVER: 10.1.1.1#53(10.1.1.1)
;; WHEN: Tue Oct 17 17:32:52 PDT 2023
;; MSG SIZE  rcvd: 108
1 Like

Those are the same addresses I had set previously (forgot the IPv6 but added them later).

Here is my result:

$ dig theguardian.com

; <<>> DiG 9.10.6 <<>> theguardian.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64334
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;theguardian.com.		IN	A

;; ANSWER SECTION:
theguardian.com.	3581	IN	A	151.101.1.111
theguardian.com.	3581	IN	A	151.101.129.111
theguardian.com.	3581	IN	A	151.101.65.111
theguardian.com.	3581	IN	A	151.101.193.111

;; Query time: 104 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Oct 17 21:29:32 EDT 2023
;; MSG SIZE  rcvd: 108

and

$ nslookup -debug theguardian.com
Server:		192.168.1.1
Address:	192.168.1.1#53

------------
    QUESTIONS:
	theguardian.com, type = A, class = IN
    ANSWERS:
    ->  theguardian.com
	internet address = 151.101.193.111
	ttl = 3381
    ->  theguardian.com
	internet address = 151.101.1.111
	ttl = 3381
    ->  theguardian.com
	internet address = 151.101.129.111
	ttl = 3381
    ->  theguardian.com
	internet address = 151.101.65.111
	ttl = 3381
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name:	theguardian.com
Address: 151.101.193.111
Name:	theguardian.com
Address: 151.101.1.111
Name:	theguardian.com
Address: 151.101.129.111
Name:	theguardian.com
Address: 151.101.65.111

In other words, the domain names are properly resolved to IP adresses, but these don't load at all. What should I be looking for in the browser's console?

What error does it show when the site doesn't load?
Have you tried with private/incognito browsing mode?
Have you tried with another browser?
Have you tried from a different device?

2 Likes

It simply shows that the website can't be found
In incognito mode, same result
Other browsers, same result.
All devices have the same issue when connected to the same LAN

You can first try to ping and traceroute theguardian dot com from the pc command line. Both should work.

2 Likes

And maybe rule out that it's a browser issue with some other tool? I ran this on one of my workstations:

$ wget -O xx https://www.theguardian.com/
--2023-10-18 10:23:13--  https://www.theguardian.com/
Resolving www.theguardian.com (www.theguardian.com)... 2a04:4e42:6::367, 199.232.93.111
Connecting to www.theguardian.com (www.theguardian.com)|2a04:4e42:6::367|:443... connected.
HTTP request sent, awaiting response... 302
Location: /us [following]
--2023-10-18 10:23:13--  https://www.theguardian.com/us
Connecting to www.theguardian.com (www.theguardian.com)|2a04:4e42:6::367|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 943037 (921K) [text/html]
Saving to: ‘xx’

xx                                                100%[=============================================================================================================>] 920.93K  --.-KB/s    in 0.07s

2023-10-18 10:23:13 (12.9 MB/s) - ‘xx’ saved [943037/943037]
2 Likes

I would look for MTU issue then.
A quick test, lower MTU to 1400 on wan interface just to exclude this possible issue and test.
what is the output of this:

curl -Ik https://nonworkingsite.example
1 Like

In the meantime, these same sites now load properly. I guess that was a transient issue.

Thanks anyway for the debug steps, I'll bookmark this topic.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.