DNS queries failing

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Khadanja

Regular Contributor
Websites don't open randomly and after few refreshes they sometimes open. This is my DNS setting, previously I had cloudfare addresses in the server 1 & 2, then changed to quad9 but issue is still there. What am I doing wrong? I'm in NZ. Thanks
 

Attachments

  • Capture.JPG
    Capture.JPG
    66.1 KB · Views: 71

eibgrad

Very Senior Member
Most obvious next step to me would be to eliminate all references to DNSSEC and DoT/DoH and just use simple, old fashioned DNS to see if the problem is related to those things. Also, check your syslog for errors.
 

Don->

Occasional Visitor
In your LAN settings what have you set up for DNS in the DHCP section?
 

Cornel

New Around Here
I encountered the same issues in a similar config as Khadanja (I'm using Cloudflare), but since disabling Validate unsigned DNSSEC replies I haven't seen them again. No DNS has been set in the LAN DHCP Server. I first started noticing these occurences since upgrading to 386.1
 
Last edited:

TomTomsc1

New Around Here
Exactly what I'm experiencing too. Disabling Validate unsigned DNSSEC replies seems to fix it. I've tried 3 different DNS providers: Google, Cloudflare and Canadian Shield, same thing with all.

Ever since firmware 386 this has been happening. Glad to see others are experiencing this.
 

5stringdeath

Regular Contributor
Ah thank god I found this thread. Thanks. Hopefully fixed soon.

For me this mainly only affected my Windows 10 box, not my Macs, Pixel 3 or streaming devices. Was driving me crazy on Win10 though -- using any browser.
 

JemTheWire

Senior Member
My PC (Windows 10) has been doing this for as long as I can remember. It’s a bit random. Somtimes I have to hit the refresh button a couples of times for the page to load.

I have tried your suggestion of disabling ‘validate unsigned DNSSEC’ but it hasn’t made any difference.
 

5stringdeath

Regular Contributor
I have tried your suggestion of disabling ‘validate unsigned DNSSEC’ but it hasn’t made any difference.
Ok mine started to fail again so I did some more digging. This seems to have resolved it for me and I never knew this was the proper way to setup IPV6 DNS on my router. I use FiOS so I have native IPV6 service.

This is from this wiki page:

"IMPORTANT: for DNS Privacy to work in IPv6, you must set IPv6 DNS Server in IPv6 page (not equivalent to add IPv6 DoT servers on the WAN -> Internet Connection page) to your router's LAN IPv6 Link-Local Address. You can find your router's LAN IPv6 Link-Local Address in System Log -> IPv6 tab. Link-local address starts with fe80."
 

JemTheWire

Senior Member
Unfortunately that’s no good for me is I don’t have IPv6
 

bbunge

Very Senior Member
Successful DoT/DNSSEC can depend upon several factors. The Merlin implementation of Stubby DoT with Dnsmasq DNSSEC works well. For most, that is. I have found that for me selecting a "close" upstream DNS resolver for DoT works best. The DNS server you are directed to relies on the Anycast system. I suspect that the ISP's set this up and at times they will direct you to a remote resolver. Quad9 has servers less than 100 miles from me but when I use Quad9 (normalDNS or DoT) my ISP routes the packets to Quad9 server 10 times farther away. Thus more lag and failures. I do much better with Cloudflare/Cloudflare Secure as the server 100 miles away is used. I sometimes set my router up to use Stubby to validate DNSSEC as I feel it works better for me. Neither method, Stubby or Dnsmasq, of validation is right or wrong. Just what you prefer.
Use DNS Leak to discover where your queries are going and try to choose a "close" DNS resolver.
 

5stringdeath

Regular Contributor
So I started to have issues again and ended up disabling IPV6 on my Win10 machine. Now it resolves perfect and fast. There is something in Win10, the router or my setup that doesn't resolve IPV6 DNS very well and as I understand things, Windows tries that first before falling back to IPV4. Tried all sorts of server combos in the router settings for IPV6 DNS too, with DNSSEC and TLS both on and off completely and in different combos. For now this will suffice, I really only game on this machine anyhow :)
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top