Can't connect to DYNDNS when Unbound is enabled !

[ComputerSteve]

So i'm using dual wan with a modem and the modem can only work as a router so i'm dual nat. I am having a problem that when unbound is activated even though the ip is updated to the correct ip of my secondary wan I can't access the page on local machines. So when wan switches to the backup lan I can' connect to the dns duck hostname my ip because 192.168.4.23 for the wan and I have enabled port forwarding on the router. Once I kill unbound meaning stop it in unbound manager I can access the page and it works. If I don't kill it then it gives me an nserror and it says the page is not found. If I go back to wan 0 with my bridged modem then it works with unbound. How can I fix that ? Do I need to add this ip subnet of 192.168.4 to something in the unbound configuration ?

 

[ComputerSteve]

Yeah so if I go to safari after I switch back between the connections with unbound enabled i'm receiving this error : Safari Can't open the page because the server unexpectedly dropped the connection. this sometimes occurs with the server is busy --- If I disable unbound it works ??

 

[ComputerSteve]

wait it seems to work when I run sudo killall -9 mDNSResponder on my mac as well?

 

[ComputerSteve]

Yeah I don't know why I can't get this to work... So for instance... If I don't use unbound, and I have dual wan setup with DYNDNS with just adguard then even when my wan connection switches to the secondary wan which is a dual nat ATT modem.. I am able to connect to my DuckDNS address... Then... if I install Unbound. As long as I don't switch the connection to my secondary wan which is dual nat I can still connect to my DuckDNS address. It just doesnt work if it is switched to the secondary wan. Meaning...While Unbound is active. I can only use the DuckDNS with one of my wan connections. Is there a way to fix that? I was reading something about DNS rebind or something because the secondary wan connection is a dual nat connection on an ATT modem.

​

 

[ComputerSteve]

does anyone have any insights on this ? @Martineau @Tech9 @Viktor Jaep

 

[Tech9]

Can you describe a bit better please:

Router - model?
Firmware - Merlin with what else running on it?
Primary WAN - device and DDNS service?
Secondary WAN - device and DDNS service?
Unbound - resolver, forwarder, what is it doing or used for?

The posts above are hard to follow. You seem to like overcomplicated things.
Also keep in mind Dual WAN in Asuswrt is quite buggy to begin with, unchanged in Merlin.

 

[ComputerSteve]

Can you describe a bit better please:

Router - model?
Firmware - Merlin with what else running on it?
Primary WAN - device and DDNS service?
Secondary WAN - device and DDNS service?
Unbound - resolver, forwarder, what is it doing or used for?

The posts above are hard to follow. You seem to like overcomplicated things.
Also keep in mind Dual WAN in Asuswrt is quite buggy to begin with, unchanged in Merlin.

My model router is GT-AX11000 Pro
I have Adguard running / VPNMON-R3 / VPN Routing installed
Primary Wan is Altice Fibergateway gr140dgm DDNS service is duckdns.org
Secondary Wan is Ring Alarm Pro (eero) Internet backup DDNS service is duckdns.org
I just setup unbound default using the installer and then entered this in adguard :
[/router.asus.com/][::]:553
[/www.asusnetwork.net/][::]:553
[/www.asusrouter.com/][::]:553
[/use-application-dns.net/][::]:553
[/dns.resolver.arpa/][::]:553
[/lan/][::]:553
[//][::]:553
127.0.0.1:53535
tcp://127.0.0.1:53535

 

[ComputerSteve]

Can you describe a bit better please:

Router - model?
Firmware - Merlin with what else running on it?
Primary WAN - device and DDNS service?
Secondary WAN - device and DDNS service?
Unbound - resolver, forwarder, what is it doing or used for?

The posts above are hard to follow. You seem to like overcomplicated things.
Also keep in mind Dual WAN in Asuswrt is quite buggy to begin with, unchanged in Merlin.

Did the answers to those question help at all ?

 

[Tech9]

I had to read what Ring Alarm Pro Internet Backup is first. Based on description it uses WISP (from another hotspot or Wi-Fi network), this perhaps means another router upstream, this means your Primary and Secondary WAN are both in double NAT behind another firewall, this means you have to port forward on both and both must have external IP detection. If hotspot from mobile network most don't allow inbound connections. This is for the WAN situation. What's happening with Unbound on top and why it is needed - no idea and I can't recreate this rather unusual setup to test.

 

[ComputerSteve]

I had to read what Ring Alarm Pro Internet Backup is first. Based on description it uses WISP (from another hotspot or Wi-Fi network), this perhaps means another router upstream, this means your Primary and Secondary WAN are both in double NAT behind another firewall, this means you have to port forward on both and both must have external IP detection. If hotspot from mobile network most don't allow inbound connections. This is for the WAN situation. What's happening with Unbound on top and why it is needed - no idea and I can't recreate this rather unusual setup to test.

So question: I can get this to work if I run sudo killall -HUP mDNSResponder on my mac.. If I don't when the wan connection switches then it doesn't respond for a while !

 

[Tech9]

Someone else may help you. I'm not a macOS user and don't know what else will end up broken on your network by doing this.