C
ChicagoJoe
Guest
I looked through about 10 pages after searching 'IPv6 DNS' and didn't find anything that came anywhere close.
So, quick background:
I'm not doing anything that I think is too bizarre [considering the audience here
].
I've got an AC3200, a Synology DS215j, several Mac laptops, several iMacs, several Apple tablets and several Apple iPhones (what can I say, we like Apple.)
Everything is working well.
The DS215j server does TM backups, hosts email for my domain (Google provides outside DNS) and provides inside DNS.
I've got Comcast [ :| ] and static IPv4 address and an IPv6 address.
The AC3200 is picking up the IPv6 and passing it on the inside LAN.
Anything IPv4 is working fine.
The problem:
When the mobile devices are on the inside LAN, they CANNOT reach the mail server at mail.mydomain.com.
When the mobile devices are on LTE (AT&T or T-Mobile) they CAN reach the mail server.
All other computers on the inside LAN CAN reach the mail server.
Additional findings:
Since the only problem devices were mobile (iPhones, iPads) and I couldn't really see inside them (logging) to see what was happening, it was difficult to get more info. I did recall today that I have a DIG app on one of the iPhones, so I gave that a spin and compared the output:
From inside LAN
From inside LAN
From AT&T LTE
To me it looks like it's definitely something to do with the way Merlin is handling the IPv6 DNS query.
I tried changing the IPv6 DNS setting in Merlin (Connect to DNS Server automatically: DISABLE) & manual IPv6 DNS servers (the DS215j global IPv6 address & OpenDNS IPv6 address) and renewing the DHCP on the iPhone but it still points to the router IP (2603:300a:xxxx:xxxx::1).
Any suggestions about what to change or what else to look for in terms of collecting more data for further analysis?
So, quick background:
I'm not doing anything that I think is too bizarre [considering the audience here
].I've got an AC3200, a Synology DS215j, several Mac laptops, several iMacs, several Apple tablets and several Apple iPhones (what can I say, we like Apple.)
Everything is working well.
The DS215j server does TM backups, hosts email for my domain (Google provides outside DNS) and provides inside DNS.
I've got Comcast [ :| ] and static IPv4 address and an IPv6 address.
The AC3200 is picking up the IPv6 and passing it on the inside LAN.
Anything IPv4 is working fine.
The problem:
When the mobile devices are on the inside LAN, they CANNOT reach the mail server at mail.mydomain.com.
When the mobile devices are on LTE (AT&T or T-Mobile) they CAN reach the mail server.
All other computers on the inside LAN CAN reach the mail server.
Additional findings:
Since the only problem devices were mobile (iPhones, iPads) and I couldn't really see inside them (logging) to see what was happening, it was difficult to get more info. I did recall today that I have a DIG app on one of the iPhones, so I gave that a spin and compared the output:
From inside LAN
Shared from ISC Dig for iOS
; <<>> DiG 9.10.4 <<>> @2603:300a:xxxx:xxxx::1 @192.168.3.10 @208.67.222.222 mail.mydomain.com +sit +dnssec +noqr +multiline
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26486
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mail.mydomain.com. IN A
;; Query time: 7 msec
;; SERVER: 2603:300a:xxxx:xxxx::1#53(2603:300a:xxxx:xxxx::1)
;; WHEN: Sun Oct 16 18:44:27 CDT 2016
;; MSG SIZE rcvd: 36
From AT&T LTE; <<>> DiG 9.10.4 <<>> @2603:300a:xxxx:xxxx::1 @192.168.3.10 @208.67.222.222 mail.mydomain.com +sit +dnssec +noqr +multiline
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26486
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mail.mydomain.com. IN A
;; Query time: 7 msec
;; SERVER: 2603:300a:xxxx:xxxx::1#53(2603:300a:xxxx:xxxx::1)
;; WHEN: Sun Oct 16 18:44:27 CDT 2016
;; MSG SIZE rcvd: 36
Shared from ISC Dig for iOS
; <<>> DiG 9.10.4 <<>> @172.26.38.1 mail.mydomain.com +sit +dnssec +noqr +multiline
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26220
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;mail.mydomain.com. IN A
;; ANSWER SECTION:
mail.mydomain.com. 20 IN A 96.92.xxx.xxx
;; Query time: 112 msec
;; SERVER: 172.26.38.1#53(172.26.38.1)
;; WHEN: Sun Oct 16 18:44:55 CDT 2016
;; MSG SIZE rcvd: 63
and I can give an example of one that works in both locations for comparison:; <<>> DiG 9.10.4 <<>> @172.26.38.1 mail.mydomain.com +sit +dnssec +noqr +multiline
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26220
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;mail.mydomain.com. IN A
;; ANSWER SECTION:
mail.mydomain.com. 20 IN A 96.92.xxx.xxx
;; Query time: 112 msec
;; SERVER: 172.26.38.1#53(172.26.38.1)
;; WHEN: Sun Oct 16 18:44:55 CDT 2016
;; MSG SIZE rcvd: 63
From inside LAN
Shared from ISC Dig for iOS
; <<>> DiG 9.10.4 <<>> @2603:300a:xxxx:xxxx::1 @192.168.3.10 @208.67.222.222 www.snbforums.com +sit +dnssec +noqr +multiline
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14276
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.snbforums.com. IN A
;; ANSWER SECTION:
www.snbforums.com. 157 IN CNAME snbforums.com.
snbforums.com. 157 IN A 104.25.234.15
snbforums.com. 157 IN A 104.25.235.15
;; Query time: 953 msec
;; SERVER: 2603:300a:xxxx:xxxx::1#53(2603:300a:301:9cf0::1)
;; WHEN: Sun Oct 16 18:58:25 CDT 2016
;; MSG SIZE rcvd: 92
; <<>> DiG 9.10.4 <<>> @2603:300a:xxxx:xxxx::1 @192.168.3.10 @208.67.222.222 www.snbforums.com +sit +dnssec +noqr +multiline
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14276
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.snbforums.com. IN A
;; ANSWER SECTION:
www.snbforums.com. 157 IN CNAME snbforums.com.
snbforums.com. 157 IN A 104.25.234.15
snbforums.com. 157 IN A 104.25.235.15
;; Query time: 953 msec
;; SERVER: 2603:300a:xxxx:xxxx::1#53(2603:300a:301:9cf0::1)
;; WHEN: Sun Oct 16 18:58:25 CDT 2016
;; MSG SIZE rcvd: 92
From AT&T LTE
Shared from ISC Dig for iOS
; <<>> DiG 9.10.4 <<>> @172.26.38.1 www.snbforums.com +sit +dnssec +noqr +multiline
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57328
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.snbforums.com. IN A
;; ANSWER SECTION:
www.snbforums.com. 300 IN CNAME snbforums.com.
snbforums.com. 300 IN A 104.25.235.15
snbforums.com. 300 IN A 104.25.234.15
;; Query time: 77 msec
;; SERVER: 172.26.38.1#53(172.26.38.1)
;; WHEN: Sun Oct 16 18:58:44 CDT 2016
;; MSG SIZE rcvd: 92
; <<>> DiG 9.10.4 <<>> @172.26.38.1 www.snbforums.com +sit +dnssec +noqr +multiline
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57328
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.snbforums.com. IN A
;; ANSWER SECTION:
www.snbforums.com. 300 IN CNAME snbforums.com.
snbforums.com. 300 IN A 104.25.235.15
snbforums.com. 300 IN A 104.25.234.15
;; Query time: 77 msec
;; SERVER: 172.26.38.1#53(172.26.38.1)
;; WHEN: Sun Oct 16 18:58:44 CDT 2016
;; MSG SIZE rcvd: 92
To me it looks like it's definitely something to do with the way Merlin is handling the IPv6 DNS query.
I tried changing the IPv6 DNS setting in Merlin (Connect to DNS Server automatically: DISABLE) & manual IPv6 DNS servers (the DS215j global IPv6 address & OpenDNS IPv6 address) and renewing the DHCP on the iPhone but it still points to the router IP (2603:300a:xxxx:xxxx::1).
Any suggestions about what to change or what else to look for in terms of collecting more data for further analysis?
