Questions WAN 10GB Fiber connection

bob123456

Regular Contributor
Hello,
Around here in Switzerland, I just got fiber connection:
"WAN Status: Rx:10Gbps Tx:10Gbps"

The ISP started to tell me something weird, which start to raise some concerns. Basically on the ISP provider router (AX7501-B0), we can't even configure DNS now.

The attempt of explanation, received by a customer support from the alleged ISP's expert, went along that it's a shared line and we can't change that.

Since it's a new technology, I haven't heard much about it so far.

Someone knows more about that?

To me on my LAN, I should be able to have DHCP and set the local DNS for my local client. I know I can connected another router and deal with that.
I'm more interested to understand what's behind the fiber connection and why they claim we can't change DNS on my LAN section...

Anyone knows about?

PS: I'm also not sure about the speed, but I don't have any 10GB NIC to verify. Only my home router the fatest port is only 2.5GB anyway...
 

hank81

Regular Contributor
I don't have idea about don't letting you use your LAN DHCP and DNS for clients. I guess there's no other way to get a neutral router.

About 10Gbps, no one is capable of checking at home, so it's BS, moreover when you don't have a dedicated strand of optical fiber for you but one you have to share with many other users.
 

bob123456

Regular Contributor
Thanks,
1) The thing is I manage to configure the router by changing DNS; bypassing the gui restrictions. But then I have no connection or intermittent connection. So it's a weird technology, or i should say, whatever I have is not behaving like usual. For example I don't see why changing the LAN sections impact the connection overall.

2) Yes, exactly. It seems some sort of sharing. What I am worrying about is more that I have no information/no control and that allegedly one can't change local DNS on that device (at least officially). So what else is shared? Where is the actual LAN/WAN, it could be that we all are in the same LAN somehow (at least some weird implementation) and that some other could intercept the traffic...

I am trying to understand what this "sharing" is about.

Note: The ISP did propose to put me on a 1G max line where they claim I can configure the DNS. I am not even sure that is true and I have no way of verifying what would be the actual speeds and comparing the two...

Overall it's just weird new connection I never heard about...
I don't have idea about don't letting you use your LAN DHCP and DNS for clients. I guess there's no other way to get a neutral router.

About 10Gbps, no one is capable of checking at home, so it's BS, moreover when you don't have a dedicated strand of optical fiber for you but one you have to share with many other users.
 

itpp20

Senior Member
It might be shared as in VLAN's where on their (ISP) side they manage services per device which might be a device limitation towards dishing out VLAN's from the same shared device.
If this is the case do find out what type of VLAN they use as some VLAN are not a true VLAN.
 

bob123456

Regular Contributor
It might be shared as in VLAN's where on their (ISP) side they manage services per device which might be a device limitation towards dishing out VLAN's from the same shared device.
If this is the case do find out what type of VLAN they use as some VLAN are not a true VLAN.
Yes, the ISP is not willing to explain me (* also they are clearly unable to communicate on that topic).
What is very weird is having a changed DNS from my LAN (on my 2nd router) is disconnecting me from the internet...

This is what happens immediately after I change the DNS server from my own router, in the LAN section, for DHCP:

>nslookup www.lequipe.fr
Server: UnKnown
Address: 192.168.2.2

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
^C
C:\Users\JS>nslookup pi.hole
Server: UnKnown
Address: 192.168.2.2

Name: pi.hole
Addresses: fe80::c17d:2a5:8688:5760
192.168.2.3

So it does recognise my DNS server (pi.hole, 192.168.2.3) but immediately loses internet connection.

So weird. If/when at the same time, I connect to the ISP router wifi, which has no custom DNS, it works:

nslookup www.lequipe.fr
Server: sunrise.box
Address: 192.168.1.1

Non-authoritative answer:
Name: e7130.g.akamaiedge.net
Address: 23.11.239.250
Aliases: www.lequipe.fr
2-01-273c-004f.cdx.cedexis.net
www.lequipe.fr.edgekey.net
 

itpp20

Senior Member
Try this:

Capture.PNG
 

bob123456

Regular Contributor
nslookup
Default Server: UnKnown
Address: 192.168.2.2

(when I do the above, my internet connection works properly, and DNS is working despite saying "unknown")


If/when I change the RAX200 to use the DNS (192.168.2.3), I get the

DNS request timed out.
timeout was 2 seconds.
.

Note: this is the DNS configuration in the RAX200:
If it's automatically from ISP, I have internet connection.
If I set the 192.168.2.3, I get no internet connection.

I have checked in my pi-hole (192.168.2.3), during that time, it does intercept my DNS queries, so that works.
That means if while I have 192.168.2.3 as primary DNS on my RAX200, and I type www.google.com from my win10 client connected to that router, I can see that request in my pi-hole admin.
That proves the DNS server works and receive my queries. But, it's actually not going on the internet, the connection is down while doing so. So I won't get google.com page.

It's something very weird with the 10G Fiber connection.


CaptureDNS.PNG
 
Last edited:

itpp20

Senior Member
You have to manually select a server, if that works you could manually assign a DNS next to using DHCP on LAN interfaces.
Traffic always goes to the gateway including DNS queries, you just have to force the DNS address as that seems to be an invalid address or it (DNS server) does not know how to pass a query.
 

bob123456

Regular Contributor
You have to manually select a server, if that works you could manually assign a DNS next to using DHCP on LAN interfaces.
Traffic always goes to the gateway including DNS queries, you just have to force the DNS address as that seems to be an invalid address or it (DNS server) does not know how to pass a query.
Hm, let's say, I have manually configured that page on the RAX200 to be 192.168.2.3.
That has worked before.
My clients received that DNS server ip properly throught the DHCP.
And I could see the DNS queries from those from the pi-hole interface (the DNS server, 192.168.2.3).
Usually the GW (the 192.168.2.2 here) was redirecting properly the queries to the local DNS server, and all worked.

Here it seems it's the first router, the ISP one, that disconnects the connection when there's a change DNS server. That router has 192.168.1.1 (different subnet) and a WAN address.
Since the 192.168.2.3 ultimately has another DNS server (it's like 8.8.8.8), it means using 192.168.2.3 is ultimately going to the internet for the DNS queries.
 

itpp20

Senior Member
Then don't change the DNS at the perimeter but on your end either manually or via DNS forward, a DNS query is just another packet going out the door, no ISP is going to detect that (unless they actively capture such requests which is really not done). What is set as gateway for 192.168.2.3 ? and what is a traceroute showing from that point to 8.8.8.8 or your WAN gateway ? Maybe consider translating DNS as DNS over SSL/TLS.
 

bob123456

Regular Contributor
Then don't change the DNS at the perimeter but on your end either manually or via DNS forward, a DNS query is just another packet going out the door, no ISP is going to detect that (unless they actively capture such requests which is really not done). What is set as gateway for 192.168.2.3 ? and what is a traceroute showing from that point to 8.8.8.8 or your WAN gateway ? Maybe consider translating DNS as DNS over SSL/TLS.

From my "pi-hole" DNS server 192.168.2.3:

@raspberrypi:~ $ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets

1 192.168.2.3 (192.168.2.3) 3130.589 ms !H 3129.913 ms !H 3129.814 ms !H

It's veeeery slow and strange.



To my RAX200 router:

traceroute 192.168.2.2
traceroute to 192.168.2.2 (192.168.2.2), 30 hops max, 60 byte packets


1 192.168.2.2 (192.168.2.2) 1.228 ms 0.843 ms 0.653
 

bob123456

Regular Contributor
If it doesn't go beyond 1 its not going out the door.
Thanks a lot, that was obvious and yet I entirely missed that.
After listening to your comment, I double checked and indeed, there was a problem on my pi-hole.
What happened due to the move of router from the ISP, I missed that I had x.x.2.1 as a gateway. Now that I had to move that to the other subnet 2.2, I had to change the gateway.

Also, it seems I had orphans nameserver in the /etc/resolv.conf that were due to the previous ADSL connection from the ISP, using the fiber and new router, changed that too.

Thanks again!

PS: Traceroute now works properly also:

traceroute www.google.com
traceroute to www.google.com (172.217.168.36), 30 hops max, 60 byte packets
1 192.168.2.1 (192.168.2.1) 0.928 ms 0.617 ms 0.475 ms
2 192.168.1.1 (192.168.1.1) 1.497 ms 1.393 ms 1.287 ms
...
 

bob123456

Regular Contributor
After additional checks, it's now working.

Regarding the 10G connection, I made some research and it's using PON, and it's shared with allegedly 50 other users. I think that's not very correct information, I read it's divided like 8/16/32/64....
Anyway, I might chose to go to a dedicated 1GB connection instead (that's what I paid for actually).

Thanks again.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top