Re: DNS servers around here not working for days. dig works. fix?

[Abel Abraham Camarillo Ojeda]

On Tue, Jun 14, 2016 at 3:49 PM, Chris Bennett
 wrote:
> On Tue, Jun 14, 2016 at 09:05:57PM +0100, Stuart Henderson wrote:
>>
>> If you can't find some other way to get things working then at least
>> you should be able to browse by "ssh -D 1080 somehost" and setting the
>> browser to use 127.0.0.1:1080 as SOCKS proxy, and tell it to have the
>> far end resolve DNS (in Firefox, tick the 'remote DNS' box).
>>
>
> For now, this works. I'm a little tired right now. This is working.
> I will try later or tomorrow to get a proper solution. This is not going
> to be an everyday solution!
>
> Thanks,
> Chris Bennett
>

Which mexican ISP are you using?

Here in mexico I know some big ISP get arrangements with companies
like google to provide 'local cache' of some of its services - like 8.8.8.8
DNS; I'm referring to Axtel in Mexico, precisely...

Re: DNS servers around here not working for days. dig works. fix?

[Peter Hessler]

On 2016 Jun 14 (Tue) at 11:38:03 -0700 (-0700), Christopher Ahrens wrote:
:li...@wrant.com wrote:
:>Tue, 14 Jun 2016 11:46:39 -0500 Chris Bennett
:>
:>>$ dig  bsd.org @8.8.4.4 +trace
:>>dig: couldn't get address for 'm.root-servers.net': not found
:>>
:>>pass ~ $ dig  bsd.org @8.8.8.8 +trace
:>>dig: couldn't get address for 'i.root-servers.net': not found
:>
:>You know I'm thinking you may be behind captive DNS, while still not
:>into tunnelling mode (of solving the problem), you could try another
:>group of public DNS servers.  Just search online for some others too.
:>
:4.2.2.2 - 4.2.2.6 are pretty reliable.
:

Level3 (the operators of those IPs) will block you whenever they feel
like it.  Those are _not_ public IPs, but are convienently numbered for
customers of Level3.


-- 
Eisenhower was very nice,
Nixon was his only vice.
-- C. Degen

Re: DNS servers around here not working for days. dig works. fix?

[lists]

> > > > I don't know if this will be usable for your case, here at home the aDSL
> > > > modem tries to be the resolver.  The trouble is with the ISP: their DNS
> > > > servers are quite frequently unreliable and unstable.  They even affect
> > > > the PPP connection sate, as the modem firmware uses that to trigger self
> > > > induced reboots, while link is present and working.  You can imagine how
> > > > frustrating this can be for users not realising what's going on in 
> > > > fact.
> > > 
> > > Yes, I agree completely. It is very frustrating. And of course, I want
> > > to use sites that must have DNS working right now.
> > > I could use my phone as a hotspot, but I need to use that money for
> > > something else more important. One time, both systems for DNS went down!  
> > 
> > I've had this many many times, the DSL service is more than 12 years active
> > and this trick went into production on the first day it came in service ;-)
> >   
> > > > To solve this, multiple times with various different locations, I ended
> > > > up setting up local resolving DNS server, recently this became Unbound,
> > > > on the gateway OpenBSD system, and it does resolution directly querying
> > > > root DNS servers.  I think this solved it for me ultimately many times.
> > > > For this ISP, this is the solution here, I believe this can help 
> > > > others.
> > > 
> > > Well, in any case, I should learn how to use Unbound. Hopefully that can
> > > help. And if not right here, maybe other spots with that problem. I've
> > > had this problem with my laptop in many places with free wifi.  
> > 
> > It will.  If the ISP you're going through does capture all outgoing DNS
> > traffic and force redirects it through their name serverice, another go
> > at it is to optionally tunnel out (ssh, or anything else) and use DNS
> > service via the tunnelled connection.  Either set Unbound, or another
> > recursive resolver there and use it for your resolver, or simply pass
> > your DNS traffic for your own resolving name server through the tunnel.
> > The Unbound DNS resolver is in base, let me know if you need any tech
> > details with this in direct message and I'll add more specific details.
> >   
> 
> I expect to need some help. I will read up on unbound and some other
> stuff first. I appreciate the help.

Locate your configuration file in /var/unbound/etc/unbound.conf and
adjust as required.  Probably nothing required to configure at first
if you run it locally on the same system where you use the resulting
DNS resolution.  The details are pretty self explanatory, there is a
very concise and useful manual page unbound.conf(5) (same as online)

unbound.conf - Unbound configuration file
[http://man.openbsd.org/unbound.conf]

I don't remember having to copy the initial configuration file from
examples or another location, so this means it must have been there
all along.  To start use, set your resolver to 127.0.0.1 and issue:

# rcctl enable unbound
# rcctl start unbound

You can always read other material later, just try it.  Also Stuart
sent one very Excellent DNS troubleshooting post for your reference.

> Have a good day (night)!

Re: DNS servers around here not working for days. dig works. fix?

[Chris Bennett]

On Tue, Jun 14, 2016 at 09:05:57PM +0100, Stuart Henderson wrote:
> 
> If you can't find some other way to get things working then at least
> you should be able to browse by "ssh -D 1080 somehost" and setting the
> browser to use 127.0.0.1:1080 as SOCKS proxy, and tell it to have the
> far end resolve DNS (in Firefox, tick the 'remote DNS' box).
> 

For now, this works. I'm a little tired right now. This is working.
I will try later or tomorrow to get a proper solution. This is not going
to be an everyday solution!

Thanks,
Chris Bennett

Re: DNS servers around here not working for days. dig works. fix?

[lists]

Tue, 14 Jun 2016 14:50:57 -0500 Chris Bennett

> > Could you trip the power to the wifi translating network segment?
> 
> Possibly, but since mostly even the mains coming into large buildings
> aren't even fully enclosed with metal, might get severe burns and eye
> damage from the arc-flash.
> But yeah, I'd do it in a second if I could pull it off.

Let's not advise an unsafe procedure, just a side mention, some devices
tend to lock up on port scan and/or intensive pings.  Or they get stuck
just existing, and need occasional reboots when they start acting funny.

> > If you want, test with another set of public DNS servers, but it
> > appears that you can't get anything back from your DNS requests
> > going out to remote destination port 53 over UDP.  You may want
> > to test with TCP on remote port 53 as suggested by Stuart, just
> > to confirm whether it's UDP specific or totally port 53 related.  
> 
> I'll try that now.

OK, please test TCP 53 and then try both on other public DNS addresses.

Re: DNS servers around here not working for days. dig works. fix?

[Stuart Henderson]

On 2016/06/14 13:48, Chris Bennett wrote:
> On Tue, Jun 14, 2016 at 05:28:48PM +, Stuart Henderson wrote:
> > On 2016-06-14, Chris Bennett  wrote:
> > > They both work for me also, with dig @8.8.8.8, etc.
> > > Whois fails, lynx, elinks, firefox cannot connect outside
> > >
> > > Could this problem be because of my being behind the wifi NAT?
> > 
> > Compare the full output from resolving there with dig with the same
> > thing ssh'd to another host (or post it here so someone else can compare).
> > 
> 
> from OK server:
> 
> dig bsd.org @8.8.8.8 +trace

+trace means you're doing a (local resolver) lookup for subsequent hostnames.
Better to do a lookup of the name directly. This is what I see for that lookup,
compare the flags line too (should have 'ra' if querying a resolver, 'aa' if
querying an authoritative server).

$ dig bsd.org a @8.8.8.8

; <<>> DiG 9.4.2-P2 <<>> bsd.org a @8.8.8.8
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45967
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bsd.org.   IN  A

;; ANSWER SECTION:
bsd.org.21599   IN  A   192.231.225.11

;; Query time: 171 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jun 14 21:04:16 2016
;; MSG SIZE  rcvd: 41

Other things that might be of interest:

$ dig debug.opendns.com txt @208.67.222.222
- if the dns lookup isn't intercepted, this gives an answer
section with *your* IP address and information about the
anycast node you connected to.

$ dig whoami.akamai.net a +short @208.67.222.222
$ dig whoami.akamai.net a +short @8.8.8.8
etc.
- this returns the address that queried akamai's nameserver.
lookup that address and check it matches what you expect for
the nameserver you're using, if not then there's some
interception going on and if it's done badly then it may be
breaking lookups.

e.g.

$ dig whoami.akamai.net a +short @8.8.8.8 
74.125.47.140
$ whois -m 74.125.47.140
route:  74.125.47.0/24
descr:  Google
origin: AS15169
notify: radb-cont...@google.com
mnt-by: MAINT-AS15169
changed:radb-cont...@google.com 20150728
source: RADB

If you can't find some other way to get things working then at least
you should be able to browse by "ssh -D 1080 somehost" and setting the
browser to use 127.0.0.1:1080 as SOCKS proxy, and tell it to have the
far end resolve DNS (in Firefox, tick the 'remote DNS' box).

Re: DNS servers around here not working for days. dig works. fix?

[lists]

Tue, 14 Jun 2016 13:48:56 -0500 Chris Bennett

> > > They both work for me also, with dig @8.8.8.8, etc.
> > > Whois fails, lynx, elinks, firefox cannot connect outside
> > >
> > > Could this problem be because of my being behind the wifi NAT?  

Could you trip the power to the wifi translating network segment?

> > Compare the full output from resolving there with dig with the same
> > thing ssh'd to another host (or post it here so someone else can compare).
> 
> from OK server:
> 
> dig bsd.org @8.8.8.8 +trace
> ;; Received 149 bytes from 66.180.173.221#53(ns1.tfm.com) in 27 ms
> 
> From problem computer:
> 
> dig bsd.org @8.8.8.8 +trace
> dig: couldn't get address for 'c.root-servers.net': not found
> 
> Every dig here gives a different letter with problem.
> j.root-servers.net or m.root-servers.net, etc
> 
> Should I send more info?

If you want, test with another set of public DNS servers, but it
appears that you can't get anything back from your DNS requests
going out to remote destination port 53 over UDP.  You may want
to test with TCP on remote port 53 as suggested by Stuart, just
to confirm whether it's UDP specific or totally port 53 related.

Re: DNS servers around here not working for days. dig works. fix?

[lists]

Tue, 14 Jun 2016 11:38:03 -0700 Christopher Ahrens

> li...@wrant.com wrote:
> > Tue, 14 Jun 2016 11:46:39 -0500 Chris Bennett
> >   
> >> $ dig  bsd.org @8.8.4.4 +trace
> >> dig: couldn't get address for 'm.root-servers.net': not found
> >>
> >> pass ~ $ dig  bsd.org @8.8.8.8 +trace
> >> dig: couldn't get address for 'i.root-servers.net': not found  
> >
> > You know I'm thinking you may be behind captive DNS, while still not
> > into tunnelling mode (of solving the problem), you could try another
> > group of public DNS servers.  Just search online for some others too.
>
> 4.2.2.2 - 4.2.2.6 are pretty reliable.

Yes, moreover this varies geographically, for other parts of the world
other public DNS servers could be close.  Large network operators have
free public DNS service, with the downside of marketing and/or censure.
I would second the proposed solution to get independent DNS resolution.

Re: DNS servers around here not working for days. dig works. fix?

[Chris Bennett]

On Tue, Jun 14, 2016 at 05:28:48PM +, Stuart Henderson wrote:
> On 2016-06-14, Chris Bennett  wrote:
> > They both work for me also, with dig @8.8.8.8, etc.
> > Whois fails, lynx, elinks, firefox cannot connect outside
> >
> > Could this problem be because of my being behind the wifi NAT?
> 
> Compare the full output from resolving there with dig with the same
> thing ssh'd to another host (or post it here so someone else can compare).
> 

from OK server:

dig bsd.org @8.8.8.8 +trace

; <<>> DiG 9.4.2-P2 <<>> bsd.org @8.8.8.8 +trace
;; global options:  printcmd
.   7126IN  NS  l.root-servers.net.
.   7126IN  NS  c.root-servers.net.
.   7126IN  NS  a.root-servers.net.
.   7126IN  NS  h.root-servers.net.
.   7126IN  NS  i.root-servers.net.
.   7126IN  NS  d.root-servers.net.
.   7126IN  NS  e.root-servers.net.
.   7126IN  NS  f.root-servers.net.
.   7126IN  NS  b.root-servers.net.
.   7126IN  NS  m.root-servers.net.
.   7126IN  NS  k.root-servers.net.
.   7126IN  NS  g.root-servers.net.
.   7126IN  NS  j.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 28 ms

org.172800  IN  NS  a0.org.afilias-nst.info.
org.172800  IN  NS  a2.org.afilias-nst.info.
org.172800  IN  NS  b0.org.afilias-nst.org.
org.172800  IN  NS  b2.org.afilias-nst.org.
org.172800  IN  NS  c0.org.afilias-nst.info.
org.172800  IN  NS  d0.org.afilias-nst.org.
;; Received 427 bytes from 198.97.190.53#53(h.root-servers.net) in 26 ms

bsd.org.86400   IN  NS  ns1.tfm.com.
bsd.org.86400   IN  NS  ns2.tfm.com.
bsd.org.86400   IN  NS  ns.tfm.com.
;; Received 85 bytes from 199.19.56.1#53(a0.org.afilias-nst.info) in 182 ms

bsd.org.86400   IN  A   192.231.225.11
bsd.org.86400   IN  NS  ns2.tfm.com.
bsd.org.86400   IN  NS  ns.tfm.com.
bsd.org.86400   IN  NS  ns1.tfm.com.
;; Received 149 bytes from 66.180.173.221#53(ns1.tfm.com) in 27 ms


>From problem computer:

dig bsd.org @8.8.8.8 +trace

; <<>> DiG 9.4.2-P2 <<>> bsd.org @8.8.8.8 +trace
;; global options:  printcmd
.   24  IN  NS  l.root-servers.net.
.   24  IN  NS  j.root-servers.net.
.   24  IN  NS  b.root-servers.net.
.   24  IN  NS  h.root-servers.net.
.   24  IN  NS  i.root-servers.net.
.   24  IN  NS  d.root-servers.net.
.   24  IN  NS  k.root-servers.net.
.   24  IN  NS  g.root-servers.net.
.   24  IN  NS  a.root-servers.net.
.   24  IN  NS  e.root-servers.net.
.   24  IN  NS  m.root-servers.net.
.   24  IN  NS  f.root-servers.net.
.   24  IN  NS  c.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 46 ms

dig: couldn't get address for 'c.root-servers.net': not found

Every dig here gives a different letter with problem.
j.root-servers.net or m.root-servers.net, etc


Should I send more info?

Chris Bennett

Re: DNS servers around here not working for days. dig works. fix?

[Christopher Ahrens]

li...@wrant.com wrote:

Tue, 14 Jun 2016 11:46:39 -0500 Chris Bennett


$ dig  bsd.org @8.8.4.4 +trace
dig: couldn't get address for 'm.root-servers.net': not found

pass ~ $ dig  bsd.org @8.8.8.8 +trace
dig: couldn't get address for 'i.root-servers.net': not found


You know I'm thinking you may be behind captive DNS, while still not
into tunnelling mode (of solving the problem), you could try another
group of public DNS servers.  Just search online for some others too.


4.2.2.2 - 4.2.2.6 are pretty reliable.

Re: DNS servers around here not working for days. dig works. fix?

[Stuart Henderson]

On 2016-06-14, Chris Bennett  wrote:
> They both work for me also, with dig @8.8.8.8, etc.
> Whois fails, lynx, elinks, firefox cannot connect outside
>
> Could this problem be because of my being behind the wifi NAT?

Compare the full output from resolving there with dig with the same
thing ssh'd to another host (or post it here so someone else can compare).

Re: DNS servers around here not working for days. dig works. fix?

[Christopher Ahrens]

Chris Bennett wrote:

$ dig  bsd.org @8.8.4.4 +trace

; <<>> DiG 9.4.2-P2 <<>> bsd.org @8.8.4.4 +trace
;; global options:  printcmd
.   7197IN  NS  a.root-servers.net.
.   7197IN  NS  b.root-servers.net.
.   7197IN  NS  c.root-servers.net.
.   7197IN  NS  d.root-servers.net.
.   7197IN  NS  e.root-servers.net.
.   7197IN  NS  f.root-servers.net.
.   7197IN  NS  g.root-servers.net.
.   7197IN  NS  h.root-servers.net.
.   7197IN  NS  i.root-servers.net.
.   7197IN  NS  j.root-servers.net.
.   7197IN  NS  k.root-servers.net.
.   7197IN  NS  l.root-servers.net.
.   7197IN  NS  m.root-servers.net.
;; Received 228 bytes from 8.8.4.4#53(8.8.4.4) in 43 ms

dig: couldn't get address for 'm.root-servers.net': not found
pass ~ $ dig  bsd.org @8.8.8.8 +trace

; <<>> DiG 9.4.2-P2 <<>> bsd.org @8.8.8.8 +trace
;; global options:  printcmd
.   7157IN  NS  l.root-servers.net.
.   7157IN  NS  j.root-servers.net.
.   7157IN  NS  b.root-servers.net.
.   7157IN  NS  h.root-servers.net.
.   7157IN  NS  i.root-servers.net.
.   7157IN  NS  d.root-servers.net.
.   7157IN  NS  k.root-servers.net.
.   7157IN  NS  g.root-servers.net.
.   7157IN  NS  a.root-servers.net.
.   7157IN  NS  e.root-servers.net.
.   7157IN  NS  m.root-servers.net.
.   7157IN  NS  f.root-servers.net.
.   7157IN  NS  c.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 44 ms

dig: couldn't get address for 'i.root-servers.net': not found

Chris Bennett



Something is molesting your port 53 traffic.  I'd recommend using ssh to 
tunnel your DNS traffic elsewhere (Set sshd to listen on port 53 on your 
local machine and redirect that traffic to a trusted machine, then set 
resolvers to 127.0.0.1).  A better solution might be to use unbound and 
have its traffic pushed through the ssh tunnel so you can use the root 
servers directly and not have to trust a DNS server owned by an 
advertising company / obvious collaborator with corrupt governments 
(8.8.x.x are Google's IPs).


It sounds to me like someone is trying, and failing, to do transparent 
DPI on your traffic for some reason (Advertising, surveillance, 
misguided attempts to 'optimize' their networks, or any number of other 
possibilities).


-CA

Re: DNS servers around here not working for days. dig works. fix?

[Dmitrij D. Czarkoff]

Chris Bennett said:
> Neither 8.8.8.8 or 8.8.4.4 works.

What does that mean, precisely?  Can you ping them?

-- 
Dmitrij D. Czarkoff

Re: DNS servers around here not working for days. dig works. fix?

[lists]

Tue, 14 Jun 2016 11:46:39 -0500 Chris Bennett

> $ dig  bsd.org @8.8.4.4 +trace   
> dig: couldn't get address for 'm.root-servers.net': not found
>
> pass ~ $ dig  bsd.org @8.8.8.8 +trace 
> dig: couldn't get address for 'i.root-servers.net': not found

You know I'm thinking you may be behind captive DNS, while still not
into tunnelling mode (of solving the problem), you could try another
group of public DNS servers.  Just search online for some others too.

Re: DNS servers around here not working for days. dig works. fix?

[Stuart Henderson]

On 2016-06-14, Chris Bennett  wrote:
> This happens here in Mexico and also in Guatemala.
> But it has been about five days now. Enough!
>
> dig works fine, locally and using the server my USA website uses.
> I tried adding that to /etc/resolv.conf and .tail but no help.
> whois fails.
> Digging every site I want to use is a pain and many won't work from IP.
>
> I am coming through wifi with NAT that I do not control.
>
> Any fixes to this problem.

You could try "options tcp". If some DNS mitm is involved that may
bypass it. Or you could try dnscrypt-proxy, or some ssh port-forwarding
arrangement.

Re: DNS servers around here not working for days. dig works. fix?

[Chris Bennett]

$ dig  bsd.org @8.8.4.4 +trace   

; <<>> DiG 9.4.2-P2 <<>> bsd.org @8.8.4.4 +trace
;; global options:  printcmd
.   7197IN  NS  a.root-servers.net.
.   7197IN  NS  b.root-servers.net.
.   7197IN  NS  c.root-servers.net.
.   7197IN  NS  d.root-servers.net.
.   7197IN  NS  e.root-servers.net.
.   7197IN  NS  f.root-servers.net.
.   7197IN  NS  g.root-servers.net.
.   7197IN  NS  h.root-servers.net.
.   7197IN  NS  i.root-servers.net.
.   7197IN  NS  j.root-servers.net.
.   7197IN  NS  k.root-servers.net.
.   7197IN  NS  l.root-servers.net.
.   7197IN  NS  m.root-servers.net.
;; Received 228 bytes from 8.8.4.4#53(8.8.4.4) in 43 ms

dig: couldn't get address for 'm.root-servers.net': not found
pass ~ $ dig  bsd.org @8.8.8.8 +trace 

; <<>> DiG 9.4.2-P2 <<>> bsd.org @8.8.8.8 +trace
;; global options:  printcmd
.   7157IN  NS  l.root-servers.net.
.   7157IN  NS  j.root-servers.net.
.   7157IN  NS  b.root-servers.net.
.   7157IN  NS  h.root-servers.net.
.   7157IN  NS  i.root-servers.net.
.   7157IN  NS  d.root-servers.net.
.   7157IN  NS  k.root-servers.net.
.   7157IN  NS  g.root-servers.net.
.   7157IN  NS  a.root-servers.net.
.   7157IN  NS  e.root-servers.net.
.   7157IN  NS  m.root-servers.net.
.   7157IN  NS  f.root-servers.net.
.   7157IN  NS  c.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 44 ms

dig: couldn't get address for 'i.root-servers.net': not found

Chris Bennett

Re: DNS servers around here not working for days. dig works. fix?

[Bruno Ferreira]

Hi Chris,
Does your network works fine, can you reach icmp at 8.8.8.8 for example?
Try the flag +trace with dig and see where it ends.
like: dig whatever.com @8.8.8.8 +trace

Best Regards,

2016-06-14 11:12 GMT-03:00 Chris Bennett <
chrisbenn...@bennettconstruction.us>:

> This happens here in Mexico and also in Guatemala.
> But it has been about five days now. Enough!
>
> dig works fine, locally and using the server my USA website uses.
> I tried adding that to /etc/resolv.conf and .tail but no help.
> whois fails.
> Digging every site I want to use is a pain and many won't work from IP.
>
> I am coming through wifi with NAT that I do not control.
>
> Any fixes to this problem.
>
> Thanks,
> Chris Bennett
>
>


-- 
Atenciosamente,
Bruno Ferreira.

Re: DNS servers around here not working for days. dig works. fix?

[Indunil Jayasooriya]

dig mx bsd.org @8.8.4.4

dig mx bsd.org @8.8.8.8

both work for me



On Tue, Jun 14, 2016 at 9:27 PM, Chris Bennett <
chrisbenn...@bennettconstruction.us> wrote:

> They both work for me also, with dig @8.8.8.8, etc.
> Whois fails, lynx, elinks, firefox cannot connect outside
>
> Could this problem be because of my being behind the wifi NAT?
>
> Chris Bennett
>
>


-- 
cat /etc/motd

Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html   -  Download Sinhala
Fonts

Re: DNS servers around here not working for days. dig works. fix?

[lists]

I don't know if this will be usable for your case, here at home the aDSL
modem tries to be the resolver.  The trouble is with the ISP: their DNS
servers are quite frequently unreliable and unstable.  They even affect
the PPP connection sate, as the modem firmware uses that to trigger self
induced reboots, while link is present and working.  You can imagine how
frustrating this can be for users not realising what's going on in fact.

To solve this, multiple times with various different locations, I ended
up setting up local resolving DNS server, recently this became Unbound,
on the gateway OpenBSD system, and it does resolution directly querying
root DNS servers.  I think this solved it for me ultimately many times.
For this ISP, this is the solution here, I believe this can help others.

Re: DNS servers around here not working for days. dig works. fix?

[Chris Bennett]

They both work for me also, with dig @8.8.8.8, etc.
Whois fails, lynx, elinks, firefox cannot connect outside

Could this problem be because of my being behind the wifi NAT?

Chris Bennett

Re: DNS servers around here not working for days. dig works. fix?

[Chris Bennett]

On Tue, Jun 14, 2016 at 06:50:53PM +0300, li...@wrant.com wrote:
> I don't know if this will be usable for your case, here at home the aDSL
> modem tries to be the resolver.  The trouble is with the ISP: their DNS
> servers are quite frequently unreliable and unstable.  They even affect
> the PPP connection sate, as the modem firmware uses that to trigger self
> induced reboots, while link is present and working.  You can imagine how
> frustrating this can be for users not realising what's going on in fact.

Yes, I agree completely. It is very frustrating. And of course, I want
to use sites that must have DNS working right now.
I could use my phone as a hotspot, but I need to use that money for
something else more important. One time, both systems for DNS went down!

> 
> To solve this, multiple times with various different locations, I ended
> up setting up local resolving DNS server, recently this became Unbound,
> on the gateway OpenBSD system, and it does resolution directly querying
> root DNS servers.  I think this solved it for me ultimately many times.
> For this ISP, this is the solution here, I believe this can help others.

Well, in any case, I should learn how to use Unbound. Hopefully that can
help. And if not right here, maybe other spots with that problem. I've
had this problem with my laptop in many places with free wifi.

Thanks,
Chris

Re: DNS servers around here not working for days. dig works. fix?

[lists]

Tue, 14 Jun 2016 11:08:17 -0500 Chris Bennett

> On Tue, Jun 14, 2016 at 06:50:53PM +0300, li...@wrant.com wrote:
> > I don't know if this will be usable for your case, here at home the aDSL
> > modem tries to be the resolver.  The trouble is with the ISP: their DNS
> > servers are quite frequently unreliable and unstable.  They even affect
> > the PPP connection sate, as the modem firmware uses that to trigger self
> > induced reboots, while link is present and working.  You can imagine how
> > frustrating this can be for users not realising what's going on in fact.  
> 
> Yes, I agree completely. It is very frustrating. And of course, I want
> to use sites that must have DNS working right now.
> I could use my phone as a hotspot, but I need to use that money for
> something else more important. One time, both systems for DNS went down!

I've had this many many times, the DSL service is more than 12 years active
and this trick went into production on the first day it came in service ;-)

> > To solve this, multiple times with various different locations, I ended
> > up setting up local resolving DNS server, recently this became Unbound,
> > on the gateway OpenBSD system, and it does resolution directly querying
> > root DNS servers.  I think this solved it for me ultimately many times.
> > For this ISP, this is the solution here, I believe this can help others.  
> 
> Well, in any case, I should learn how to use Unbound. Hopefully that can
> help. And if not right here, maybe other spots with that problem. I've
> had this problem with my laptop in many places with free wifi.

It will.  If the ISP you're going through does capture all outgoing DNS
traffic and force redirects it through their name serverice, another go
at it is to optionally tunnel out (ssh, or anything else) and use DNS
service via the tunnelled connection.  Either set Unbound, or another
recursive resolver there and use it for your resolver, or simply pass
your DNS traffic for your own resolving name server through the tunnel.
The Unbound DNS resolver is in base, let me know if you need any tech
details with this in direct message and I'll add more specific details.

> Thanks,
> Chris

Re: DNS servers around here not working for days. dig works. fix?

[Indunil Jayasooriya]

both 8.8.8.8 and 8.8..4.4 work for me.



On Tue, Jun 14, 2016 at 8:26 PM, Chris Bennett <
chrisbenn...@bennettconstruction.us> wrote:

> Neither 8.8.8.8 or 8.8.4.4 works.
> After netstart, no. After reboot, no.
>
>


-- 
cat /etc/motd

Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html   -  Download Sinhala
Fonts

Re: DNS servers around here not working for days. dig works. fix?

[Chris Bennett]

Neither 8.8.8.8 or 8.8.4.4 works.
After netstart, no. After reboot, no.

Re: DNS servers around here not working for days. dig works. fix?

[Dmitrij D. Czarkoff]

Chris Bennett said:
> This happens here in Mexico and also in Guatemala.
> But it has been about five days now. Enough!
> 
> dig works fine, locally and using the server my USA website uses.
> I tried adding that to /etc/resolv.conf and .tail but no help.
> whois fails.
> Digging every site I want to use is a pain and many won't work from IP.
> 
> I am coming through wifi with NAT that I do not control.
> 
> Any fixes to this problem.

echo -e "1i\nnameserver 8.8.8.8\n.\nwq" | doas ed /etc/resolv.conf.tail

-- 
Dmitrij D. Czarkoff