Newbie question: can do ping on router, but not on clients...

[Bamsefar]

So I can ping
login003.stockholm.se
on my AX88 router - works perfect. GUI and commandline, both works just great.

However my clients, windows/linux/android, can not.

I use Diverson and Skynet - both are disabled !
It does not matter, on the router I can, on the clients I can not...

So why I wonder - what is it that I am missing? must be something easy - I am feeling like a newbie...

I did have a look at the log for dnsmasq and it seems to set the adress to 127.1.1.0 - no matter what. And yet again, the router has no problems with name resolution - just the clients...

 

[ColinTaylor]

What do the clients get from an nslookup?

C:\>nslookup login003.stockholm.se
Server:  RT-AC68U.home.lan
Address:  192.168.1.1

Non-authoritative answer:
Name:    login003.id.stockholm.se
Address:  217.21.237.96
Aliases:  login003.stockholm.se

 

[Bamsefar]

That is a very good question, and the result is:

Windows:
C:\>nslookup login003.stockholm.se
Server:  router.asus.com
Address:  10.168.1.1

*** router.asus.com can't find login003.stockholm.se: Server failed

Linux/Ubuntu 18.04LTS:
> nslookup login003.stockholm.se
Server:         127.0.0.53
Address:        127.0.0.53#53

** server can't find login003.stockholm.se: SERVFAIL

Asus router:
# nslookup login003.stockholm.se
Server:    9.9.9.9
Address 1: 9.9.9.9 dns9.quad9.net

Name:      login003.stockholm.se
Address 1: 217.21.237.96 login003.id.stockholm.se

Do note that I can access stockholm.se - but not the login003.stockholm.se.

 

[ColinTaylor]

Is your router's address really 10.168.1.1 ?

 

[Bamsefar]

Yepp.

 

[Bamsefar]

And what was wrong? DNS-over-TLS was on, and that made connections from client to not work, but it did work from Asus router.

Still do not get why that kind of did not work, why is the router using different DNS method/connection instead of the DoT setup?

 

[ColinTaylor]

... why is the router using different DNS method/connection instead of the DoT setup?

384.12 (22-June-2019)
  - CHANGED: The router will now use ISP-provided resolvers
             instead of local dnsmasq when attempting to
             resolve addresses, for improved reliability.
             This reproduces how stock firmware behaves.
             This only affects name resolution done
             by the router itself, not by the LAN clients.
             The behaviour can still be changed on the
             Tools -> Other Settings page.

 

[Bamsefar]

So quad9 does not resolve login003.stockholm.se - but works for stockholm.se, go figure....

 

[Bamsefar]

Have to reopen this....

Changed to Cloudflare, and thought that would solve this. It did not.

If I use 1.1.1.1 / 1.0.0.1 as static DNS, and not using DoT, it works.
Turning on DoT, Cloudflare, I still are refused to get login003.stockholm.se resolved.

Since 1.1.1.1 and cloudflare-dns.com under DoT should be the same right, but DoT will not resolve.

So I had to turn off DoT for accessing login003.stockholm.se (which is a site that keeps track of where I am in the que to rental appartments in Stockholm, so not something direct special I would say). I simply do not get this....

 

[Bamsefar]

Google DoT works....

And now that I changed back to Cloudflare this works again. I am back at the privious config that did not work, and now it works.....