Problem with DNS?

Windows 7 x64 - latest version of released Ipfire.

For some time I have had a problem accessing some sites - Firefox complains that it cannot find them.

I can get around it by altering the adapter settings on the windows machine so the the DNS uses 8.8.8.8 - thus bypassing Ipfire.

Ipfire is set to use the ISP DNS whitch resolves to 8.8.8.8 - I have been through the Ipfire settings many times but I can see nothing that should cause this for sites such as “www.gov.uk” everything else seems OK

What have I mucked up ?? Any suggestions as to how I might fix this are most welcome.
Dave

Many ISP’s filter the DNS replies they provide and track what is being asked for.

If you want to use 8.8.8.8 I would suggest to disable the ISP DNS on the DNS WUI page and add in 8.8.8.8 or look through the IPFire Wiki page on DNS servers and add in 4 or 5 so that you always have DNS available if one should have a hiccup, which can occasionally occur.

https://wiki.ipfire.org/configuration/network/dns-server
https://wiki.ipfire.org/dns/public-servers

You can also use TLS for the DNS connection so that your DNS traffic is encrypted and can’t be viewed by anyone on route. Of course the DNS server you use will know what you are searching for but that is where you have to review their privacy and logging rules to see if they meet your expectations.

I would also read these IPFire Blog posts about DNS.
https://blog.ipfire.org/post/what-you-can-do-with-the-new-dns-features-in-ipfire
https://blog.ipfire.org/post/dns-configuration-recommendations-for-ipfire-users

Adolf was quicker than me

But I just suggest the same. Use one or more DNS servers of your own choice - and be amazed.

Best regards

Hmmm, that seems to fix it — Thanks all

Dave

Another case to link Documentation of IPFire.

I was wrong - it has NOT fixed it - it seemed to for a while but the problem is back again, I suspect that the windoze dns cache was fooling me
I cannot ping www.gov.uk and some other sites even from the ipfire console, though many other sites seem OK.
Help!
Dave

Further info …
I did a clean install of IPFire (latest release) and did a basic setup specifying NOT to use the ISP’s DNS addresses and adding 8.8.8.8 abd 8.8.4.4 and I see identical behaviour! I cannot access certain websites (eg www.gov.uk)

I have also tried 1.1.1.1 - same.

At first I suspected the ISP — but if I set my windoze system to not use the IPFire DNS but directly use 8.8.8.8 it works ! It just bypasses IPFire.

So - I have no idea what to try next !!
Dave

Not solved

Any errors on the IPF DNS panel or in System Logs?

Perhaps share a screenshot of your IPF DNS panel.

@David: Other question. What kind of machine you are running ipfire on? VM or bare metal?

I’m running ipfire on two bare metal machines, one jetway NU591 intel N3160 based and one NanoPi R4S, both using Lightning Wire Labs DNS without any trouble.

[root@ipfire ~]# ping www.gov.uk
PING www-gov-uk.map.fastly.net (146.75.120.144) 56(84) bytes of data.
64 bytes from 146.75.120.144 (146.75.120.144): icmp_seq=1 ttl=59 time=13.6 ms
(...)
^C

I tried Cloudflare DNS (1.1.1.1) on my jetway, too. With it, www.gov.uk pings some 2ms slower than with Lightning Wire Labs DNS, probably because it is located somewhere overseas, whereas LWL DNS is only couple of miles away, but works as well.

So I guess, there may be still some misunderstanding between your ipfire and your DSL modem/router.

Best regards

It is running on a “bare metal” system.

I notice that both 8.8.8.8 and 8.8.4.4 show a failure on reverse lookup but ald “Working”

Screen shot requested is attached

Image 2023-12-09 02-02-071043×773 39.6 KB

BTW I am very unfamiliar with linux and have no idea how to look for errors in the logs. If you tell me how I will zip them up and attach them.

Just to remind all a minimalist clean install with the same DNS settings behaves the same. What the devil am I doing wrong ??
Dave

The fact that you have the Reverse DNS Lookup (rDNS) failing indicates that there is still something wrong with the path out to the DNS server.

I just set up 8.8.8.8 and 8.8.4.4 with udp on my system and got the following.

Screenshot_2023-12-09_09-49-07956×98 6.87 KB

The rDNS should show dns.google as in my screenshot.

Do you get the green OK if you press the Check DNS Servers button.

If the message is not OK or the colour is not green then hold your mouse pointer over the status and after a second or so there will be a popup box giving a short message about the status.

What response do you get when you run the ping command.

Here is what I am getting:-

ping -c4 www.gov.uk
PING www-gov-uk.map.fastly.net (151.101.128.144) 56(84) bytes of data.
64 bytes from 151.101.128.144 (151.101.128.144): icmp_seq=1 ttl=252 time=5.02 ms
64 bytes from 151.101.128.144 (151.101.128.144): icmp_seq=2 ttl=252 time=5.17 ms
64 bytes from 151.101.128.144 (151.101.128.144): icmp_seq=3 ttl=252 time=5.26 ms
64 bytes from 151.101.128.144 (151.101.128.144): icmp_seq=4 ttl=252 time=5.15 ms

--- www-gov-uk.map.fastly.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 5.022/5.149/5.255/0.083 ms

See below …

No, it’s always Working but rDNS shows as failing Yes Pinging gov.uk always returns “not found” both from Windoze and the IPFire console.

This is not clear to me.

The only status that ever shows Working in green is the one at the top left hand side of the DNS server WUI page. This is the status of the IPFire unbound DNS server.

The question I asked is what the status of the two external dns servers you had selected was as circled in this image.

Screenshot_2023-12-09_09-49-07956×98 7.21 KB

The status shown in this black circled area is shown after you have pressed the button labelled Check DNS Servers.
This status is never shown as Working. It shows up as OK in green if the individual DNS servers you are using are fully functioning.

When you say that
“it’s always Working”
do you mean that the status for 8.8.8.8 and the status for 8.8.4.4 both show OK in green?

Can you also copy and past the results of running this command from the console

dig www.gov.uk

Can you describe your setup?

ISP?
Is it a modem going to IPFire?
Is it a router going to IPFire?
Is the router in bridge mode / modem mode?
Multiple routers etc?

Sometimes a picture can help

Since your screenshot shows 192.168.1.254 as your ISP DNS then I suspect you have a router going to IPFire.

in you Domain Name System setup.
Do you have the DNSr name in the WUI for each entry?
see examples.
You need the TLS Hostname.

image1010×293 17.5 KB

Screenshot 2023-12-09 at 07-07-12 TP-LINK.localdomain - Domain Name System1010×293 17.7 KB

He is using UDP so there is no need to put the TLS hostname entry in.

You should get the rDNS answer back and that he is not getting.

With the same dns servers i am getting the rDNS of dns.google shown on my dns wui page.

I think that before we try and get him to use DoT we need to find why the simple UDP is not working properly.

They are always a green “OK”

Okay, then please show us a screenshot of your DHCP WUI Page for the Green section.

It would still be good to also see the output from the
dig www.gov.uk
command.

I am not using TLS.

?GOOD? news (or just confusing?) I seem to have fixed the problem by using a UK DNS server (213.171.203.115 dns6.dns-ga.de ) I get the rDNS name and I can access Gov.uk!

Why 8.8.8.8 causes me problems via IPFire but NOT if I force the windows machine adapter to use 8.8.8.8 directly (rather than use the IPFire DHCP provided value of 8.8.8.8) I have no idea - it all goes via the same cable and router and the same ISP).

I can only think that there is a timing issue in there somewhere or IPFire is furkling in there somewhere.

Dave