DNS requests are not working
Team,
I have a customer who is using 6 of these ER605-V2 routers.
We can not get DNS working on all 6 - even with just one additional vlan (beside the default management vlan 1).
The things we tried:
* Tried with Google and Cloudflare DNS servers on WAN and LAN site (with or without DHCP)
* Disable DHCP on the LAN-site and use Pihole/dnsmasq as DHCP and DNS server
* Proxy with DoH to Cloudflare
* Factory reset and running in standalone mode (with and without DHCP on LAN-side)
* Ping and tracert executed by the router itself
* Replaced one ER605 with an ER707-M2
Only the ER707 setup is working as expected.
It looks like all the ER605 routers are blocking all DNS requests - regardless its settings.
As if there is some hidden ACL-rule blocking all DNS traffic.
Please advice - where to go from here?
With warm regards - Will
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Unfortunately the problem is still there...
Attached a schematic overview of the workbench setup.
Basically its all about 5 public IP's representing 5 customer sites.
However, for staging purposes we connect everything on one site with 5 public IP's - which is what is showing in de image.
The Box12 has 4 LAN-ports. From these 4 ports, one port operates in bridge mode.
This is the port with the Omada switch and the ER605 routers (all routers are running firmware 2.2.5 as released over the weekend).
We also tried replacing the Omada switch with an unmanaged switch - same results.
Meaning the only thing that is not working is DNS requests - it doesn't matter if DHCP and DNS is handled by the router or by Pihole (for example),
Any new ideas/suggestions? Anyone?
=====
- Copy Link
- Report Inappropriate Content
I didn't fully understand the drawing, but I assume that there is no VLAN on the WAN.
try turning off all the routers except one, the one that is on you have to restart.
does it work then if only one router onsline?
- Copy Link
- Report Inappropriate Content
Correct - there is no vlan on the WAN-side:
Basically its all about 5 public IP's representing 5 customer sites.
However, for staging purposes we connect everything on one site with 5 public IP's - which is what is showing in de image.
- Copy Link
- Report Inappropriate Content
Try shudown everything exept for one of the routers. restart the router that is online.
I think it has something to do with the problem I had a few years ago.
how does the ER707.M2 work in your setup now?
- Copy Link
- Report Inappropriate Content
I think there is something with the hardware that creates a conflict, it applies to completely identical routers with the same hardware version. you can use an ER605v1 and an ER605v2 together, but not two with the same version.
Is there any possibility that routers of the same model and firmware are presenting the same MAC address on the WAN interface ?
It wont matter of course in normal circumstances where the routers are at different sites, but all connected to a switch will give problems...
- Copy Link
- Report Inappropriate Content
When I did this the first time with ER605v1, I tried to enter mac manually. I worked on this for quite a long time with this problem but finally bought another router (ER7206v1) so that I didn't have two identical routers connected to the wan switch, then it worked.
I later bought another ER7206v1 and connected to the wan switch and the network went down straight away. then later 2 ER605v2 same thing.
it may be that tp-link has fixed this now, I don't know because I have always made sure not to have two identical routers in the same wan switch after this.
anyway, weird stuff
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
no i didn't. so I don't know anything more about why it happened.
- Copy Link
- Report Inappropriate Content
@MR.S remember this DNS problem with the ER605 router bench?
We where finally able to solve it (or at least have a workaround).
We eventually started testing with OpnSense and run in the same issue; only less consistent.
It turned out that this was because OpnSense has somesort of a watchdog going.
Which restarted the DNS service once it was failing.
We fixed this with an Omada switch.
The ports with the OpnSense and/or ER605 routers are attached to ports running with PVID 4080 in Isolation mode.
The port with the ISP-router (and the actual access to the internet) was also running with PVID 4080 - but without port isolation.
When we replace the Omada switch with a basic unmanaged switch sooner or later the problem comes back.
I have no clue what this port isolation mode is actually doing - but everything is running as expected for a few weeks now.
Cheers - Will
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2058
Replies: 29
Voters 0
No one has voted for it yet.