Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[Solved] Network protocol issue?

Linux Kernel, Network, and Services configuration.
Message
Author
jaimarti
Posts: 22
Joined: 2023-05-25 01:02

Re: [Software] Network protocol issue?

#21 Post by jaimarti »

Thank you for the reply
Random_Troll wrote: 2023-05-28 17:08 You can try systemd-resolved, just to see if that fixes the problem:

Code: Select all

# systemctl enable --now systemd-resolved
# ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
Then check

Code: Select all

resolvectl
Interesting enough after following the above instructions it made the connection slow whether or not Force DNS redirection was enabled or not?Not realll sure what that means?

Random_Troll
Posts: 444
Joined: 2023-02-07 13:35
Been thanked: 105 times

Re: [Software] Network protocol issue?

#22 Post by Random_Troll »

By which specific metric are you defining connection speed? That configuration should bypass your router DNS entirely, as confirmed by

Code: Select all

resolvectl --no-p dns
DNSSEC is enabled by default with systemd-resolved, at least where supported by the nameserver(s). It should also cache requests.
Jeder nach seinen Fähigkeiten, jedem nach seinen Bedürfnissen.

jaimarti
Posts: 22
Joined: 2023-05-25 01:02

Re: [Software] Network protocol issue?

#23 Post by jaimarti »

Thanks for the question I am not a networking expert I have just enough knowledge to get by. The easiest and quickest test for me is just doing the www.dnsleaktest.com standard test. However as you can see in the logs attached above in forced_redirection.tar.gz when doing the Trace commands on diffently see upto a 20 times differance in DNS reolution. I have also seen the issue with pings basiclly hanging and trace routes that never complete or take forever as documented in prevous post.

I am not using DNSSEC from my PC to router. however my Pihole setup is using DNSSEC to DNS provider.

The specific setting that is causing the issue is defined by the DD-WRT documentation as: Forced DNS redirection redirects all DNS requests on port 53 to DD-WRT's internal DNSmasq server, even if those requests were pointed directly at an external DNS server. I use this setting to ensure that all DNS request are filtered through My Pihole and DNS provider.

Aki
Global Moderator
Global Moderator
Posts: 2816
Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 68 times
Been thanked: 382 times

Re: [Software] Network protocol issue?

#24 Post by Aki »

Hello,
jaimarti wrote: 2023-05-28 16:31 Here are the generated Logs.
forced_redirection.tar.gz
From your log it seems there are two DNS server configured:

Code: Select all

$ cat cat /etc/resolv.conf
# Generated by NetworkManager
search Home
nameserver 10.0.40.1
nameserver 10.0.40.251
I suppose the nameserver 10.0.40.1 is the DD-WRT router.
What is 10.0.40.251 ?
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

jaimarti
Posts: 22
Joined: 2023-05-25 01:02

Re: [Software] Network protocol issue?

#25 Post by jaimarti »

You are correct I have removed the second one now. The first is the DD-WRT and the second is the PiHole.

Just as an FYI I changed my DNS service over to cloudflare to see if it made a differance. It did not.

jaimarti
Posts: 22
Joined: 2023-05-25 01:02

Re: [Software] Network protocol issue?

#26 Post by jaimarti »

OK, I have found a solution. I am not sure what the difference is between Debian and Windows that is causing the issue but, this solution satisfies my needs. I enabled Forced DNS Redirection and moved the Pi-hole from Behind the router to in front of the router so it is in between the gateway router and the secure LAN router.

This quote is from the below post on the DD-WRT Forum “The forced DNS redirection forces all queries to the router.
The router then queries the Pi-hole. The Pi-hole wants to query an outside DNS server but cannot pass the router as that will again send the query to the Pi-hole.“

Not sure how accurate this is as I was getting out to the internet just having delays up to 20 times the normal time. In the router I do have fallback DNS entries that are not associated with the Pi-hole in case of failure. I guess it is possible that Windows queries all DNS and Debian follows a strict order. Hope this all makes sense.

Thanks to everyone that helped me. I don’t think I would have figured it out otherwise.

https://forum.dd-wrt.com/phpBB2/viewtop ... 9136ae5dd3

Aki
Global Moderator
Global Moderator
Posts: 2816
Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 68 times
Been thanked: 382 times

Re: [Solved] Network protocol issue?

#27 Post by Aki »

Hello,
Thank you for sharing your solution for such a quite articulated configuration.
Probably you still need to investigate how Windows has pierced (is it still piercing ?) all DNS security measures you set up.
Happy Debian & happy hacking. :-)
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

Random_Troll
Posts: 444
Joined: 2023-02-07 13:35
Been thanked: 105 times

Re: [Solved] Network protocol issue?

#28 Post by Random_Troll »

I think both DoT and DoH can bypass DNS redirection. Perhaps Windows is using that.
Jeder nach seinen Fähigkeiten, jedem nach seinen Bedürfnissen.

jaimarti
Posts: 22
Joined: 2023-05-25 01:02

Re: [Solved] Network protocol issue?

#29 Post by jaimarti »

Aki wrote: 2023-05-30 06:47 Hello,
Thank you for sharing your solution for such a quite articulated configuration.
Probably you still need to investigate how Windows has pierced (is it still piercing ?) all DNS security measures you set up.
Happy Debian & happy hacking. :-)
You are welcome I appreciated all the guidance received. I do plan on figuring out the hole in what I thought was well configured setup. I have removed my fall back dns servers still need to test if that was it.

jaimarti
Posts: 22
Joined: 2023-05-25 01:02

Re: [Solved] Network protocol issue?

#30 Post by jaimarti »

Random_Troll wrote: 2023-05-30 06:54 I think both DoT and DoH can bypass DNS redirection. Perhaps Windows is using that.
Thank you for the sugestion I will look into it. I do have the option to "Forced DNS Redirection DoT" I will have read up both on DoT and DoH.

jaimarti
Posts: 22
Joined: 2023-05-25 01:02

Re: [Solved] Network protocol issue?

#31 Post by jaimarti »

OK final update I have updated the harding of my network DNS wise to include DoT, DoH.

Aki
Global Moderator
Global Moderator
Posts: 2816
Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 68 times
Been thanked: 382 times

Re: [Solved] Network protocol issue?

#32 Post by Aki »

jaimarti wrote: 2023-05-31 15:15 OK final update I have updated the harding of my network DNS wise to include DoT, DoH.
Thanks.

To whom it may interest:
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀

Post Reply