this post was submitted on 14 Sep 2023
18 points (95.0% liked)

Sysadmin

5574 readers
2 users here now

A community dedicated to the profession of IT Systems Administration

founded 5 years ago
MODERATORS
18
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

Not sure if this is the right place.

The last few days I've been experiencing a few issues resolving DNS on my home network. Strangely, rebooting the router seemed to fix it for a time. After running into the issue again I decided to investigate further. I'm using a Mikrotik router with my PC wired in with ethernet cable. The router is using DoH to Quad9 (https://dns.quad9.net/dns-query as per their documentation). I've also imported root certificates for validation.

As of right now, my desktop cannot resolve dns against 9.9.9.9, however it can resolve dns against 1.1.1.1 and 8.8.8.8.

$ dig @9.9.9.9 reddit.com

;; communications error to 9.9.9.9#53: timed out

Interestingly also cannot curl the DoH URL (also a timeout). I thought maybe Quad9 is having issues so I jumped over to my EC2 instance, and I can dig/curl just fine.

I also turned on debug logging on the router, the logs indicate the same issue my desktop is having (timeout errors, sometimes and SSL handshake error).

My question to you all is, have I missed something in my testing/setup, or is Comcast blocking Quad9?

Additional info:

The mikrotik is the latest firmware (6.49.10). I can switch to CloudFlare DoH on the router and it works fine. I can remove the DoH setting entirely and it works. I've got 8.8.8.8 as a static DNS server and the 2 comcast dns servers are dynamic (75.75.75.75 and 75.75.76.76). NTP is setup and the router has the correct date/time/timezone.

As of this writing rebooting the router is no longer temporarily fixing the problem.

Edit:

Thanks u/[email protected] !

Per their post the status page shows issues in my area: https://uptime.quad9.net/

top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

Having similar issues with Quad9. I even had an odd issue today where I could ping 9.9.9.9 just fine, but dig @9.9.9.9 would time out. That suggested to me that it's an issue with their DNS server specifically, and not the network. I didn't get around to trying from another host, but I think it's less likely to have to do with Comcast specifically as you simply connecting to a different anycast server.

The issues are only intermittent for me, they'll come and go. Right now I can resolve against 9.9.9.9 just fine, but who knows how long that'll last until issues crop up again. I had to switch DoH providers temporarily, hopefully everything will be resolved soon.

Edit: Quad9 has posted an update

[–] [email protected] 1 points 1 year ago

That seems to be the problem! My traceroute was showing my traffic emerging from Seattle so that makes sense why it was down. Thank you!

[–] [email protected] 2 points 1 year ago

No idea as I'm not connected via comcast (I'm not even in the US).

Can you ping 9.9.9.9? Also, comparing traces (tracepath / traceroute) betwen 9.9.9.9 and some other host might give you insight on where the problem is

[–] [email protected] 2 points 1 year ago

I experienced this tonight and thought I was crazy (also with Comcast, unfortunately). Switched my pihole to OpenDNS and the problem was solved.

[–] [email protected] 2 points 1 year ago

Interesting. I have the same issue and I’m using Comcast. I just switched my pi-holes to opendns and things are back to normal.