Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Orange Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

DNS Port 53 Blocked on Wired Devices for One Specific Network

Follow
Avatar
C L
  • Edited

DNS Port 53 Blocked on Wired Devices for One Specific Network

Hi all, hoping someone can help me track down a strange DNS issue I'm seeing on my Firewalla Orange.

Setup:

  • Firewalla Orange in router mode
  • Multiple networks configured
  • Mix of wired and wireless devices
  • Pi-hole running on the network as a local DNS resolver set as primary DNS. Secondary DNS set to the default gateway of the firewalla network.
  • Ubiquiti switches in the network path

The issue:
On one specific network, DNS on port 53 is being blocked for wired devices only. The strange part is:

  • WiFi devices on that same network resolve DNS fine
  • Wired devices on other networks resolve DNS fine
  • Only wired devices on this one specific network are affected
  • Pi-hole is working fine and resolving DNS correctly when pointed at directly
  • The affected network is a standard LAN, not a VLAN
  • I had an allow rule for an isolated network to talk on 53 to this affected network that was created prior to this breaking, but i have removed the rule and the issue persists.

What I've tried:

  • No custom DNS rules set for that network specifically
  • Port 53 doesn't appear to be explicitly blocked in my rules
  • Completely deleted the network and recreated it with the same address space; issue persists
  • Rebooted the Orange, no change
  • From Windows, "Test-NetConnection -comptuerName <gatewayIP> -Port 53" returns false on affected wired devices, however ping to the same DNS host succeeds, suggesting the device has network connectivity but port 53 is specifically being blocked somewhere
  • Bypassed the Ubiquiti switches entirely and plugged directly into the Firewalla Orange and same issue persists, ruling out the switches as the cause

I'm wondering if I've somehow created a DNS loop with Pi-hole in the mix, but can't figure out why it would only affect wired devices on this one network and why deleting all rules wouldn't get it to work again.

Just looking for option before I nuke the box and start from scratch.

Thanks,
Chris

0

Comments

4 comments

Sort by Date Votes
  • Avatar
    Firewalla

    If you take out Pi-Hole from the setup (use the default DNS), do you still have the issue? 

    Yes, it is common if you didn't configure pi-hole correctly, you will have a loop and that may cause random errors. 

    0
    Comment actions Permalink
  • Avatar
    C L
    • Edited

    Yes. I tried setting only the gateway as the primary DNS as well as completely recreating the network and leaving the gateway as the only DNS server.

    It's odd that the firewalla hosted Wi-Fi on the same network can hit the gateway for DNS just fine.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Sorry, I mean, remove any settings on the firewalla pointing to your pi-hole; this will see if a DNS loop was the cause of the issue. 

    0
    Comment actions Permalink
  • Avatar
    C L

    No worries. I believe the only thing in firewalla I had pointing to the pi hole was the primary DNS on two of my five networks. The network I'm having issues with is the same one that the pi hole was running on but it is currently shut down while I try to figure this out.

    I don't believe there's anywhere else that I set it, but if you can point out any other places to look I can check.

    Thank you for your quick responses and assistance. I appreciate it.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post