Perhaps try some ping tests to discover the maximum MTU allowed. Windows ping syntax:
Code:
ping -f -l 1500 199.9.14.201
ping -f -l 1492 199.9.14.201
ping -f -l 1472 199.9.14.201
Also verify if an MSS clamping rule is active or not on the router in this config.
Code:
iptables-save -c | grep -i clamp
This is a good suggestion, going off the OP's previous post. Typically at this point,
@dave14305 has arrived at the solution everyone has been missing, so I have waited to say anything in this thread. After watching every one doing this "peel the onion" technique of investigating I did some digging myself. IIRC I read somewhere that FritzBox messes with DNS queries down to the root zone. The claim being that FritzBox packet level inspection drops UDP DNS queries to the root-zone, but this should not be the case if FritzBox is "truely" acting in a bridge-mode, no?
Here's something I read on ensuring FritzBox is in bridge-mode. I am not 100percent sure it is applicable to our OP's FritzBox, I am just sharing incase the OP has not completely put their FritzBox in bridge mode. It is here so the OP can review to ensure they have completely dotted all the "i"s and crossed all the "t"s in regards to their FritzBox and Bridge mode.
www.edpnet.be
Has anybody asked if skynet or another router firewall was in the mix? I have seen queries fail if skynet has a crazy level of country blocks going on, and no telling what type of voodoo is happening if this is a secondary router passing requests through two firewalls. With two firewalls, it could be something as simple as ports not opening up (no UPNP) when the requesting router (secondary router) is making the requests over unbound. Unbound requires a crazy amount of out bound port access. If it is passing through two firewalls where the port randomization is blocked on the outbound between the two firewalls, there could be a problem. As someone else mentioned, it could also be an ISP issue as well. I suggest look at TCP dumps of the queries. See what is happening.
After further research, this is a known Issue with FritzBox and PPOE connection with another Router, a Pf-Sense box. I bet if the OP set unbound up as a forwarder to google or cloudflare, DNS would work. However, Unbound appears to be unable to make requests to root.zone when FritzBox passes connection as PPOE. It is actually a known issue to the people at this link:
Update from AVM: We are still examining your reported DNS issue, yet are unable to find any causes on side of the FRITZ!Box. We are therefore continuing our ...
forum.netgate.com
The OP in his previous post stumbled upon the fact that Unbound has no problem working recursively in "double-nat" mode, which leads me to think something is broken or not working correctly with the Bridge mode setup on the FritzBox, or the OP may need to review the Bridgemode settings I have posted. The people in the link above also encountered that in bridge-mode/PPOE passthru mode, they could only use unbound as a forwarder, and could only use Unbound as a Recursive server if the modem/router was in a double-nat mode using "Automatic IP".
Perhaps bridgemode on the FritzBox is not enough to satisfy root.zone access. Maybe the OP has to do something like this with their FrizBox (similar to DMZ) where the OP must use the Expose Host options.
A DMZ (demilitarized zone) is a special network that can be accessed from the internet and the local network (LAN). A firewall completely blocks access from the DMZ to the LAN. This concept allows you to make server services (such as email servers) in the DMZ available for access from the...
en.avm.de
dnsleaktest.com
