DNS Booster dropping devices

Comments

5 comments

  • Avatar
    Support Team

    Is this device used as DNS server to the network? Firewalla will automatically disable DNS booster on the device if it's used as local DNS server.

    The "Operation now in progress" may be a different issue, it's more like a client side issue. Can you try dig instead of nc?

    https://stackoverflow.com/questions/6202454/operation-now-in-progress-error-on-connect-function-error

    1
    Comment actions Permalink
  • Avatar
    Jonas

    Hi,

    thanks.  This is likely the problem.

    "...Firewalla will automatically disable DNS booster on the device if it's used as local DNS server..."

    The device being disabled is running pihole in a container.  I wanted the impacted host to use local pihole as primary and Firewalla as secondary DNS.   Even though it runs pihole and can resolve through pihole, it is useful to have a secondary DNS for when I want to update the pihole container.  In fact, that is how I discovered Firewalla wasn't working.

    Let's hope over time, configuration options for DNS Booster (which others have expressed concerns about as well) will be enhanced to give *us* more control.  I am definitely not happy about Firewalla making decisions on my behalf that I can't influence.

    The netcat error comes from the fact that I provided a 5 second timeout (-w) because I lack patience.

    $ dig @192.168.0.1 www.test.com +short

    ; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> @192.168.0.1 www.test.com +short
    ; (1 server found)
    ;; global options: +cmd
    ;; connection timed out; no servers could be reached
    $ telnet 192.168.0.1 53
    Trying 192.168.0.1...
    0
    Comment actions Permalink
  • Avatar
    Jonas

    Hi,

    I am curious how Firewalla determines that the device is running a local DNS. 

     

     

    0
    Comment actions Permalink
  • Avatar
    Support Team

    Is the device configured as DNS server in Firewalla network settings? This is how it determines, and this is to prevent DNS loop, it has to be disabled in dns booster.

     

    You can run Pihole container using macvlan network, this will use a new IP address with a new Mac address to run container, so that only Pihole container will have dns booster off, the hosting device will still have dns booster on.

    https://docs.docker.com/network/macvlan/

     

    Also even if dns booter is off, it should still be able to use DNS service, instead of having error like this. You may send email to help@firewalla.com, we can help debug that.

     

    1
    Comment actions Permalink
  • Avatar
    Jonas

    Hi,

    Thanks.  I'll consider sending an email. 

    "...Also even if dns booter is off, it should still be able to use DNS service, instead of having error like this. You may send email to help@firewalla.com, we can help debug that..."

    In the interim, I've simply removed Firewalla as Secondary DNS on the impacted device.

     

    Your help has been much appreciated.

    0
    Comment actions Permalink

Please sign in to leave a comment.