Diversion Odd DNS issues

[ColinTaylor]

Can you SSH into the router and post the output of cat /tmp/resolv.dnsmasq

 

[colourofsound]

admin@DSL-AX82U-4B38:/tmp/home/root# cat /tmp/resolv.dnsmasq
server=127.0.1.1
admin@DSL-AX82U-4B38:/tmp/home/root#

 

[ColinTaylor]

admin@DSL-AX82U-4B38:/tmp/home/root# cat /tmp/resolv.dnsmasq
server=127.0.1.1
admin@DSL-AX82U-4B38:/tmp/home/root#

It looks like DoT is still enabled. For all testing DoT and DNS Director must be disabled.

 

[colourofsound]

Okay, so DNS Director is disabled, and DoT is also disabled.

admin@DSL-AX82U-4B38:/tmp/home/root# cat /tmp/resolv.dnsmasq
server=1.1.1.1
server=1.0.0.1
admin@DSL-AX82U-4B38:/tmp/home/root#
admin@DSL-AX82U-4B38:/tmp/home/root# nslookup assets.penny-arcade.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      assets.penny-arcade.com
Address 1: 0.0.0.0
Address 2: ::

 

[colourofsound]

Forcing nslookup on the router to use google or cloudflare works:

admin@DSL-AX82U-4B38:/tmp/home/root# nslookup assets.penny-arcade.com 8.8.8.8
Server:    8.8.8.8
Address 1: 8.8.8.8 dns.google

Name:      assets.penny-arcade.com
Address 1: 104.21.64.223
Address 2: 172.67.156.39
Address 3: 2606:4700:3036::ac43:9c27
Address 4: 2606:4700:3030::6815:40df

admin@DSL-AX82U-4B38:/tmp/home/root# nslookup assets.penny-arcade.com 1.1.1.1
Server:    1.1.1.1
Address 1: 1.1.1.1 one.one.one.one

Name:      assets.penny-arcade.com
Address 1: 104.21.64.223
Address 2: 172.67.156.39
Address 3: 2606:4700:3036::ac43:9c27
Address 4: 2606:4700:3030::6815:40df

admin@DSL-AX82U-4B38:/tmp/home/root# nslookup assets.penny-arcade.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      assets.penny-arcade.com
Address 1: 0.0.0.0
Address 2: ::

 

[ColinTaylor]

Thanks. So can we look at this output:

cat /etc/resolv.conf

netstat -nlp | grep :53

cat /etc/dnsmasq.conf

 

[colourofsound]

cat /etc/resolv.conf

nameserver 127.0.0.1

netstat -nlp | grep :53

netstat -nlp | grep :53
tcp        0      0 192.168.0.1:53          0.0.0.0:*               LISTEN      1826/ctrld
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1826/ctrld
udp        0      0 192.168.0.1:53          0.0.0.0:*                           1826/ctrld
udp        0      0 127.0.0.1:53            0.0.0.0:*                           1826/ctrld
udp        0      0 192.168.0.1:5351        0.0.0.0:*                           16462/miniupnpd
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1826/ctrld
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1826/ctrld
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1826/ctrld
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1826/ctrld
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1826/ctrld
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1826/ctrld
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1826/ctrld
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1826/ctrld
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1826/ctrld
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1826/ctrld
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1826/ctrld
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1826/ctrld
udp        0   2496 0.0.0.0:5353            0.0.0.0:*                           1826/ctrld
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           2189/avahi-daemon:

cat /etc/dnsmasq.conf

admin@DSL-AX82U-4B38:/tmp/home/root# cat /etc/dnsmasq.conf
pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
interface=pptp*
no-dhcp-interface=pptp*
no-resolv
no-poll
no-negcache
cache-size=1500
min-port=4096
bogus-priv
domain-needed
dhcp-range=lan,192.168.0.25,192.168.0.254,255.255.255.0,86400s
dhcp-option=lan,3,192.168.0.1
dhcp-option=lan,252,"\n"
dhcp-option-force=cpewan-id,vi-encap:3561,4,"FC3497"
dhcp-option-force=cpewan-id,vi-encap:3561,5,"FC3497584B38"
dhcp-option-force=cpewan-id,vi-encap:3561,6,"DSL-AX82U"
dhcp-authoritative
interface=br1
dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0,86400s
dhcp-option=br1,3,192.168.101.1
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0,86400s
dhcp-option=br2,3,192.168.102.1
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
dhcp-script=/sbin/dhcpc_lease
script-arp
edns-packet-max=1232
no-resolv
server=127.0.0.1#53
add-mac
add-subnet=32,128

 

[ColinTaylor]

Ah. It looks like you've installed a ctrld addon that's replaced the built-in DNS server.

 

[colourofsound]

Have I. Odd. I do recall considering Unbound as I had it as part of my Pihole setup; but I don't remember anything else. Let me get rid of it...

 

[colourofsound]

Where are you seeing that; which line is indicating a ctrld addon?

 

[ColinTaylor]

The output of netstat -nlp | grep :53 shows that a process called ctrld is listening on the DNS service port (53). It should be dnsmasq.

 

[colourofsound]

I've already uninstalled it; I remember now that I considered going down the DoT route only and came across ctrld as an option. However, I uninstalled it; but it still seems to be taking over DNS requests. I think I need to look at the dnsmasq config; ctrld's manual says it interfaces with dnsmasq. I did install it after installed Diversion.

 

[dave14305]

Do clean out any crud in /jffs/scripts/dnsmasq.postconf. They dump a lot in there.

ctrld/internal/router/dnsmasq/dnsmasq.go at f1b8d1c4add2e5ba739f3adc0d6208413d3af656 · Control-D-Inc/ctrld

A highly configurable, multi-protocol DNS forwarding proxy - Control-D-Inc/ctrld

github.com

And check the service-event script too. Maybe nuke the router and start fresh if necessary.

 

[colourofsound]

Do clean out any crud in /jffs/scripts/dnsmasq.postconf. They dump a lot in there.

ctrld/internal/router/dnsmasq/dnsmasq.go at f1b8d1c4add2e5ba739f3adc0d6208413d3af656 · Control-D-Inc/ctrld

A highly configurable, multi-protocol DNS forwarding proxy - Control-D-Inc/ctrld

github.com

Yeah, lots of references to ctrld in there. Can I just nuke the whole file?

 

[dave14305]

Yeah, lots of references to ctrld in there. Can I just nuke the whole file?

You would have to re-install Diversion afterward. Maybe nuke the router to start fresh.

Feels like they borrowed a lot from NextDNS client.

 

[colourofsound]

You would have to re-install Diversion afterward. Maybe nuke the router to start fresh.

Feels like they borrowed a lot from NextDNS client.

You might be right. I've killed the file, re-installed Diversion and the ctrld reference is still there in netstat. What a ballache

 

[dave14305]

You might be right. I've killed the file, re-installed Diversion and the ctrld reference is still there in netstat. What a ballache

They put the “Control” in “Control-D”…

 

[colourofsound]

Right, got it. Using

ps | grep ctrld

I found the /jffs/controld folder, which I rm'd recursively, and rebooted.

Now, netstat gives me

admin@DSL-AX82U-4B38:/tmp/home/root# netstat -nlp | grep :53
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      5167/dnsmasq
tcp        0      0 192.168.0.1:53          0.0.0.0:*               LISTEN      5167/dnsmasq
udp        0      0 127.0.0.1:53            0.0.0.0:*                           5167/dnsmasq
udp        0      0 192.168.0.1:53          0.0.0.0:*                           5167/dnsmasq
udp        0      0 192.168.0.1:5351        0.0.0.0:*                           3845/miniupnpd
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           2889/avahi-daemon:

So we're on to a winner.

I've re-enabled DoT and DNS Director; and assets.penny-arcade.com is now resolving through the upstream Cloudflare DNS server; and the comic panels are loading on my device.

Nice sleuthing; it's been an absolute pleasure. Thank you very much!

 

[dave14305]

Colin’s a legend.

 

[colourofsound]

Colin’s a legend.

Agreed! But you played your part too, Dave. Thanks again.

Chris