randomly losing dns resolving ability

0

I am seemingly randomly, but frequently (every few mins) losing my internet connectivity. The problem is not on the ADSL modem, but on the Linux router, that follows. A DNS server (bind) is running on the Linux router and when I can't access webpages , I realised, it is because I get no replies to my dns requests.

using the command tcpdump -ni eth1 -s 128 port 53

I send dns queries but don't get a reply. For example:

02:41:48.188398 IP 192.168.231.165.2898 > 128.63.2.53.53: 6525 A? ns2.denic.de. (30)
02:41:48.188480 IP 192.168.231.165.34131 > 128.63.2.53.53: 62058 AAAA? ns2.denic.de. (30)
02:41:48.188531 IP 192.168.231.165.44951 > 128.63.2.53.53: 60509 A? ns3.denic.de. (30)
02:41:48.188715 IP 192.168.231.165.57460 > 128.63.2.53.53: 22077 AAAA? ns3.denic.de. (30)
02:41:48.188884 IP 192.168.231.165.64112 > 128.63.2.53.53: 43050 AAAA? ns1.denic.de. (30)
02:41:49.680811 IP 192.168.231.165.51734 > 62.169.194.48.53: 34223+ AAAA? PLUS.GOOGLE.COM. (33)
02:41:49.833793 IP 192.168.231.165.34709 > 198.41.0.4.53: 18062 A? ns1.denic.de. (30)
02:41:49.834410 IP 192.168.231.165.55421 > 198.41.0.4.53: 37252 A? ns2.denic.de. (30)
02:41:49.834465 IP 192.168.231.165.32204 > 198.41.0.4.53: 9728 A? ns3.denic.de. (30)
02:41:49.834589 IP 192.168.231.165.36391 > 198.41.0.4.53: 25022 AAAA? ns2.denic.de. (30)
02:41:49.834726 IP 192.168.231.165.61125 > 198.41.0.4.53: 65397 AAAA? ns3.denic.de. (30)
02:41:49.834810 IP 192.168.231.165.39314 > 198.41.0.4.53: 52550 AAAA? ns1.denic.de. (30)
02:41:50.362847 IP 192.168.231.165.41937 > 62.169.194.48.53: 9737+ [1au] AAAA? CSI.GSTATIC.COM. (44)

IP address 192.168.231.165 is my side.

This question is following from this question, but apparently the problem occurs even when I am not downloading torrents.

since with torrents I could sort of avert the problem by limiting the download & upload rate of my torrents, I checked with iptraf the incoming / outgoing rate of packets.

When my connection works smoothly, the inc/outg are up to 12/24 kbps. when I can't access webpages (for the 2-4 mins duration) the rates are reduced abit compared to the above - but that could be an error on my part (due to limited observation sample).

I can't find a pattern as to why I don't get dns replies... my named.conf doesn't show anything in the logs. still there may be an error in my config as the queries.log is always empty. Do you have any suggestions?

nass

Posted 2013-08-06T00:04:05.993

Reputation: 310

Check you forwarders (in named.conf) in the order they are. Use nslookup for example for that. – Ashtray – 2013-08-06T05:42:47.560

how could I do that with nslookup? I am not sure exact what to check... – nass – 2013-08-06T11:27:58.017

Answers

0

You address (192.168.231.165) is simply not allowed to make a query to the server as it is not in the trusted ACL. 

allow-query { trusted_subnets; };

acl trusted_subnets {
  local_nets;
  vpn_subnet;
  synthnassizer_subnet;
  dsa_office_subnet;
  skails_dns;
  synthnassizer_dns;
  dsa_dns;
  m2g_dns;
};

acl outbound_subnet {
  192.168.231.0/24;          // Your address is matched here
};

You can check this doc on allow-query option in config.

Ashtray

Posted 2013-08-06T00:04:05.993

Reputation: 1 489

The ip address you see, is the eth1 in my server and it is the internet-side iface (ie. it is connected to an adsl modem). To be honest I do not want the dns server to answer queries that originate on the internet side, just queries on the intranet side (and some vpn sites too). So I shouldn't add outbound_subnet in my allow-query statement. What do you think? – nass – 2013-08-06T07:22:14.843

Wait a minute. 192.168.231.165 is your local address still. It's behind your ADSL modem/router's NAT. It is safe to let it make queries as it has nothing to do with the Internet. Internet is on the other side of the router. If I understand your setup correctly – Ashtray – 2013-08-06T07:25:38.403

internet is on the other side of the ADSL modem (not the router). The router is a linux pc. This side of the ADSL modem ( that connects to the router is just a DMZ). Thing is , there are no queries done from the ADSL<->Router subnet, or at least thats what i think. What you see above is just the BIND server quering ISP, GOOGLE and OpenDNS dns servers for domains it doesn't itself know about. or am I not thinking this right...? Also if what you propose in your reply is true, then I shouldn't have internet altogether, instead of losing it randomly. no? – nass – 2013-08-06T10:55:06.617

Asked: 2013-08-06T00:04:05.993

Viewed: 799 times

Active: 2017-09-05T06:30:37.107