Disabling DHCP causes DNS issues

thanks @XRaySpeX for your reply.  In answer to your questions/ comments.

1. I am disabling DHCP because I have a another DHCP server on the network instead.  I have the internal network on a different subnet to the external one and is bridged using ClearOS which provides all the internal network capabilities e.g. DHCP, internal DNS,   This all works fine with the old router but not the new one.  Also, pinging external ip address (8.8.8.8) comes back ok to the device so does that.

2. When the agent logged in remotely to the router she could see it was turned on however the lights and lack of SSID would indicate it was off.  It was the factory reset I did which seemed to activate the WiFi.

3. Sorry should have mentioned,  When I couldn't connect to the admin page, I could ping the IP address of the router.  Also, the laptop was connected to the router with an Ethernet cable rather than WiFi.

thanks again for your help

Lee.

Hi @mikeliuk Thanks very much for your reply.

Yes I have been able to reproduce the problem with just my laptop (manually configured with static IP address) connected to the router.  If I have DHCP switched on it works fine.  Switching DHCP off (laptop unchanged and still on same IP settings) causes the DNS issue (i.e. can't resolve www.bbc.co.uk).  Turning DHCP back on and the problem is solved.  My old EE Brightbox seems to work fine when I turn DHCP off.

Thanks

Lee.

Hi @leenowell ,

Is the static IP address in the same subnet as the service provider's router? Are you able to ping your router from the laptop? Are you able to do a nslookup of www.bbc.co.uk when explicitly giving the DNS server? (I.e. "nslookup www.bbc.co.uk 8.8.8.8"). Does this fail if you omit the explicit DNS server?

You have described that manual configuration fails but automatic configuration (using DHCP) works. This is pretty good evidence that your manual configuration is wrong and a misconfiguration of your laptop. DHCP provides an IP address, DNS servers, and default gateway. I would recommend to check the output of "ipconfig" if you use Windows 10, and "ip a" and "ip route" if you use Linux.

Once you have determined the correct manual/static configuration for the laptop, you may go on to configure further network devices such as other routers, otherwise adding other network devices (e.g. in bridge mode) would simply cause more confusion.

Edit: please may you explain what you mean by this statement: "The interface of the old and new router is the same"?

Edit2: please may you follow this guide to manually configure your laptop with a static IP address (inside the relevant range), and be sure to select appropriate DNS servers (e.g. 1.1.1.1 and 1.0.0.1), and the gateway as the IP address of your service provider's router. https://support.microsoft.com/en-us/windows/change-tcp-ip-settings-bd0a07af-15f5-cd6a-363f-ca2b6f391...

Edit3: the confusing thing is why turning dhcp on and off should have any impact on a statically configured device. Highly recommend there should be no other routers or switches connected to the service provider's router when carrying out this debugging (I assume already the case).

Edit 4: I guess one fool-proof approach is to set the laptop to obtain its configuration by dhcp, connect to router to obtain configuration, verify it works, record the known-good configuration (IP, subnet, gateway, DNS servers), disable dhcp on the router, apply the recorded configuration statically to the laptop, reboot laptop, verify the static configuration has stuck, check whether the known-good functionality is still present.

Hi @mikeliuk thanks for your response.  In answer to your questions etc. (sorry can;t see how to do these inline in this interface)

Yes laptop (Linux) is in same subnet as router and can ping it and also ping 8.8.8.8.  The DNS setting on the static IP config is set to the IP address of the router.  

I tested your nslookup by specifying Google DNS and that works fine so does setting the laptop DNS manually to be 8.8.8.8.  I tried manually setting the DNS on the router to be 8.8.8.8 and 8.8.4.4 and that doesn't work either (with the laptop DNS setting as IP address of router).

When I talk about DHCP enabled working, the laptop settings don't change and are set to the same manual configuration all the time.  The only thing I am doing is enabling and disabling the DHCP server on the router - I am not actually using it.

By  "The interface of the old and new router is the same" I meant that the configuration UI is the same for both routers so therefore I am sure that that the settings I am changing are identical even though they have different results.

re:Edit3 - yes this is very odd.  Only thing I can think of is that there is a firmware bug/ issue where turning DHCP off corrupts the routers DNS settings and even manually changing them doesn't sort it. Is there I way to tell what the router thinks the DNS settings are (i.e. not what the UI says it is)? Yes for all these tests only thing connected to the router is the laptop.

I have temporarily changed the laptop settings to write this response so will run the following as suggested in a minute and post the results

- ip a; ip route

- edit 4.  Just tried them on this setup and it doesn't give DNS information.  How do I get that?

If it helps any, switching back to the old router (same config as the new one as far as I can tell) resolves the problem without changing anything else.  This is in test mode (i.e. only laptop) and when connected to full network. This would imply it is something in the new router? Either a bug/ fault or the same setting behaves differently somehow

Thanks once again

Lee.

Hi @mikeliuk 

I have run the 2 x ip commands with the laptop DNS set to 

a. 8.8.8.8 (works fine)

b. the router IP address (has the issue)

For both tests router DNS manually set to 8.8.8; 8.8.4.4.  In summary the output from "ip a" is identical for both (did a diff).  There is a slight difference in "ip route".  For test a the output is

$ ip route
default via 192.168.10.1 dev enp0s25 proto static metric 100
169.254.0.0/16 dev enp0s25 scope link metric 1000
192.168.10.0/24 dev enp0s25 proto kernel scope link src 192.168.10.56 metric 100

for test b the "100" at the end of the first line changes to 20100

Not sure if this helps?  No DNS info as per earlier post so not sure how to get that from command line?

Hi @leenowell ,

The key clue seems to be that your service provider's router sometimes does not function as a DNS server which should forward requests to other DNS servers when it cannot resolve a name itself (perhaps from a cache). It's possible that when dhcp is enabled, your service provider's router does function properly as a DNS server and this is something that can be checked.

A. With dhcp enabled:

a. "nmap -p 53 <router_internal_ip_address>" to see that the DNS port is open

b. "nslookup www.bbc.co.uk <router_internal_ip_address>" # I expect this to work

B. With dhcp disabled:

a. "nmap -p 53 <router_internal_ip_address>" to see that the DNS port is open, closed, or filtered

b. "nslookup www.bbc.co.uk <router_internal_ip_address>" # I expect this to fail

In Linux your DNS servers will show in /etc/resolv.conf

NetworkManager and perhaps other things may edit this file (refer to documentation for your distribution to see how to set DNS servers). On distributions where the DNS servers are set statically, an edit to /etc/resolv.conf may be sufficient if nothing changes it, otherwise would need to use distribution-specific methods to make a choice stick.

Edit: apologies, DHCP does not update DNS but the above debugging still applies to figure out what is wrong. https://www.ietf.org/proceedings/45/I-D/draft-ietf-dhc-dhcp-dns-10.txt

Edit2: I guess the last check is that with /etc/resolv.conf should be check with router dhcp enabled and disabled to see if the file is changed at the same time as the good and bad behaviour. Most likely it will stay the same and point to the service provider's router's internal IP address. Presumably you should be able to work around the issue by always setting your device DNS servers to be known-good public ones but you shouldn't have to do this and the default automatic behaviour should work fine in a sane world.

Hi @mikeliuk Thanks for the reply again..  Looks like we are getting somewhere - thanks 😉

So... I run your tests with the following results

With DHCP Enabled I get

PORT STATE SERVICE
53/tcp open domain

and the nslookup works (i.e. brings back some BBC host names and IP addresses)

With DHCP disabled I get

PORT STATE SERVICE
53/tcp closed domain

and the nslookup times out.

I checked /etc/resolv.conf and the DNS config doesn't appear to be there (I am running Ubuntu 20.04) all it has is

nameserver 127.0.0.53
options edns0 trust-ad

Thanks

Lee.