[Cerowrt-devel] dns failures on cerowrt

Dave Taht dave.taht at gmail.com
Thu Mar 15 14:19:38 EDT 2012 

I hope you don't mind, but I prefer to always answer questions like these
publicly.

On Thu, Mar 15, 2012 at 10:55 AM, Ketan Kulkarni <ketkulka at gmail.com> wrote:
> Hi Dave,
> I bought wndr3800 and now setting up the cerowrt on it.

Yea!

> I am getting few issues in setting up dns server.
> Observation: nslookup from my laptop through cerowrt fails
>
> Thanks jg for many dns related pointers - still I must have missed something
> to get it working.
>
> Few things I tried (few of them really dumb) -
> 1. Time and zone is properly set on cerowrt box
> 2. Restarted namedprep and named everytime

At one level I'm glad we're exposing potential problems with getting
dnssec deployed more widely.

At another level, it frustrates me.

> 3. Also tried modifying
> dnssec-validation auto to off;
> dnssec-lookaside auto to off; and then restarting named but it didnt help
> either.

To debug these sorts of problems I usually use a command to continuously
read the syslog

openwrt# logread -f &

and then watch stuff like 'killing off the dns server and restarting' go.

# killall named
# nslookup ::1 # should return localhost after named restarts
# rndc validation disable # is a command you can issue to turn off validation
# host www.lwn.net # repeat a few times
# your clock should slew inside of about
#
Here are the potential problems.

0) Are you on a real ip address or behind levels of nat?

1) If you are behind someone elses firewall, it may be that you cannot
get dns through it. In many locations dns packets are blocked, and dns
is only available from the local dns server.

2) in some locations dns access to the roots is blocked

3) in some places the local dns server is too lame to recurse properly
or handle ipv6

4) in others NTP is blocked

>
> 4. Added my lan subnet entry in "acls.local.conf" - in vain.

It is a good idea that you do so.

> 5. added my dns servers in forwarders.conf

That should have worked, unless your dns servers were lame.

Did you try 8.8.8.8 as a forwarder?

> If I configure any open dns server like 8.8.8.8; everything works properly
> (as expected).
>
> Waited to catch you - but its almost midnight here - so thought to put it in
> the mail

I went to bed early last night (flu), and woke up late (more flu)

>
> Appreciate your help.
>
> Thanks,
> Ketan
>
> p.s. firmware is cerowrt-3.3rc7.2



-- 
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://www.bufferbloat.net

More information about the Cerowrt-devel mailing list