What's new

Strange DNS Behavior Merlin 384.13

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

mister

Regular Contributor
Dear all,
at my android device I got a strange behaviour , which seems to be related to DNS.

In my android app for streaming broadcast I got the error message "could not play link" and it doesn´t work.
If I am using custom DNS servers on my android using DNS66 app (overriding the Router DNS), it is working without problems.

What has confused me is the fact that I use the same DNS servers (quad 9) in the router (WAN) and I also have no problems playing them on other devices (laptop via browser).

I have DNSSEC support enabled as well as DoT. Could it have anything to do with that?
Thanks a lot for your ideas ?
 
Dear all,
at my android device I got a strange behaviour , which seems to be related to DNS.

In my android app for streaming broadcast I got the error message "could not play link" and it doesn´t work.
If I am using custom DNS servers on my android using DNS66 app (overriding the Router DNS), it is working without problems.

What has confused me is the fact that I use the same DNS servers (quad 9) in the router (WAN) and I also have no problems playing them on other devices (laptop via browser).

I have DNSSEC support enabled as well as DoT. Could it have anything to do with that?
Thanks a lot for your ideas ?
Yes, it could be issues with the Quad9 DoT. I have seen the Anycast route the Quad9 DoT requests to data centers across the country while normal DNS query goes to a data center 100 miles away. Try Cloudflare.
 
I'm using Cloudflare DNS servers, but with DNSSEC on I cannot load ANY site nor script from ckeditor.com (cdn.ckeditor.com and support.ckeditor.com don't work either).
Once I turned DNSSEC off, they loaded without a problem. I've never had any problems with this before, it's only with ckeditor.com
Any idea what's going on and how to fix this (obviously I could turn it off, but that would beat the purpose of having DNSSEC).
 

Attachments

  • Screenshot 2019-08-27 at 15.28.29.png
    Screenshot 2019-08-27 at 15.28.29.png
    196.8 KB · Views: 329
I'm using Cloudflare DNS servers, but with DNSSEC on I cannot load ANY site nor script from ckeditor.com (cdn.ckeditor.com and support.ckeditor.com don't work either).
Once I turned DNSSEC off, they loaded without a problem. I've never had any problems with this before, it's only with ckeditor.com
Any idea what's going on and how to fix this (obviously I could turn it off, but that would beat the purpose of having DNSSEC).

Could it related to the DNS filter, you have activated ? Maybe there is a conflict.....

@bbunge: I tested another DNS Server as well, but the problem still exists.

Even sometimes the it works, sometimes I got the problem. So the error doesn't always occur - but I still have no idea what could be the reason or how I could deliberately cause the error (if it works right now).

Any ideas ?
 

Attachments

  • WANDNS.PNG
    WANDNS.PNG
    250.8 KB · Views: 266
I have “router” as DNS filter with Diversion and Skynet.
Even when I had turned both off I still couldn’t connect to ckeditor.com and sub domains.
However... originally I had only the cloudflare dns servers in the dns-over-tls list, but after I added quad9 to the list the problem was gone.
 
I'm using Cloudflare DNS servers, but with DNSSEC on I cannot load ANY site nor script from ckeditor.com (cdn.ckeditor.com and support.ckeditor.com don't work either).
Once I turned DNSSEC off, they loaded without a problem. I've never had any problems with this before, it's only with ckeditor.com

From what I can tell, ckeditor.com isn't configured correctly.
Code:
>dig ckeditor.com +dnssec

; <<>> DiG 9.14.0 <<>> ckeditor.com +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 17337
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1452
;; QUESTION SECTION:
;ckeditor.com.                  IN      A

;; Query time: 421 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Aug 27 18:27:19 Central Daylight Time 2019
;; MSG SIZE  rcvd: 41

Also, https://dnssec-analyzer.verisignlabs.com/ckeditor.com comes back with issues.
 
Yes, it could be issues with the Quad9 DoT. I have seen the Anycast route the Quad9 DoT requests to data centers across the country while normal DNS query goes to a data center 100 miles away. Try Cloudflare.
Its always good to use more than one DNSEC provider
 
Thanks a lot for your comment. I am already using two different DNS providers - maybe I have to substitute quad9 against something else.....
 
I have “router” as DNS filter with Diversion and Skynet.
Even when I had turned both off I still couldn’t connect to ckeditor.com and sub domains.
However... originally I had only the cloudflare dns servers in the dns-over-tls list, but after I added quad9 to the list the problem was gone.
I said this, but after a reboot, it doesn't work anymore... :(
Also... my LED script doesn't work as before. Weird...
 
Maybe I missed this and what router/firmware you have but what LED script did you use?

Did you look at this to see if it helps:

https://github.com/RMerl/asuswrt-merlin/wiki/Scheduled-LED-control

I
That’s exactly what I had done and have running.
It appeared that the cron job wasn’t running.
Code:
cru l
didn’t show the jobs. However, after a reboot they’re back.
Also, after that same reboot the ckeditor websites work again. (I don’t know if they have fixed it or that it’s because of using the two different DNS-over-TLS providers.)
 
Does it work if you turn off DNSSEC?
Yes.

Though it does work now with DNSSEC on: originally I had only the cloudflare dns servers in the dns-over-tls list, but after I added quad9 to the list the problem was gone.

I also received a reply from support of the “problem” website: “Unfortunately, we can't set DNSSEC just now as it depends on the CacheFly (CDN provider), and they do not have it enabled yet.”
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top