Suddenly from nowhere can't resolve DNS?

castigato · May 27, 2023, 12:40am

I can't understand what happened sincerely.
Basically i was watching a video on YouTube and suddenly i had no connection apparently because of DNS problems.
Everything was fine till this problem...
If i put the DNS manually on Windows 11 settings, everything works again.

I didn't touch anything on Luci configuration of OpenWRT, use DNS advertised by peer still checked and still have them in the "overview" network part (8.8.8.8 and 1.1.1.1).

I can ping both and the ethernet shows is connected and i have access.

Why? Belkin RT3200

psherman · May 27, 2023, 12:43am

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board 
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

slh · May 27, 2023, 1:27am

The most common reasons for that would include either a rogue DHCPd being active in your network or a syntax error in your configuration, either preventing dnsmasq from starting up.

castigato · May 27, 2023, 8:57am

Sorry was 3am and needed to sleep.

{
        "kernel": "5.10.161",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "Linksys E8450 (UBI)",
        "board_name": "linksys,e8450-ubi",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.3",
                "revision": "r20028-43d71ad93e",
                "target": "mediatek/mt7622",
                "description": "OpenWrt 22.03.3 r20028-43d71ad93e"
        }
}

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'REDACTED?'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option proto 'pppoe'
        option username 'REDACTED'
        option password 'REDACTED'
        option ipv6 'auto'
        option device 'wan.835'

config device
        option name 'wan'

config device
        option name 'pppoe-wan'
        option type 'tunnel'

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/18000000.wmac'
        option band '2g'
        option cell_density '0'
        option country 'IT'
        option htmode 'HT20'
        option channel '6'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'REDACTED'
        option encryption 'psk2'
        option key 'REDACTED'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option band '5g'
        option htmode 'HE80'
        option cell_density '0'
        option country 'IT'
        option channel '52'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'REDACTED'
        option encryption 'psk2'
        option key 'REDACTED'

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option synflood_protect '1'
        option flow_offloading '1'
        option flow_offloading_hw '1'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option masq '1'
        option mtu_fix '1'
        option input 'REJECT'
        option output 'REJECT'
        option forward 'REJECT'
        list network 'wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

castigato · May 27, 2023, 8:59am

But everything was working as normal, i was just watching a video and surfing normally

NPeca75 · May 27, 2023, 9:28am

Hi

which DNS you put manually ?

castigato · May 27, 2023, 10:02am

Hello, the same as written in the network overview, the ISP PPPoE ones: 8.8.8.8 and 1.1.1.1

NPeca75 · May 27, 2023, 10:04am

Ok

is there any chance to see on Win11 what is actual DNS server when DNS start to fail ?
sorry, windows is not my OS
look at both record, IPv4 and IPv6 DNS servers when DNS stop working

maybe you have some device in your network which start to advertize false DNS servers

castigato · May 27, 2023, 10:05am

I was just checking, the dns showed is 192.168.1.1

NPeca75 · May 27, 2023, 10:08am

hmmm

next time when DNS fail, could you try to execute on win11 cmd / dos prompt

nslookup www.google.com 192.168.1.1

answer should be similar to this

Server:         192.168.1.1
Address:        192.168.1.1#53

Non-authoritative answer:
Name:   www.google.com
Address: 142.251.208.132
Name:   www.google.com
Address: 2a00:1450:400d:803::2004

castigato · May 27, 2023, 10:16am

I'll do it in a minute, because is permanently failing from yesterday night i just need to put off the manually entered dns (Automatic DHCP)
immagine

Anyway the command doesn't run:
immagine

Translation: OpenWrt.lan can't find www.google.com: Query refused

NPeca75 · May 27, 2023, 10:20am

could you logon on router and from there

ping www.google.com

castigato · May 27, 2023, 10:21am

Fun strange fact:
i can actually post replies here with those DNS problems lol

castigato · May 27, 2023, 10:26am

I can even navigate and browse forum.openwrt.org with Automatic DNS, even in new tabs.
But only this forum works?!

NPeca75 · May 27, 2023, 10:27am

yes, because your PC have a DNS cache

now, please logon to router and from there

ping www.google.com

castigato · May 27, 2023, 10:27am

immagine

NPeca75 · May 27, 2023, 10:30am

go to Luci

system -> startup

find a DNSMASQ service
and try to STOP / START

castigato · May 27, 2023, 10:34am

It seems it can't be disabled. If i stop it nothing happens. I've tried restart but still fail pinging addresses

NPeca75 · May 27, 2023, 10:34am

well, it is time to dig in LOGs and see what is a reason for faling DNS

castigato · May 27, 2023, 10:42am

I think i found the logs, i have tons of:
daemon.err odhcp6c[4266]: Failed to send SOLICIT message to ff02::1:2 (Operation not permitted)

Those are a block of lines repeating:

Sat May 27 12:07:52 2023 daemon.info dnsmasq[1]: exiting on receipt of SIGTERM
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: started, version 2.86 cachesize 150
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: DNS service limited to local subnets
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Sat May 27 12:07:55 2023 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for test
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for local
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: reading /tmp/resolv.conf.d/resolv.conf.auto
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using nameserver 8.8.8.8#53
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using nameserver 1.1.1.1#53
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for test
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for local
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: read /etc/hosts - 4 addresses
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Sat May 27 12:07:55 2023 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 3 addresses
Sat May 27 12:07:55 2023 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Sat May 27 12:08:58 2023 daemon.err odhcp6c[4266]: Failed to send SOLICIT message to ff02::1:2 (Operation not permitted)