What's new

AC-5300 stopped answering DNS queries?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

BGood

Regular Contributor
Merlin 384.14_2 has been running without issue for months.

This morning, the family reported the internet was broken (except for a device running OpenVPN client through the router which was functional). When I did "nslookup" I got nothing but time-outs. I had been running WAN DNS1 at 1.1.1.1 and WAN DNS2 at 1.0.0.1 for months. I switched to 8.8.8.8 and 8.8.8.4 but was still not getting any nslookup results on my (non-VPN) clients. I then switched back to accepting Comcast's automatic DNS settings with the same results. Out of desperation to get my family back online, I went to the LAN settings under DHCP Server and put in 1.1.1.1 and my router's internal IP address for DNS2. This got all my (non-VPN) devices back online again!

I'm now getting the warning on the WAN tab in the DNS Privacy Protocol section:
Your router's DHCP server is configured to provide a DNS server that's different from your router's IP address. This will prevent clients from using the DNS Privacy servers.

As mentioned, I'm running OpenVPN client and forcing a few computers to use that with strict DNS, but I see NOW these clients are using 1.1.1.1 for DNS (which I guess makes sense because I bypassed the router).

What I've done in my mind is a sub-optimal work-around. I want to be able to go back to using the router's DNS (1.1.1.1 for most devices and my VPN provider's DNS for those devices). I have tried restoring my settings for the router and I've also flashed the 384.14_2 version back onto the router and neither helped.

Complicating matters is with my family home all the time, I don't have much time to troubleshoot or test. I've considered flashing to the newest Merlin version, but I'm also reluctant to make more changes without really knowing why DNS just stopped working.

Looking for ideas on what to do next.
 
Although I can't offer a solution I have experienced something similar today as well - although not a complete failure of DNS mine would give lots of timeouts all the time and occasionally burst into life. This was on an AX88U, and Quad9 DNS with DNSSec, been working fine for weeks then out of the blue lots of problems starting about 24hrs ago. I'm currently trying full resets and the latest firmware:(.
 
Although I can't offer a solution I have experienced something similar today as well - although not a complete failure of DNS mine would give lots of timeouts all the time and occasionally burst into life. This was on an AX88U, and Quad9 DNS with DNSSec, been working fine for weeks then out of the blue lots of problems starting about 24hrs ago. I'm currently trying full resets and the latest firmware:(.

Interesting. Are you with Comcast by any chance? I should mention that I started seeing oddities earlier this week with my security app sometimes not loading unless I turned off wifi, Amazon Prime taking 1-2 minutes to load rather than 15 seconds, some web sites taking a long time to load, etc. It just finally devolved to nothing by this morning.
 
There seem to have been a spate of reports over the last few days of problems using DNS Privacy (DoT) and/or DNSSEC. Try turning those off (and undoing the DHCP changes) and going back to a "normal" DNS setup.
 
I had that problem with that firmware version too. From 384.18 I never noticed it anymore. I currently run with 384.19 and it has proven to be rock solid.
 
There seem to have been a spate of reports over the last few days of problems using DNS Privacy (DoT) and/or DNSSEC. Try turning those off (and undoing the DHCP changes) and going back to a "normal" DNS setup.
I hadn't turned on any DoT or changed any settings in months.
 
So should I just flash with the latest Merlin firmware? Can I reload my previous 384.14_2 settings after?
 
So should I just flash with the latest Merlin firmware? Can I reload my previous 384.14_2 settings after?


Yes, flash the latest firmware to test with (first, make a backup of your config and the JFFS partition too, along with the firmware version in zipped format for the firmware you're currently using).

No, you shouldn't restore the backup config files you made on the old firmware.
 
Well, I'm running 384.19 now and still my DNS isn't working

Server: RT-AC5300-D6A0.homelan
Address: 192.168.18.61

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to RT-AC5300-D6A0.homelan timed-out

Ah, I missed one thing.

I set "Enable DNSSEC Support" to No and now DNS is working!

So is there some problem now with 1.1.1.1 and 1.0.0.1 doing DNSSEC?
 
Seems now to work with these settings!
1598109655006.png
 
My AX88U has been OK for a few days on Cloudflare with DoT, but would still prefer to use Quad9 for their malware/threat blocking - so tried Quad9 again tonight. Without DoT it works OK, but straight away with DoT it is back to bouncing between timeouts and then working. Odd - something must have changed somewhere. If I get time I might dig out the old hub and monitor the WAN to see If anything stands out as odd, or maybe pop an email to their support. My VoIP phone also keeps dropping its registration which it never did before 384.19:(
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top