Saturday, October 17, 2015
Too many moving parts
Ever since I got the new router, I've been having some weird issues with browsing. Most sites would come up instantly while others, like Hoade's, would take minutes to come up, and when the page would finally display there would be horrible formatting (probably due to not loading the style sheets).
This behavior is a classic DNS problem. But the only thing that changed, DNS wise, is the introduction of the new router. Is it possible the new router is filtering DNS results? I did a query on a problematic address and got:
[spc]lucy:~/source/spcdns/built>./dotest -s 192.168.1.10 use.typekit.net. a ; Questions = 1 ; Answers = 1 ; Name Servers = 0 ; Additional Records = 0 ; Authoritative Result = false ; Truncated Result = false ; Recursion Desired = true ; Recursion Available = true ; Result = No error ;;; QUESTIONS ;use.typekit.net. IN A ;;; ANSWERS use.typekit.net. 3600 IN CNAME cs485.wac.gammacdn.net. ;;; NAMESERVERS ;;; ADDITIONAL
Hmm … now let's do the same query from somewhere else:
[spc]brevard:~/source/spcdns/built>./dotest -s 22.214.171.124 use.typekit.net. a ; Questions = 1 ; Answers = 2 ; Name Servers = 2 ; Additional Records = 0 ; Authoritative Result = false ; Truncated Result = false ; Recursion Desired = true ; Recursion Available = true ; Result = No error ;;; QUESTIONS ;use.typekit.net. IN A ;;; ANSWERS use.typekit.net. 3600 IN CNAME cs485.wac.gammacdn.net. cs485.wac.gammacdn.net. 3600 IN A 126.96.36.199 ;;; NAMESERVERS gammacdn.net. 127697 IN NS ns2.gammacdn.net. gammacdn.net. 127697 IN NS ns1.gammacdn.net. ;;; ADDITIONAL
Odd. And annoying. Doing a search on DNS issues with my router was dismaying to say the least. First off, the pages would take minutes to load and thus, no style information and thus hard to read. Secondly, from what I could read, there actually might be an issue with DNS on this router. Lovely!
But in playing around with this stuff, I did find this comment in the DNS server configuration file:
/* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ query-source address * port 53;
I know I added that comment, fixing an issue with DNS a few years ago. Really? Could that be the problem? Let me comment that directive out … and it's all fixed!
Okay, I've done some research, and it also revealed another issue I noticed with the new router. Network devices obtaining network information via DHCP were getting the router's IP address for DNS, not my actual DNS server. It appears that Linksys decided to direct all DNS traffic to the router and have it query the DNS server. It may have something to do with their “cloud” offering (so you can configure your router remotely—do people really want this feature?) I don't know. But it's a weird way of handling DNS. And having queries come from port 53 may have been confusing the router.
When I try it now (the the previous DNS server configuration) I get:
[spc]lucy:~/source/spcdns/built>./dotest use.typekit.net. a net_request() = Connection timed out
I think I can explain this difference between the two results. I switched out the router but the DNS server was still running. Over time, certain DNS records expired and thus, not all the required information could be returned. The DNS server was getting some weird packet (more on that below) and just returning what it could at the time. Restarting the DNS server flushes all existing records and because of some weirdness with the router and DNS, some queries are just … lost … somewhere … over the rainbow.
I don't know, I don't have the source code to the router to troubleshoot—
Sorry about that. Bunny came in and said she couldn't get Netflix on the “smart” television. What the hell?
One hour and much cursing and angry shouts later, it's working. How? I dunno. All I want it a dumb wireless pipe to the Intarwebs. I don't need this “user friendly” crap router to intervene on my behalf. Is that so wrong?