viperk1
New Around Here
Hey guys, I've scoured the internet for the past week and have not been able to find anything about this.
Based on what I'm seeing, if there's ever a DNS query that has a response that's bigger than the UDP packet size which means a switch to TCP is required, the router has problems resolving the address. I've tried this on the stock ASUS firmware (3.0.0.4_384_81049-gbd61205), Tomato, and Merlin (384.13) and the behaviour seems the same.
For example, if I SSH into the router and try 'ping ca.secureconnect.me' I get
admin@RT-AC1900P-5F90:/tmp/home/root# ping ca.secureconnect.me
ping: bad address 'ca.secureconnect.me'
But this works perfectly fine on a machine connected to the router:
C:\Users\S>ping ca.secureconnect.me
Pinging ca.secureconnect.me [184.75.210.170] with 32 bytes of data:
Reply from 184.75.210.170: bytes=32 time=47ms TTL=51
Using nslookup on my linux box for the above hostname shows ";; Truncated, retrying in TCP mode" and then all the results. Eg:
s@tanuki:~$ nslookup ca.secureconnect.me
;; Truncated, retrying in TCP mode.
Server: 10.10.10.2
Address: 10.10.10.2#53
Non-authoritative answer:
Name: ca.secureconnect.me
Address: 162.254.132.98
...etc
admin@RT-AC1900P-5F90:/tmp/home/root# nslookup ca.secureconnect.me
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain
nslookup: can't resolve 'ca.secureconnect.me'
Pinging/nslookup on a different hostname with a smaller DNS record works in all places and doesn't show any truncation message. Eg:
admin@RT-AC1900P-5F90:/tmp/home/root# ping cavan.secureconnect.me
PING cavan.secureconnect.me (107.181.189.38): 56 data bytes
64 bytes from 107.181.189.38: seq=0 ttl=45 time=99.841 ms
admin@RT-AC1900P-5F90:/tmp/home/root# nslookup cavan.secureconnect.me
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain
Name: cavan.secureconnect.me
Address 1: 107.181.189.47
Address 2: 107.181.189.48
Address 3: 107.181.189.34
...etc
C:\Users\S>ping cavan.secureconnect.me
Pinging cavan.secureconnect.me [107.181.189.38] with 32 bytes of data:
Reply from 107.181.189.38: bytes=32 time=92ms TTL=44
s@tanuki:~$ nslookup cavan.secureconnect.me
Server: 10.10.10.2
Address: 10.10.10.2#53
Non-authoritative answer:
Name: cavan.secureconnect.me
Address: 107.181.189.35
...etc
Do other people see the same thing and is there any way to get resolution working for these cases?
If any more information is needed then please let me know!
Thanks so much!
Based on what I'm seeing, if there's ever a DNS query that has a response that's bigger than the UDP packet size which means a switch to TCP is required, the router has problems resolving the address. I've tried this on the stock ASUS firmware (3.0.0.4_384_81049-gbd61205), Tomato, and Merlin (384.13) and the behaviour seems the same.
For example, if I SSH into the router and try 'ping ca.secureconnect.me' I get
admin@RT-AC1900P-5F90:/tmp/home/root# ping ca.secureconnect.me
ping: bad address 'ca.secureconnect.me'
But this works perfectly fine on a machine connected to the router:
C:\Users\S>ping ca.secureconnect.me
Pinging ca.secureconnect.me [184.75.210.170] with 32 bytes of data:
Reply from 184.75.210.170: bytes=32 time=47ms TTL=51
Using nslookup on my linux box for the above hostname shows ";; Truncated, retrying in TCP mode" and then all the results. Eg:
s@tanuki:~$ nslookup ca.secureconnect.me
;; Truncated, retrying in TCP mode.
Server: 10.10.10.2
Address: 10.10.10.2#53
Non-authoritative answer:
Name: ca.secureconnect.me
Address: 162.254.132.98
...etc
admin@RT-AC1900P-5F90:/tmp/home/root# nslookup ca.secureconnect.me
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain
nslookup: can't resolve 'ca.secureconnect.me'
Pinging/nslookup on a different hostname with a smaller DNS record works in all places and doesn't show any truncation message. Eg:
admin@RT-AC1900P-5F90:/tmp/home/root# ping cavan.secureconnect.me
PING cavan.secureconnect.me (107.181.189.38): 56 data bytes
64 bytes from 107.181.189.38: seq=0 ttl=45 time=99.841 ms
admin@RT-AC1900P-5F90:/tmp/home/root# nslookup cavan.secureconnect.me
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain
Name: cavan.secureconnect.me
Address 1: 107.181.189.47
Address 2: 107.181.189.48
Address 3: 107.181.189.34
...etc
C:\Users\S>ping cavan.secureconnect.me
Pinging cavan.secureconnect.me [107.181.189.38] with 32 bytes of data:
Reply from 107.181.189.38: bytes=32 time=92ms TTL=44
s@tanuki:~$ nslookup cavan.secureconnect.me
Server: 10.10.10.2
Address: 10.10.10.2#53
Non-authoritative answer:
Name: cavan.secureconnect.me
Address: 107.181.189.35
...etc
Do other people see the same thing and is there any way to get resolution working for these cases?
If any more information is needed then please let me know!
Thanks so much!
Last edited: