Intermittent DNS failures

[ColinTaylor]

admin@RT-AX86U-AR28:/tmp/home/root# cat /etc/resolv.conf
nameserver 127.0.1.1
admin@RT-AX86U-AR28:/tmp/home/root# cat /tmp/resolv.dnsmasq
server=127.0.1.1

OK thanks. That eliminates a couple of thoughts that I had.

Are you getting any errors in the router's syslog when this happens?

I see you're running DNSCrypt-Proxy. I don't know anything about that so I can't help you there, but that's the next thing I would look at.

 

[sbsnb]

No syslog errors. Not running DNSCrypt-proxy at the moment.

 

[ColinTaylor]

OK. In the problem output you posted above is the "myPC" hostname manually assigned in the router's DHCP server or is it self-registered?

 

[sbsnb]

Manually assigned in /jffs/configs/dnsmasq.conf.add

 

[ColinTaylor]

OK. What does your /etc/dnsmasq.conf file look like?

I'm assuming your dnsmasq.conf.add file contains entries in this format:

dhcp-host=DC:53:60:84:45:6D,set:DC:53:60:84:45:6D,pav,192.168.1.87

 

[sbsnb]

OK. What does your /etc/dnsmasq.conf file look like?

I'm assuming your dnsmasq.conf.add file contains entries in this format:

dhcp-host=DC:53:60:84:45:6D,set:DC:53:60:84:45:6D,pav,192.168.1.87

Here's the actual line:

dhcp-host=F7:A4:67:4D:5F:8A,myPC,192.168.1.43,12h

 

[ColinTaylor]

What is the contents of /etc/dnsmasq.conf ?

 

[sbsnb]

Everything from dnsmasq.conf.add appears there verbatim appended to the end of the file.

 

[ColinTaylor]

Everything from dnsmasq.conf.add appears there verbatim appended to the end of the file.

I wanted to see the rest of the dnsmasq.conf file.

 

[ColinTaylor]

Was myPC actively connected to the LAN (i.e. it had asked and received a lease) when you did the nslookup? If it wasn't you will get the error you saw because of the way you're adding the dhcp-host entries.

 

[sbsnb]

It's on and connected by hard wire 24x7.

admin@RT-AX86U-AR28:/jffs/configs# cat /etc/dnsmasq.conf
pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
interface=pptp*
no-dhcp-interface=pptp*
no-resolv
servers-file=/tmp/resolv.dnsmasq
no-poll
no-negcache
cache-size=1500
min-port=4096
domain=foo.lan
expand-hosts
bogus-priv
domain-needed
local=/foo.lan/
dhcp-range=lan,192.168.1.100,192.168.1.254,255.255.255.0,86400s
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,15,foo.lan
dhcp-option=lan,252,"\n"
dhcp-authoritative
interface=tun21
interface=br1
dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0,86400s
dhcp-option=br1,3,192.168.101.1
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0,86400s
dhcp-option=br2,3,192.168.102.1
address=/use-application-dns.net/
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
dhcp-script=/sbin/dhcpc_lease
script-arp

# Allow NTP to work before DNSCrypt-proxy is up and running
server=/0.us.pool.ntp.org/8.8.8.8
server=/1.us.pool.ntp.org/8.8.8.8

# Use ISP DNS servers to stream Netflix from CDN
server=/nflxext.com/172.102.65.14
server=/nflximg.com/172.102.65.14
server=/nflximg.net/172.102.65.14
server=/nflxso.net/172.102.65.14
server=/nflxvideo.net/172.102.65.14

# Static DHCP assignments.
dhcp-host=72:C8:84:7E:5D:D1,Tablet,192.168.1.50,12h
dhcp-host=02:51:60:8A:57:47,freenas,192.168.1.45,12h
dhcp-host=E2:09:52:60:9A:A7,freenas-ipmi,192.168.1.44,12h
dhcp-host=F7:A4:67:4D:5F:8A,myPC,192.168.1.43,12h
dhcp-host=76:3A:DA:BD:98:31,plex,192.168.1.42,12h
dhcp-host=CA:C5:56:2E:E8:E7,Blu-ray,192.168.1.41,12h
dhcp-host=7E:C6:18:00:92:F1,Roku,192.168.1.40,12h
dhcp-host=E6:35:BC:82:B9:14,iPhone11,192.168.1.39,12h
dhcp-host=2A:01:FA:FF:5A:F4,AppleWatch,192.168.1.38,12h
dhcp-host=66:FD:97:09:69:24,Xbox,192.168.1.37,12h
dhcp-host=2E:9F:4D:54:2A:CF,iPhone11-2,192.168.1.36,12h
dhcp-host=F6:9A:A9:5F:BD:D3,iPod,192.168.1.35,12h
dhcp-host=BA:A9:2D:24:74:9C,iPhone2,192.168.1.34,12h
dhcp-host=0E:57:89:C9:3C:60,NintendoSwitch,192.168.1.33,12h
dhcp-host=BA:F4:3D:92:42:88,Laptop2,192.168.1.32,12h
dhcp-host=96:B8:08:67:03:54,Laptop,192.168.1.31,12h
dhcp-host=1A:47:7F:59:A2:00,Kindle,192.168.1.30,12h
dhcp-host=46:68:07:6F:F9:DC,iPhoneXR,192.168.1.24,12h
dhcp-host=92:C9:90:28:EA:3F,Pixel,192.168.1.23,12h
dhcp-host=92:81:24:F3:B8:3F,Laptop3,192.168.1.22,12h
dhcp-host=4A:C7:0F:92:81:C4,Laptop4,192.168.1.21,12h
dhcp-host=52:96:49:E2:A6:AA,Desktop,192.168.1.20,12h
dhcp-host=52:C5:2E:43:91:3F,Pixel4a,192.168.1.14,12h
dhcp-host=FA:0F:0E:87:F1:58,Kindle2,192.168.1.13,12h
dhcp-host=66:9A:7E:5E:BB:C8,Kindle3,192.168.1.12,12h
dhcp-host=26:19:27:6A:53:DF,Laptop5,192.168.1.11,12h
dhcp-host=5A:E1:E6:F2:AE:BA,Pixel2,192.168.1.10,12h

# NTP Server on router
dhcp-option=42,192.168.1.1

### Start of script-generated configuration for interface wl0.2 ###
interface=wl0.2
dhcp-range=wl0.2,192.168.3.2,192.168.3.254,255.255.255.0,86400s
dhcp-option=wl0.2,3,192.168.3.1
dhcp-option=wl0.2,6,8.8.8.8,8.8.4.4
### End of script-generated configuration for interface wl0.2 ###

 

[ColinTaylor]

OK that looks good.

You appear to be running with DoT enabled. So what is the output of

cat /tmp/resolv.conf

Are you also putting your static host names in /etc/ hosts? You should have something like this:

192.168.1.43  myPC.foo.lan  myPC

If you don't create matching entries in the hosts file and there is not an active lease in /var/lib/misc/dnsmasq.leases the name will fail to resolve.

 

[sbsnb]

admin@RT-AX86U-AR28:/tmp/home/root# cat /tmp/resolv.conf
nameserver 127.0.1.1

If you don't create matching entries in the hosts file and there is not an active lease in /var/lib/misc/dnsmasq.leases the name will fail to resolve.

myPC appears in /var/lib/misc/dnsmasq.leases

It turns out that all LAN name resolution is broken and it's not transitory, so it's not the same issue as this thread.

 

[ColinTaylor]

admin@RT-AX86U-AR28:/tmp/home/root# cat /tmp/resolv.conf
nameserver 127.0.1.1

myPC appears in /var/lib/misc/dnsmasq.leases

It turns out that all LAN name resolution is broken and it's not transitory, so it's not the same issue as this thread.

OK, my mistake. I didn't read your post #40 closely enough.

Local name resolution won't work from the router because it's using stubby directly on 127.0.1.1 (I misread that as 127.0.0.1). So you are bypassing dnsmasq which is the only thing that knows how to resolve local names.

I wouldn't be surprised at all if you were having intermittent problems resolving external names because you're using DoT. I found DoT wholly unreliable regardless of the upstream resolver. For these problems I suggest you enable the Stubby log and see what's happening.

 

[sbsnb]

Local name resolution won't work from the router because it's using stubby directly on 127.0.1.1 (I misread that as 127.0.0.1). So you are bypassing dnsmasq which is the only thing that knows how to resolve local names.

I turned off DoT and it still fails.

admin@RT-AX86U-AR28:/jffs/scripts# cat /tmp/resolv.conf
nameserver 208.67.220.220
nameserver 208.67.222.222

admin@RT-AX86U-AR28:/jffs/scripts# nslookup myPC 192.168.1.1
Server:    192.168.1.1
Address 1: 192.168.1.1 RT-AX86U-AR28.foo.lan

nslookup: can't resolve 'myPC'

 

[ColinTaylor]

I turned off DoT and it still fails.

admin@RT-AX86U-AR28:/jffs/scripts# cat /tmp/resolv.conf
nameserver 208.67.220.220
nameserver 208.67.222.222

admin@RT-AX86U-AR28:/jffs/scripts# nslookup myPC 192.168.1.1
Server:    192.168.1.1
Address 1: 192.168.1.1 RT-AX86U-AR28.foo.lan

nslookup: can't resolve 'myPC'

That's because you have "Wan: Use local caching DNS server as system resolver (default: No)" set to No under Tools - Other Settings. So you are bypassing dnsmasq and going directly to the internet servers.

It should resolve OK from a LAN PC (assuming it's not routed via a VPN client).

 

[sbsnb]

 

[sbsnb]

This was working for years and years running DNSCrypt-proxy. It seems the issue appeared when I uninstalled DNSCrypt-proxy and configured the router for DoT.

Also, the LAN name resolution is broken for clients too. It's not just from the router.

 

[ColinTaylor]

Apologies again, I'm not reading you posts closely enough. Too many very similar filenames.

What's the output of:

cat /etc/resolv.conf

grep -i mypc /var/lib/misc/dnsmasq.leases

 

[sbsnb]

> myPC
Server:  RT-AX86U-AR28.foo.lan
Address:  192.168.1.1

------------
SendRequest(), len 44
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        myPC.foo.lan, type = A, class = IN

------------
------------
Got answer (44 bytes):
    HEADER:
        opcode = QUERY, id = 6, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        myPC.foo.lan, type = A, class = IN

------------
------------
SendRequest(), len 44
    HEADER:
        opcode = QUERY, id = 7, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        myPC.foo.lan, type = AAAA, class = IN

------------
------------
Got answer (44 bytes):
    HEADER:
        opcode = QUERY, id = 7, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        myPC.foo.lan, type = AAAA, class = IN

------------
*** RT-AX86U-AR28.foo.lan can't find myPC: Non-existent domain