[PLUG] DNS weirdness

Jason Martin nsxfreddy at gmail.com
Wed Jul 23 15:02:10 UTC 2008


On Wed, Jul 23, 2008 at 7:41 AM, Aaron Ten Clay <aaron at madebyai.com> wrote:
>
> On Jul 23, 2008, at 12:45 AM, Keith Lofstrom wrote:
>
>>
>> On Mon, Jul 21, 2008 at 10:35 PM, Keith Lofstrom <keithl at kl-ic.com>
>> wrote:
>>> Another change that occured in the last two months was the change
>>> to Verizon FIOS and the addition of an Actiontec cable modem +
>>> router + etc.  That does a lot more than the old Linksys cable
>>> modem that I used for Comcast - among other things, it can act as a
>>> firewall, and adds another layer of NAT - so it may be part of the
>>> problem.
>>
>> On Tue, Jul 22, 2008 at 2:30 PM, Ali Corbin <ali.corbin at gmail.com>
>> wrote:
>>>> This sounds suspiciously familiar.  I sometimes have sporadic dns
>>>> resolution problems.
>>>> I've found that I can fix them by cycling power on my cable modem.
>>>> I'm not at home right now, so I can't be sure, but I think mine is
>>>> also an Actiontec.
>>>> Ali
>>>>
>>
>> On Tue, Jul 22, 2008 at 02:42:27PM -0700, Ali Corbin wrote:
>>> I googled around for a bit, and found, at
>>>    http://www.broadbandreports.com/forum/remark,11430965
>>>
>>> ----------------------------------------------------------------------------
>>> To the list, don't forget to add the DNS 1.0.0.0 problem.
>>>
>>> For me, oddly, it has only manifested with "www" hostnames. In other
>>> words, I get 1.0.0.0 for "www.bob.com" but I get a good IP for
>>> bob.com.
>>> ----------------------------------------------------------------------------
>>> I used to have very frequent DNS 1.0.0.0 problems. For me at least,
>>> the solution was to put the ISP DNS host IP addresses in the NIC IP
>>> settings (static DNS) on the computer to which the Actiontec is
>>> connected via ethernet. If the DNS info is left as dynamic, I am
>>> guaranteed to see frequent 1.0.0.0 errors. Qwest DSL support was no
>>> help in figuring this out. They had never heard of the 1.0.0.0
>>> problem.
>>> -------------------------------------------------------------------------------
>>
>> Interesting pointer, but that does not seem to be my problem - I am
>> running my own domain server, not an outside one, and I am starting
>> with "hints" from the root name servers.  The problem is that some
>> of the DNS requests do not appear to get answered.
>>
>> I found this:
>>   http://aplawrence.com/MacOSX/dns_puzzle.html
>>
>> And that may be a fruitful path to explore.  The author says that
>> the Actiontec is truncating UDP packets longer than 512 bytes,
>> which can cause a fallback to TCP.  However, some DNS servers do
>> not support DNS queries on TCP.  More experimentation needed.
>> The author points at:
>>
>> http://www.dslreports.com/forum/r17679150-Howto-make-ActionTec-MI424WR-a-network-bridge
>>
>> Which is how to turn the Actiontec into a bridge.  Personally, I
>> would rather get rid of the damned thing entirely and connect through
>> the CAT5 that I ran to the other side of the wall from the ONT.
>> That way I will not be burning power in it.
>>
>> Alternately, I will learn how to configure named.conf so DNS
>> pulls name service from my offsite server for outside addresses.
>> Or something ...
>>
>> Keith
>>
>> --
>> Keith Lofstrom          keithl at keithl.com         Voice (503)-520-1993
>> KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in
>> Silicon"
>> Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
>> _______________________________________________
>> PLUG mailing list
>> PLUG at lists.pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
>
> In my experience, removing the ActionTec router from the equation is
> fully supported by Verizon. Just unplug it and connect whatever router
> you wish to use instead to the ethernet jack previously occupied by
> the ActionTec router.
>
> When I've supervised their install teams in the past I've asked if
> their router is required, and the answer I got every time was no. On
> one occasion I said we don't want to use it, this Linux pc is going
> straight into the wall, and the technician said okay. He said they
> have to leave the router on site, just stick it in the closet or
> something.

Depends on the installer probably.  We just had it installed this past
weekend and the installer *insisted* on using the MoCA (coax)
connection instead of Ethernet.  He was very nice and professional and
did a great job installing everything, so I didn't argue too much (I
also didn't really care).  It works so far and had the added benefit
of using an existing coax cable and thus didn't involve any new holes
through my swiss cheese walls.

I haven't noticed any DNS weirdness yet, but I'll keep an eye on it.
The router definitely runs it's own DNS server, I suppose for caching
and to provide the ".home" name resolution locally:

Starting Nmap 4.53 ( http://insecure.org ) at 2008-07-22 20:20 PDT
Interesting ports on 192.168.1.1:
Not shown: 1708 closed ports
PORT     STATE SERVICE
23/tcp   open  telnet
80/tcp   open  http
443/tcp  open  https
992/tcp  open  telnets
8080/tcp open  http-proxy
8443/tcp open  https-alt

Nmap done: 1 IP address (1 host up) scanned in 0.652 seconds
[jrmartin at newton ~]$ sudo nmap -sU 192.168.1.1

Starting Nmap 4.53 ( http://insecure.org ) at 2008-07-22 20:21 PDT
Interesting ports on 192.168.1.1:
Not shown: 1483 closed ports
PORT     STATE         SERVICE
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
1024/udp open|filtered unknown
1900/udp open|filtered UPnP
MAC Address: 00:1F:90:05:72:C9 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 1478.583 seconds

Keith, I suppose you could disable the Actiontec DHCP server and run
one somewhere else, providing whatever DNS servers you want in the
leases.

Cheers,
Jason



More information about the PLUG mailing list