ftahumour
New Around Here
Hello guys and gals,
I have an issue I'm struggling to resolve and contacting the vendor for support appears a futile exercise for now at least, so I'm hoping that some of you here may have experienced a similar issue or may be knowledgable on the subject to provide some leads I can look into.
Anyway, thanks in advance and here it goes...
I own an Asus RT-AC87U with AsusWrt-Merlin 384.13_1 firmware.
I have an environment which is perhaps not common and as a result I have a problem with a streaming service on a single device in my LAN not functioning unless I change the router’s LAN/DHCP Server DNS settings, which then fixes that issue but creates other issues. I find it odd that other streaming services on the same device with the same network configuration resolve fine and are functioning, but this one service fails until I make DNS server changes.
So for the background of the environment:
Affected Device: FireTV Stick 4K
Affected Service: Netflix
Not Affected Services: Amazon, BBC iplayer, You tube, etc.
LAN Environment: AC87U is configured to provide DHCP on a 192.168.100.0/24 network. I’m running Windows Domain 2K16 servers, DC01-192.168.100.254, DC02-192.168.100.253 for various services + home lab. Windows DNS is configured with forwarders to Open DNS (208.67.222.222 | 208.67.220.220). The LAN/DHCP side DNS servers in router are configured as DC01 and DC02 IP’s. Router’s Domain name is configured as the local domain (will refer to it as lab.local in this example).
This configuration resolves as follows:
nslookup lab.local
Server: DC01.lab.local
Address: 192.168.100.253
Name: lab.local
Addresses: 192.168.100.254
192.168.100.253
------------------------------------------
WAN Environment: AC87U is connected to a Docsis modem providing a Dynamic public IP to the Router from the ISP. The WAN Configuration is pretty basic afaik and is listed below:
WAN Connection Type: Automatic IP
Enable WAN: Yes
Enable NAT: Yes
Enable UPnP: No
WAN DNS Setting
Connect to DNS Server automatically: No
DNS Server1: 208.67.222.222
DNS Server2: 208.67.220.220
Forward local domain queries to upstream DNS: No
Enable DNS Rebind protection: No
Enable DNSSEC support: No
DNS Privacy Protocol: None
Your router's DHCP server is configured to provide a DNS server that's different from your router's IP address. This will prevent clients from using the DNS Privacy servers.
-------------------------------------------
Afaik all LAN side server based services are functional in this configuration, as are all streaming services through the FireTV stick.
This is where the configuration gets complicated for me and with networking not being my strong suite I’m at this stage going around in circles trying to understand and resolve the problem.
The AC87U is additionally configured as a Client to NordVPN services, connecting to a server in my country. The aim is to have selected devices in my LAN connect to the Internet via VPN. To this end, I have configured “Policy Rules” to explicitly force 3 devices to be routed to the WAN connection directly, these are 2 mobile phones and the FireTV stick. All other devices LAN side are configured to be routed through the VPN connection.
IP Lookup and tracert to a public DNS from my PC (VPN) and my VMPC/Phone (WAN) confirm that traffic is routed to VPN or WAN for each device as configured in the VPN Client Policy Rules of the router. Also VPN=30mbps and WAN=100mbps so a quick speed test confirms which side is used when switching backwards and forwards during testing.
In this configuration every service works as required (e.g. Windows Server services, FireTV stick’s aforementioned streaming services) apart from Netflix!!! The Netflix service returns a connection error “NW-2-4”. When doing a Network test through the Netflix App, it attempts to connect to 3 separate Netflix servers, and fails each time, lastly it attempts to check the internet connection which returns a green tick box, which implies all OK there.
The Network settings details within Netflix application for FireTV stick report as follows:
IP: 192.168.100.108/24 (Manually assigned IP within DHCP scope)
Gateway: 192.168.100.1/24 (Router IP)
DNS Servers: 192.168.100.253/24 (Windows DC01)
192.168.100.254/24 (Windows DC02)
8.8.8.8 (Google Public DNS)
Testing DNS resolution with Google Public DNS returns:
nslookup dns.google.com
Server: DC01.lab.local
Address: 192.168.100.253
Non-authoritative answer:
Name: dns.google.com
Addresses: 2001:4860:4860::8844
2001:4860:4860::8888
8.8.4.4
8.8.8.8
The above test proves to me that DNS resolution within the LAN is functional to either local domain host names (DC01, DC01 DNS servers) or, Public DNS such as Google. Therefore given the reported list of DNS servers from the Netflix App, at least the 8.8.8.8 (dns.google.com) should resolve sufficiently for Netflix to function in my environment but it doesn’t.
Based on the behaviour I feel that DNS resolution is the culprit, but don’t understand why only for Netflix or, how to move forward from here.
Suffice it to say, I have queried this with Netflix and their outsourced first line support is signing from a hymn-sheet and not even comprehending what I am attempting to explain. I even offered to share this breakdown and that was not even acknowledged by the tech person I spoke with, nevermind “yes please send it here”....
SUMMARY NOTES:
1. VPN Client Service disabled =FireTV stick works with all services.
2. FireTV stick routed through VPN tunnel does not work.
3. FireTV stick routed through WAN does work for all services but Netflix!
4. When VPN Client is Enabled changing LAN/DHCP side DNS Server entries to Open DNS IP’s resolves the Netflix streaming issue, but breaks all Windows based services provided LAN side since no resolution by DC01 and DC02 is provided. This behaviour s the same for any combination, e.g.
a. LAN/DHCP DNS1: 208.67.222.222 + DNS2: 192.168.100.253 (breaks Windows Services)
b. LAN/DHCP DNS1: 192.168.100.253 + DNS2: 208.67.222.222 (breaks Netflix Service)
Any pointers are welcome and thanks in advance.
ftahumour
I have an issue I'm struggling to resolve and contacting the vendor for support appears a futile exercise for now at least, so I'm hoping that some of you here may have experienced a similar issue or may be knowledgable on the subject to provide some leads I can look into.
Anyway, thanks in advance and here it goes...
I own an Asus RT-AC87U with AsusWrt-Merlin 384.13_1 firmware.
I have an environment which is perhaps not common and as a result I have a problem with a streaming service on a single device in my LAN not functioning unless I change the router’s LAN/DHCP Server DNS settings, which then fixes that issue but creates other issues. I find it odd that other streaming services on the same device with the same network configuration resolve fine and are functioning, but this one service fails until I make DNS server changes.
So for the background of the environment:
Affected Device: FireTV Stick 4K
Affected Service: Netflix
Not Affected Services: Amazon, BBC iplayer, You tube, etc.
LAN Environment: AC87U is configured to provide DHCP on a 192.168.100.0/24 network. I’m running Windows Domain 2K16 servers, DC01-192.168.100.254, DC02-192.168.100.253 for various services + home lab. Windows DNS is configured with forwarders to Open DNS (208.67.222.222 | 208.67.220.220). The LAN/DHCP side DNS servers in router are configured as DC01 and DC02 IP’s. Router’s Domain name is configured as the local domain (will refer to it as lab.local in this example).
This configuration resolves as follows:
nslookup lab.local
Server: DC01.lab.local
Address: 192.168.100.253
Name: lab.local
Addresses: 192.168.100.254
192.168.100.253
------------------------------------------
WAN Environment: AC87U is connected to a Docsis modem providing a Dynamic public IP to the Router from the ISP. The WAN Configuration is pretty basic afaik and is listed below:
WAN Connection Type: Automatic IP
Enable WAN: Yes
Enable NAT: Yes
Enable UPnP: No
WAN DNS Setting
Connect to DNS Server automatically: No
DNS Server1: 208.67.222.222
DNS Server2: 208.67.220.220
Forward local domain queries to upstream DNS: No
Enable DNS Rebind protection: No
Enable DNSSEC support: No
DNS Privacy Protocol: None
Your router's DHCP server is configured to provide a DNS server that's different from your router's IP address. This will prevent clients from using the DNS Privacy servers.
-------------------------------------------
Afaik all LAN side server based services are functional in this configuration, as are all streaming services through the FireTV stick.
This is where the configuration gets complicated for me and with networking not being my strong suite I’m at this stage going around in circles trying to understand and resolve the problem.
The AC87U is additionally configured as a Client to NordVPN services, connecting to a server in my country. The aim is to have selected devices in my LAN connect to the Internet via VPN. To this end, I have configured “Policy Rules” to explicitly force 3 devices to be routed to the WAN connection directly, these are 2 mobile phones and the FireTV stick. All other devices LAN side are configured to be routed through the VPN connection.
IP Lookup and tracert to a public DNS from my PC (VPN) and my VMPC/Phone (WAN) confirm that traffic is routed to VPN or WAN for each device as configured in the VPN Client Policy Rules of the router. Also VPN=30mbps and WAN=100mbps so a quick speed test confirms which side is used when switching backwards and forwards during testing.
In this configuration every service works as required (e.g. Windows Server services, FireTV stick’s aforementioned streaming services) apart from Netflix!!! The Netflix service returns a connection error “NW-2-4”. When doing a Network test through the Netflix App, it attempts to connect to 3 separate Netflix servers, and fails each time, lastly it attempts to check the internet connection which returns a green tick box, which implies all OK there.
The Network settings details within Netflix application for FireTV stick report as follows:
IP: 192.168.100.108/24 (Manually assigned IP within DHCP scope)
Gateway: 192.168.100.1/24 (Router IP)
DNS Servers: 192.168.100.253/24 (Windows DC01)
192.168.100.254/24 (Windows DC02)
8.8.8.8 (Google Public DNS)
Testing DNS resolution with Google Public DNS returns:
nslookup dns.google.com
Server: DC01.lab.local
Address: 192.168.100.253
Non-authoritative answer:
Name: dns.google.com
Addresses: 2001:4860:4860::8844
2001:4860:4860::8888
8.8.4.4
8.8.8.8
The above test proves to me that DNS resolution within the LAN is functional to either local domain host names (DC01, DC01 DNS servers) or, Public DNS such as Google. Therefore given the reported list of DNS servers from the Netflix App, at least the 8.8.8.8 (dns.google.com) should resolve sufficiently for Netflix to function in my environment but it doesn’t.
Based on the behaviour I feel that DNS resolution is the culprit, but don’t understand why only for Netflix or, how to move forward from here.
Suffice it to say, I have queried this with Netflix and their outsourced first line support is signing from a hymn-sheet and not even comprehending what I am attempting to explain. I even offered to share this breakdown and that was not even acknowledged by the tech person I spoke with, nevermind “yes please send it here”....
SUMMARY NOTES:
1. VPN Client Service disabled =FireTV stick works with all services.
2. FireTV stick routed through VPN tunnel does not work.
3. FireTV stick routed through WAN does work for all services but Netflix!
4. When VPN Client is Enabled changing LAN/DHCP side DNS Server entries to Open DNS IP’s resolves the Netflix streaming issue, but breaks all Windows based services provided LAN side since no resolution by DC01 and DC02 is provided. This behaviour s the same for any combination, e.g.
a. LAN/DHCP DNS1: 208.67.222.222 + DNS2: 192.168.100.253 (breaks Windows Services)
b. LAN/DHCP DNS1: 192.168.100.253 + DNS2: 208.67.222.222 (breaks Netflix Service)
Any pointers are welcome and thanks in advance.
ftahumour
Last edited:
