Gold not working as secondary DNS

March 30, 2021 19:27
Edited

I have a problem with my Gold where it doesn't function as the secondary DNS server.

Setup:

Subnet - 192.168.1.x/24
DNS1 - 192.168.5.10 (AdGuard Home - separate VLAN)
DNS2 - 192.168.1.254 (Gold)
WAN interface DNS - 1.1.1.1, 1.0.0.1

If I stop the AdGuard Home server then DNS stops working for the network.

I ran a DNS query via dig, nslookup etc. against the IP of the Gold and directly to Cloudflare's IPs and can see the request being forwarded to the AdGuard server in the logs.

The Gold intercepts all DNS requests and forwards to primary DNS for the network which doesn't help if that server happens to be offline.

Why wouldn't the Gold work as the secondary DNS server using Cloudflare for upstream?

Thanks in advance

Comments

8 comments

Firewalla

March 30, 2021 21:23
If you have a PC or MAC, try the command dig @192.168.1.254 firewalla.com and see if it works. If it works, then something wrong, you will need to check the host and see if the host has both DNS via DHCP.
0

Comment actions Permalink
Russell Stenson

March 30, 2021 21:33
I have from multiple devices on my network, and I can see from the AdGuard logs that the Gold is forwarding the requests on to primary DNS server.
0

Comment actions Permalink
Firewalla

March 30, 2021 22:30
Did you check what I was suggesting?

1. Test out the Firewalla DNS

dig @192.168.1.254 firewalla.com

2. Check your device and see if it has both your adguard DNS and firewalla as DNS?
0

Comment actions Permalink
Firewalla

March 31, 2021 03:30
Did you configure on the LAN segment

Primary: adguard

Secondary: Firewalla

If you did this way, then likely the system "feels" you want the adguard to be your upstream DNS server, so when adguard dies, DNS will be dead.

A quick workaround is to setup another DNS that's 'not' firewalla for secondary DNS.

The cause of this is purely because firewalla intercepts all DNS, we will see if we can do something on the UI or the next release.
0

Comment actions Permalink
Russell Stenson

March 31, 2021 09:40
Yes that's correct, AdGuard is on a separate LAN segment so all traffic is routed through the Firewalla Gold for DNS booster services before DNS requests being forwarded to the AdGuard server.

The problem is that it doesn't matter what DNS servers I set statically on the client, what server I specify for DNS tests in dig, nslookup or Resolve-DnsName, or what I set as the secondary DNS server on the Firewalla DHCP scope for the interface (including external provider i.e. 1.1.1.1), the Gold intercepts all DNS requests and forwards to the primary DNS for the interface even if this is down.

For instance, I just set my DNS statically to 1.1.1.1 on my client, perform an nslookup and can see the request showing up in the AdGuard query logs. If I "dig @<firewalla ip> firewall.com" in bash, or "resolve-dnsname firewalla.com -server <firewalla ip>" in PowerShell I can see these requests also being forwarded to the AdGuard server from the Firewalla's IP on that interface.

I am going to make an assumption that the guy in this thread is also experiencing the same issue - https://help.firewalla.com/hc/en-us/community/posts/360052673393-Primary-DNS-down-lost-internet

Any logs I can pull from the box and send through to help diagnose this?
0

Comment actions Permalink
Firewalla

March 31, 2021 16:54
Can you change the configuration of the segment on the Firewalla to primary pointing to adguard, and secondary point to 1.1.1.1? See if this works or not. (don't change anything on the client)
0

Comment actions Permalink
Russell Stenson

March 31, 2021 17:10
Yeah I already tried that as mentioned above and the Gold still intercepts and tries to forward to the primary DNS server for that interface regardless.
0

Comment actions Permalink
Firewalla

March 31, 2021 17:56
@russell, I just created a ticket for you, will get someone to follow up with you on this.
0

Comment actions Permalink

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?