Update APU1D from 21.02.1 to 22.03.0 (DNS resolution does not work)

sharbich · September 23, 2022, 5:19am

Hello,
I have updated my board from version 21.02.1 to version 22.03.0. Reinstalled the existing packages and restored the saved configuration.
Now the DNS resolution of internet domains fails. The internal resolution works.
I get the following error messages:

22:41:33.838281 IP (tos 0x0, ttl 64, id 44009, offset 0, flags [none], proto UDP (17), length 142)
    dsme01.intern.example.com.53 > 192.168.10.133.40317: [udp sum ok] 10097 NXDomain q: A? spectrum.s3.amazonaws.com.intern.example.com. 0/1/0 ns: intern.example.com. [44m50s] SOA dsme01.intern.example.com. postmaster.example.com. 0 1800 3600 604800 84600 (114)
22:41:33.838303 IP (tos 0x0, ttl 63, id 44009, offset 0, flags [none], proto UDP (17), length 142)
    dsme01.intern.example.com.53 > 192.168.10.133.40317: [udp sum ok] 10097 NXDomain q: A? spectrum.s3.amazonaws.com.intern.example.com. 0/1/0 ns: intern.example.com. [44m50s] SOA dsme01.intern.example.com. postmaster.example.com. 0 1800 3600 604800 84600 (114)
22:41:33.838620 IP (tos 0x0, ttl 64, id 53429, offset 0, flags [DF], proto UDP (17), length 88)
    192.168.10.133.40317 > dsme01.intern.example.com.53: [udp sum ok] 62318+ AAAA? spectrum.s3.amazonaws.com.intern.example.com. (60)
22:41:33.838641 IP (tos 0x0, ttl 63, id 53429, offset 0, flags [DF], proto UDP (17), length 88)
    192.168.10.133.40317 > dsme01.intern.example.com.53: [udp sum ok] 62318+ AAAA? spectrum.s3.amazonaws.com.intern.example.com. (60)
22:41:33.838937 IP (tos 0x0, ttl 64, id 44010, offset 0, flags [none], proto UDP (17), length 142)
    dsme01.intern.example.com.53 > 192.168.10.133.40317: [udp sum ok] 62318 NXDomain q: AAAA? spectrum.s3.amazonaws.com.intern.example.com. 0/1/0 ns: intern.example.com. [44m50s] SOA dsme01.intern.example.com. postmaster.example.com. 0 1800 3600 604800 84600 (114)
22:41:33.838958 IP (tos 0x0, ttl 63, id 44010, offset 0, flags [none], proto UDP (17), length 142)
    dsme01.intern.example.com.53 > 192.168.10.133.40317: [udp sum ok] 62318 NXDomain q: AAAA? spectrum.s3.amazonaws.com.intern.example.com. 0/1/0 ns: intern.example.com. [44m50s] SOA dsme01.intern.example.com. postmaster.example.com. 0 1800 3600 604800 84600 (114)
22:41:34.040526 IP (tos 0x0, ttl 64, id 53442, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.43727 > dsme01.intern.example.com.53: [udp sum ok] 43837+ A? spectrum.s3.amazonaws.com. (43)
22:41:34.040671 IP (tos 0x0, ttl 63, id 53442, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.43727 > dsme01.intern.example.com.53: [udp sum ok] 43837+ A? spectrum.s3.amazonaws.com. (43)
22:41:34.040945 IP (tos 0x0, ttl 64, id 53443, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.43727 > dsme01.intern.example.com.53: [udp sum ok] 11562+ AAAA? spectrum.s3.amazonaws.com. (43)
22:41:34.041039 IP (tos 0x0, ttl 63, id 53443, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.43727 > dsme01.intern.example.com.53: [udp sum ok] 11562+ AAAA? spectrum.s3.amazonaws.com. (43)
22:41:34.041130 IP (tos 0x0, ttl 64, id 44050, offset 0, flags [none], proto UDP (17), length 92)
    dsme01.intern.example.com.53 > 192.168.10.133.43727: [udp sum ok] 43837 ServFail q: A? spectrum.s3.amazonaws.com. 1/0/0 spectrum.s3.amazonaws.com. [3h59m39s] CNAME s3-1-w.amazonaws.com. (64)
22:41:34.041158 IP (tos 0x0, ttl 63, id 44050, offset 0, flags [none], proto UDP (17), length 92)
    dsme01.intern.example.com.53 > 192.168.10.133.43727: [udp sum ok] 43837 ServFail q: A? spectrum.s3.amazonaws.com. 1/0/0 spectrum.s3.amazonaws.com. [3h59m39s] CNAME s3-1-w.amazonaws.com. (64)
22:41:34.041375 IP (tos 0x0, ttl 64, id 44051, offset 0, flags [none], proto UDP (17), length 92)
    dsme01.intern.example.com.53 > 192.168.10.133.43727: [udp sum ok] 11562 ServFail q: AAAA? spectrum.s3.amazonaws.com. 1/0/0 spectrum.s3.amazonaws.com. [3h59m42s] CNAME s3-1-w.amazonaws.com. (64)
22:41:34.041402 IP (tos 0x0, ttl 63, id 44051, offset 0, flags [none], proto UDP (17), length 92)
    dsme01.intern.example.com.53 > 192.168.10.133.43727: [udp sum ok] 11562 ServFail q: AAAA? spectrum.s3.amazonaws.com. 1/0/0 spectrum.s3.amazonaws.com. [3h59m42s] CNAME s3-1-w.amazonaws.com. (64)
22:41:34.042435 IP (tos 0x0, ttl 64, id 53444, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.43727 > dsme01.intern.example.com.53: [udp sum ok] 43837+ A? spectrum.s3.amazonaws.com. (43)
22:41:34.042471 IP (tos 0x0, ttl 63, id 53444, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.43727 > dsme01.intern.example.com.53: [udp sum ok] 43837+ A? spectrum.s3.amazonaws.com. (43)
22:41:34.042621 IP (tos 0x0, ttl 64, id 53445, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.43727 > dsme01.intern.example.com.53: [udp sum ok] 11562+ AAAA? spectrum.s3.amazonaws.com. (43)
22:41:34.042642 IP (tos 0x0, ttl 63, id 53445, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.43727 > dsme01.intern.example.com.53: [udp sum ok] 11562+ AAAA? spectrum.s3.amazonaws.com. (43)
22:41:34.042734 IP (tos 0x0, ttl 64, id 44052, offset 0, flags [none], proto UDP (17), length 92)
    dsme01.intern.example.com.53 > 192.168.10.133.43727: [udp sum ok] 43837 ServFail q: A? spectrum.s3.amazonaws.com. 1/0/0 spectrum.s3.amazonaws.com. [3h59m39s] CNAME s3-1-w.amazonaws.com. (64)
22:41:34.042760 IP (tos 0x0, ttl 63, id 44052, offset 0, flags [none], proto UDP (17), length 92)
    dsme01.intern.example.com.53 > 192.168.10.133.43727: [udp sum ok] 43837 ServFail q: A? spectrum.s3.amazonaws.com. 1/0/0 spectrum.s3.amazonaws.com. [3h59m39s] CNAME s3-1-w.amazonaws.com. (64)
22:41:34.042906 IP (tos 0x0, ttl 64, id 44053, offset 0, flags [none], proto UDP (17), length 92)
    dsme01.intern.example.com.53 > 192.168.10.133.43727: [udp sum ok] 11562 ServFail q: AAAA? spectrum.s3.amazonaws.com. 1/0/0 spectrum.s3.amazonaws.com. [3h59m42s] CNAME s3-1-w.amazonaws.com. (64)
22:41:34.042931 IP (tos 0x0, ttl 63, id 44053, offset 0, flags [none], proto UDP (17), length 92)
    dsme01.intern.example.com.53 > 192.168.10.133.43727: [udp sum ok] 11562 ServFail q: AAAA? spectrum.s3.amazonaws.com. 1/0/0 spectrum.s3.amazonaws.com. [3h59m42s] CNAME s3-1-w.amazonaws.com. (64)
22:41:34.047173 IP (tos 0x0, ttl 64, id 53446, offset 0, flags [DF], proto UDP (17), length 88)
    192.168.10.133.38641 > dsme01.intern.example.com.53: [udp sum ok] 13307+ A? spectrum.s3.amazonaws.com.intern.example.com. (60)
22:41:34.047232 IP (tos 0x0, ttl 63, id 53446, offset 0, flags [DF], proto UDP (17), length 88)
    192.168.10.133.38641 > dsme01.intern.example.com.53: [udp sum ok] 13307+ A? spectrum.s3.amazonaws.com.intern.example.com. (60)
22:41:34.047553 IP (tos 0x0, ttl 64, id 44054, offset 0, flags [none], proto UDP (17), length 142)
    dsme01.intern.example.com.53 > 192.168.10.133.38641: [udp sum ok] 13307 NXDomain q: A? spectrum.s3.amazonaws.com.intern.example.com. 0/1/0 ns: intern.example.com. [44m49s] SOA dsme01.intern.example.com. postmaster.example.com. 0 1800 3600 604800 84600 (114)
22:41:34.047650 IP (tos 0x0, ttl 63, id 44054, offset 0, flags [none], proto UDP (17), length 142)
    dsme01.intern.example.com.53 > 192.168.10.133.38641: [udp sum ok] 13307 NXDomain q: A? spectrum.s3.amazonaws.com.intern.example.com. 0/1/0 ns: intern.example.com. [44m49s] SOA dsme01.intern.example.com. postmaster.example.com. 0 1800 3600 604800 84600 (114)
22:41:34.049354 IP (tos 0x0, ttl 64, id 53447, offset 0, flags [DF], proto UDP (17), length 88)
    192.168.10.133.38641 > dsme01.intern.example.com.53: [udp sum ok] 21708+ AAAA? spectrum.s3.amazonaws.com.intern.example.com. (60)
22:41:34.049393 IP (tos 0x0, ttl 63, id 53447, offset 0, flags [DF], proto UDP (17), length 88)
    192.168.10.133.38641 > dsme01.intern.example.com.53: [udp sum ok] 21708+ AAAA? spectrum.s3.amazonaws.com.intern.example.com. (60)
22:41:34.049713 IP (tos 0x0, ttl 64, id 44055, offset 0, flags [none], proto UDP (17), length 142)
    dsme01.intern.example.com.53 > 192.168.10.133.38641: [udp sum ok] 21708 NXDomain q: AAAA? spectrum.s3.amazonaws.com.intern.example.com. 0/1/0 ns: intern.example.com. [44m49s] SOA dsme01.intern.example.com. postmaster.example.com. 0 1800 3600 604800 84600 (114)
22:41:34.049807 IP (tos 0x0, ttl 63, id 44055, offset 0, flags [none], proto UDP (17), length 142)
    dsme01.intern.example.com.53 > 192.168.10.133.38641: [udp sum ok] 21708 NXDomain q: AAAA? spectrum.s3.amazonaws.com.intern.example.com. 0/1/0 ns: intern.example.com. [44m49s] SOA dsme01.intern.example.com. postmaster.example.com. 0 1800 3600 604800 84600 (114)
22:41:34.120189 IP (tos 0x0, ttl 128, id 10512, offset 0, flags [none], proto UDP (17), length 75)
    192.168.30.66.62131 > dsme01.intern.example.com.53: [udp sum ok] 45141+ A? ic3.events.data.microsoft.com. (47)
22:41:34.120284 IP (tos 0x0, ttl 127, id 10512, offset 0, flags [none], proto UDP (17), length 75)
    192.168.30.66.62131 > dsme01.intern.example.com.53: [udp sum ok] 45141+ A? ic3.events.data.microsoft.com. (47)
22:41:34.120298 IP (tos 0x0, ttl 128, id 10513, offset 0, flags [none], proto UDP (17), length 75)
    192.168.30.66.52083 > dsme01.intern.example.com.53: [udp sum ok] 39873+ AAAA? ic3.events.data.microsoft.com. (47)
22:41:34.120321 IP (tos 0x0, ttl 127, id 10513, offset 0, flags [none], proto UDP (17), length 75)
    192.168.30.66.52083 > dsme01.intern.example.com.53: [udp sum ok] 39873+ AAAA? ic3.events.data.microsoft.com. (47)
22:41:34.120988 IP (tos 0x0, ttl 64, id 52121, offset 0, flags [none], proto UDP (17), length 71)
    dsme01.intern.example.com.53 > 192.168.20.1.34189: [udp sum ok] 56707 ServFail q: PTR? 1.48.254.199.in-addr.arpa. 0/0/0 (43)
22:41:34.121116 IP (tos 0x0, ttl 64, id 52122, offset 0, flags [none], proto UDP (17), length 71)
    dsme01.intern.example.com.53 > 192.168.20.1.34189: [udp sum ok] 56707 ServFail q: PTR? 1.48.254.199.in-addr.arpa. 0/0/0 (43)
22:41:34.121214 IP (tos 0x0, ttl 64, id 52123, offset 0, flags [none], proto UDP (17), length 71)
    dsme01.intern.example.com.53 > 192.168.20.1.34189: [udp sum ok] 56707 ServFail q: PTR? 1.48.254.199.in-addr.arpa. 0/0/0 (43)
22:41:34.237324 IP (tos 0x0, ttl 64, id 53460, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.35685 > dsme01.intern.example.com.53: [udp sum ok] 26748+ A? spectrum.s3.amazonaws.com. (43)
22:41:34.237468 IP (tos 0x0, ttl 63, id 53460, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.35685 > dsme01.intern.example.com.53: [udp sum ok] 26748+ A? spectrum.s3.amazonaws.com. (43)
22:41:34.237823 IP (tos 0x0, ttl 64, id 44074, offset 0, flags [none], proto UDP (17), length 92)
    dsme01.intern.example.com.53 > 192.168.10.133.35685: [udp sum ok] 26748 ServFail q: A? spectrum.s3.amazonaws.com. 1/0/0 spectrum.s3.amazonaws.com. [3h59m39s] CNAME s3-1-w.amazonaws.com. (64)
22:41:34.237929 IP (tos 0x0, ttl 63, id 44074, offset 0, flags [none], proto UDP (17), length 92)
    dsme01.intern.example.com.53 > 192.168.10.133.35685: [udp sum ok] 26748 ServFail q: A? spectrum.s3.amazonaws.com. 1/0/0 spectrum.s3.amazonaws.com. [3h59m39s] CNAME s3-1-w.amazonaws.com. (64)
22:41:34.238035 IP (tos 0x0, ttl 64, id 53461, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.35685 > dsme01.intern.example.com.53: [udp sum ok] 43687+ AAAA? spectrum.s3.amazonaws.com. (43)
22:41:34.238063 IP (tos 0x0, ttl 63, id 53461, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.35685 > dsme01.intern.example.com.53: [udp sum ok] 43687+ AAAA? spectrum.s3.amazonaws.com. (43)
22:41:34.238326 IP (tos 0x0, ttl 64, id 44075, offset 0, flags [none], proto UDP (17), length 92)
    dsme01.intern.example.com.53 > 192.168.10.133.35685: [udp sum ok] 43687 ServFail q: AAAA? spectrum.s3.amazonaws.com. 1/0/0 spectrum.s3.amazonaws.com. [3h59m42s] CNAME s3-1-w.amazonaws.com. (64)
22:41:34.238360 IP (tos 0x0, ttl 63, id 44075, offset 0, flags [none], proto UDP (17), length 92)
    dsme01.intern.example.com.53 > 192.168.10.133.35685: [udp sum ok] 43687 ServFail q: AAAA? spectrum.s3.amazonaws.com. 1/0/0 spectrum.s3.amazonaws.com. [3h59m42s] CNAME s3-1-w.amazonaws.com. (64)
22:41:34.240182 IP (tos 0x0, ttl 64, id 53462, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.35685 > dsme01.intern.example.com.53: [udp sum ok] 26748+ A? spectrum.s3.amazonaws.com. (43)
22:41:34.240220 IP (tos 0x0, ttl 63, id 53462, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.35685 > dsme01.intern.example.com.53: [udp sum ok] 26748+ A? spectrum.s3.amazonaws.com. (43)
22:41:34.240468 IP (tos 0x0, ttl 64, id 53463, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.35685 > dsme01.intern.example.com.53: [udp sum ok] 43687+ AAAA? spectrum.s3.amazonaws.com. (43)
22:41:34.240562 IP (tos 0x0, ttl 63, id 53463, offset 0, flags [DF], proto UDP (17), length 71)
    192.168.10.133.35685 > dsme01.intern.example.com.53: [udp sum ok] 43687+ AAAA? spectrum.s3.amazonaws.com. (43)
22:41:34.240673 IP (tos 0x0, ttl 64, id 44076, offset 0, flags [none], proto UDP (17), length 92)
    dsme01.intern.example.com.53 > 192.168.10.133.35685: [udp sum ok] 26748 ServFail q: A? spectrum.s3.amazonaws.com. 1/0/0 spectrum.s3.amazonaws.com. [3h59m39s] CNAME s3-1-w.amazonaws.com. (64)

Here is my configuration of dnsmasq

config dnsmasq
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option nonwildcard '0'
	option strictorder '1'
	list rebind_domain 'example.com'
	list server '217.237.148.70'
	list server '217.237.150.115'
	list server '192.168.20.20'
	option confdir '/tmp/dnsmasq.d'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option expandhosts '1'
	option domain 'intern.example.com'

config dhcp 'lan'
	option interface 'lan'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	option ignore '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'

Unfortunately I can't find the error. I need your support.
Greetings from Stefan Harbich

hnyman · September 23, 2022, 5:26am

You do not show your network config and firewall config...

Additionally, you seem to have disabled DHCP also for Lan?
So you apparently a quite nonstandard network config.

lleachii · September 23, 2022, 6:49am

To better assist:

What devices generated the traffic displayed in output from tcpdump in your first post?
- On what device did you record the tcpdump?
How is the OpenWrt involved in the transport of the traffic?
BTW example[DOT]com is a vaild domain which is Globally used for examples in documentation - I'm not sure if you were obscuring information or actually using the domain internally
You can run tcpdump with '-n' to show IPs and not resolve
- Not sure you noticed, but the device running tcpdump seems to have working DNS resolution

You'll need to remove the 'intern.example.com' appending to Internet DNS queries. Since OpenWrt isn't the DNS nor DHCP, I'm not sure how we could provide direction.

elder_tinkerer · September 23, 2022, 8:21am

Hi,

in the dnsmasq configuration i'd try to comment out

list rebind_domain 'example.com'

and set the

option domain 'intern.example.com'

to the domain name your system uses
and restart the service.

frollic · September 23, 2022, 11:15am

check if the clients get any DNS IPs from the DHCP, then try to reach those IPs from the client(s).

frollic · September 23, 2022, 3:25pm

which one, or both ?

sharbich · September 23, 2022, 4:26pm

both options