Interesting enough after following the above instructions it made the connection slow whether or not Force DNS redirection was enabled or not?Not realll sure what that means?Random_Troll wrote: ↑2023-05-28 17:08 You can try systemd-resolved, just to see if that fixes the problem:Then checkCode: Select all
# systemctl enable --now systemd-resolved # ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
Code: Select all
resolvectl
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
[Solved] Network protocol issue?
Re: [Software] Network protocol issue?
Thank you for the reply
-
- Posts: 444
- Joined: 2023-02-07 13:35
- Been thanked: 105 times
Re: [Software] Network protocol issue?
By which specific metric are you defining connection speed? That configuration should bypass your router DNS entirely, as confirmed by
DNSSEC is enabled by default with systemd-resolved, at least where supported by the nameserver(s). It should also cache requests.
Code: Select all
resolvectl --no-p dns
Jeder nach seinen Fähigkeiten, jedem nach seinen Bedürfnissen.
Re: [Software] Network protocol issue?
Thanks for the question I am not a networking expert I have just enough knowledge to get by. The easiest and quickest test for me is just doing the www.dnsleaktest.com standard test. However as you can see in the logs attached above in forced_redirection.tar.gz when doing the Trace commands on diffently see upto a 20 times differance in DNS reolution. I have also seen the issue with pings basiclly hanging and trace routes that never complete or take forever as documented in prevous post.
I am not using DNSSEC from my PC to router. however my Pihole setup is using DNSSEC to DNS provider.
The specific setting that is causing the issue is defined by the DD-WRT documentation as: Forced DNS redirection redirects all DNS requests on port 53 to DD-WRT's internal DNSmasq server, even if those requests were pointed directly at an external DNS server. I use this setting to ensure that all DNS request are filtered through My Pihole and DNS provider.
I am not using DNSSEC from my PC to router. however my Pihole setup is using DNSSEC to DNS provider.
The specific setting that is causing the issue is defined by the DD-WRT documentation as: Forced DNS redirection redirects all DNS requests on port 53 to DD-WRT's internal DNSmasq server, even if those requests were pointed directly at an external DNS server. I use this setting to ensure that all DNS request are filtered through My Pihole and DNS provider.
-
- Global Moderator
- Posts: 2981
- Joined: 2014-07-20 18:12
- Location: Europe
- Has thanked: 75 times
- Been thanked: 407 times
Re: [Software] Network protocol issue?
Hello,
I suppose the nameserver 10.0.40.1 is the DD-WRT router.
What is 10.0.40.251 ?
From your log it seems there are two DNS server configured:
Code: Select all
$ cat cat /etc/resolv.conf
# Generated by NetworkManager
search Home
nameserver 10.0.40.1
nameserver 10.0.40.251
What is 10.0.40.251 ?
Re: [Software] Network protocol issue?
You are correct I have removed the second one now. The first is the DD-WRT and the second is the PiHole.
Just as an FYI I changed my DNS service over to cloudflare to see if it made a differance. It did not.
Just as an FYI I changed my DNS service over to cloudflare to see if it made a differance. It did not.
Re: [Software] Network protocol issue?
OK, I have found a solution. I am not sure what the difference is between Debian and Windows that is causing the issue but, this solution satisfies my needs. I enabled Forced DNS Redirection and moved the Pi-hole from Behind the router to in front of the router so it is in between the gateway router and the secure LAN router.
This quote is from the below post on the DD-WRT Forum “The forced DNS redirection forces all queries to the router.
The router then queries the Pi-hole. The Pi-hole wants to query an outside DNS server but cannot pass the router as that will again send the query to the Pi-hole.“
Not sure how accurate this is as I was getting out to the internet just having delays up to 20 times the normal time. In the router I do have fallback DNS entries that are not associated with the Pi-hole in case of failure. I guess it is possible that Windows queries all DNS and Debian follows a strict order. Hope this all makes sense.
Thanks to everyone that helped me. I don’t think I would have figured it out otherwise.
https://forum.dd-wrt.com/phpBB2/viewtop ... 9136ae5dd3
This quote is from the below post on the DD-WRT Forum “The forced DNS redirection forces all queries to the router.
The router then queries the Pi-hole. The Pi-hole wants to query an outside DNS server but cannot pass the router as that will again send the query to the Pi-hole.“
Not sure how accurate this is as I was getting out to the internet just having delays up to 20 times the normal time. In the router I do have fallback DNS entries that are not associated with the Pi-hole in case of failure. I guess it is possible that Windows queries all DNS and Debian follows a strict order. Hope this all makes sense.
Thanks to everyone that helped me. I don’t think I would have figured it out otherwise.
https://forum.dd-wrt.com/phpBB2/viewtop ... 9136ae5dd3
-
- Global Moderator
- Posts: 2981
- Joined: 2014-07-20 18:12
- Location: Europe
- Has thanked: 75 times
- Been thanked: 407 times
Re: [Solved] Network protocol issue?
Hello,
Thank you for sharing your solution for such a quite articulated configuration.
Probably you still need to investigate how Windows has pierced (is it still piercing ?) all DNS security measures you set up.
Happy Debian & happy hacking. :-)
Thank you for sharing your solution for such a quite articulated configuration.
Probably you still need to investigate how Windows has pierced (is it still piercing ?) all DNS security measures you set up.
Happy Debian & happy hacking. :-)
-
- Posts: 444
- Joined: 2023-02-07 13:35
- Been thanked: 105 times
Re: [Solved] Network protocol issue?
I think both DoT and DoH can bypass DNS redirection. Perhaps Windows is using that.
Jeder nach seinen Fähigkeiten, jedem nach seinen Bedürfnissen.
Re: [Solved] Network protocol issue?
You are welcome I appreciated all the guidance received. I do plan on figuring out the hole in what I thought was well configured setup. I have removed my fall back dns servers still need to test if that was it.
Re: [Solved] Network protocol issue?
Thank you for the sugestion I will look into it. I do have the option to "Forced DNS Redirection DoT" I will have read up both on DoT and DoH.Random_Troll wrote: ↑2023-05-30 06:54 I think both DoT and DoH can bypass DNS redirection. Perhaps Windows is using that.
Re: [Solved] Network protocol issue?
OK final update I have updated the harding of my network DNS wise to include DoT, DoH.
-
- Global Moderator
- Posts: 2981
- Joined: 2014-07-20 18:12
- Location: Europe
- Has thanked: 75 times
- Been thanked: 407 times