DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

v3.6.4 software blocking DNS requests

  • craigski
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
07 Jun 2013 09:04 #76439 by craigski
v3.6.4 software blocking DNS requests was created by craigski
We have upgraded 2830 to 3.6.4 (from 3.6.3), and we are seeing the Draytek is blocking DNS requests. Can someone else who has a 2830 upgraded to 3.6.4 please try the following from a CMD / terminal prompt on a PC/Mac on LAN side:

nslookup -type=txt google.com 8.8.8.8

"Server: google-public-dns-a.google.com
Address: 8.8.8.8

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to google-public-dns-a.google.com timed-out"

The above shows the Draytek is blocking the DNS request for TXT records using an external dns server, in this example googles public DNS server 8.8.8.8

However the command will work with A records:

nslookup -type=a google.com 8.8.8.8

"Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: google.com
Addresses: 173.194.41.64
173.194.41.73
173.194.41.71
173.194.41.69
173.194.41.68
173.194.41.72
173.194.41.65
173.194.41.78
173.194.41.70
173.194.41.67
173.194.41.66"

3.6.3 did not block DNS.

We have seen this on several 2830's that we have upgraded, so it appears there has been changes in the recent update that has broken DNS.

Please Log in or Create an account to join the conversation.

More
07 Jun 2013 10:59 #76441 by babis3g
Replied by babis3g on topic Re: v3.6.4 software blocking DNS requests
well done mate spot it ... it must be the same with 2920, 2850, 2830 models as all carry same firmware
Sorry if hijacking
I have the 2820n plus an other 2850n and 2920n
Since i put all firmwares 3.6.4 to each unit seems something wrong with the wan 2
It will give spikes at wan 2 ... when i roll back firmwares is fine

I can not test it because i already have rolled back to 3.6.3 but for sure is something wrong
Here the monitor just before 7 pm rollback 3.6.3 and is fine again



I have report this since 2 weeks ago when the 3.6.4 beta rc3 was came to my hand but NO news from Draytek

Please Log in or Create an account to join the conversation.

More
07 Jun 2013 14:32 #76443 by cocospm
Replied by cocospm on topic Re: v3.6.4 software blocking DNS requests
Yes, same here on a 2850n. We have had to revert to firmware 3.6.3 because we run a mail server here which routinely performs SPF lookups - when we installed 3.6.4 the lookups all started failing, resulting in a signifcicant increase in spam getting through.

Please Log in or Create an account to join the conversation.

More
04 Jul 2013 23:40 #76879 by jobber_jobber
Replied by jobber_jobber on topic Re: v3.6.4 software blocking DNS requests
Hi, glad I'm not the only one with a DNS issue with firmware 3.6.4

Mine concerns Spamassassin updates.

I recently upgraded my router from firmware 3.6.2 to 3.6.4; I have two routers 2850n and 2805Vn, both got upgraded. The routers use different ISPs and different DNS settings.

I have noticed that I can no longer get spamassassin updates, because the following DNS query, using Linux DIG command, cannot be completed:

dig mirrors.updates.spamassassin.org txt

Returns the error:

; <<>> DiG 9.8.1-P1 <<>> mirrors.updates.spamassassin.org txt
;; global options: +cmd
;; connection timed out; no servers could be reached


So I downgraded by router back to version 3.6.2 of the firmware, and then the dig command doesn't have a problem.

; <<>> DiG 9.8.1-P1 <<>> mirrors.updates.spamassassin.org txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51945
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mirrors.updates.spamassassin.org. IN TXT

;; ANSWER SECTION:
mirrors.updates.spamassassin.org. 1347 IN TXT "http://spamassassin.apache.org/updates/MIRRORED.BY"

;; Query time: 19 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Jul 4 23:24:01 2013
;; MSG SIZE rcvd: 124


I have tried various DNS servers within the DIG command using @x.x.x.x, all produced the same error as above.

Therefore, I can only conclude that there is something within firmware v.3.6.4 that causes the issue.

I've downgraded to 3.6.2 again, as wasn't sure if 3.6.3 was stable....

Thanks,
Jobber

Please Log in or Create an account to join the conversation.

More
16 Jul 2013 17:35 #76993 by eric.jansen
Replied by eric.jansen on topic Re: v3.6.4 software blocking DNS requests
Looking after 2x 2830n, 1x 2850n, 1x 2929n and all have the same DNS lookup issue and high latency ThinkBroadBand Ping Monitor statistics when running on Firmware 3.6.4.

I contacted Draytek support (raised a ticket) and got send beta firmware for all 3 models which has addressed the above issues and adds some additional functionality. I have not fully evaluated any of the following beta Firmwares, but guess if you are fine running beta firmware to raise a ticket with Draytek UK support.

v2920001_r36143
v2850001_a_r36143
v2830sb001_r36108 (single band only)

Only .all FW files supplied without any release notes.

Please Log in or Create an account to join the conversation.

More
23 Jul 2013 00:18 #77054 by smwardle
Replied by smwardle on topic Re: v3.6.4 software blocking DNS requests
Tried v2850001_a_r36143 today and it's still blocking requests for the root name servers.

root# dig @199.7.91.13 . NS

; <<>> DiG 9.8.3-P1 <<>> @199.7.91.13 . NS
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Works OK with 3.6.3.

Please Log in or Create an account to join the conversation.

Moderators: Sami