ER605 V2 Firmware 2.2.6 LAN Devices cannot resolve DNS
Hello. Today, I downloaded and installed firmware version 2.2.6. After the upgrade, all LAN devices cannot resolve any DNS request. I manually changed the DNS setting of one of my device but still cannot resolve it. If I ping from the LAN device any IP address the Internet IP address responds to the ping. But any ping to FQDN won't go because it is not resolved.
Any idea why? Thanks.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Is it okay to downgrade to version 2.2.5?
I have two installations that are suffering from this issue. No one can access FQDN's. Browsing fails for everybody!
- Copy Link
- Report Inappropriate Content
Disregard my issue but I have to warn ER605 users about this issue. I have downgraded to firmware version 2.2.5 and it fixed my LAN devices' DNS resolution issue.
ER605 V2 firmware version 2.2.6 is blocking DNS requests from LAN devices!!!!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
This version was released last December! My wife noticed this yesterday because our smart TV wasn't connecting to the internet. Our iPad's and computers didn't experienced this because ExpressVPN is in our devices, not on TV's. So, when I disabled ExpressVPN from my PC, that's when I acknowledged that there was a problem! No matter what I did - manually entered the Primary and Secondary DNS on my PC, DNS queries don't get resolved.
Late last night, I rolled back to version 2.2.5 and everything got resolved. It was weird because the Diagnostics in the ER605 was able to resolve DNS yet it is NOT letting LAN devices resolve DNS!
Oh, I forgot to mention that I have two locations connected using site-to-site VPN and both experienced the same problem! Also, in both of my ER605's all items in the "Attack defense" in Firewall are all checked. Is yours all checked?
My conclusion is, TP-Link is releasing firmware publicly without thorough testing??? Maybe???
- Copy Link
- Report Inappropriate Content
In my case the ER605 is connected as a client via Wireguard to main location.
My Attack Defense settings are:
1. Flood Defense - everything off
2. Anomaly Defence as below:
IMO if the problem would be in firmware (2.2.6) then many peple here would already report that. SInce a lot of people are using ER605 on a daily basis.
I'm not saying that you dont have a problem, nor it's connected to router's firmware... I'm just saying that it looks like it's more problem with your configuration than general fw issue.
Maybe with fw upgrade some config on your ERs gets messed up?
1. After the upgrade, have your tried Force Provisioning to setup the router again from the very beggining by your controller?
2. Have you checked if terminating Site-2-Site connection "fix" the problem anyhow?
3. Have you tried in WAN configuration on your router setting up different DNS (like 8.8.8.8 or 1.1.1.1)?
4. Have you check in LAN configuration if you have DNS Server set to AUTO?
Cheers
- Copy Link
- Report Inappropriate Content
All items in my Attack defense are checked. After installing 2.2.6 all hell broke loose with LAN devices not given DNS resolution! Now with 2.2.5, they still all checked and no DNS problem! BTW I don't have what you call a "controller".
Yes, I terminated the site-to-site and the client-to-gateway connection to my son's home.
Yes, I tried hard-coding different DNS servers (Google, OpenDNS, Cloudflare, etc) on both the ER605 WAN side and on the LAN sude in its DHCP server. Yes, I hard-coded DNS in LAN device(s).
It has to be in one of the options in the Attack defense which I didn't want to play around with!
Why do you not feel that Flood defense is not significant to the firewall function?
- Copy Link
- Report Inappropriate Content
Hi @firefox111
firefox111 wrote
All items in my Attack defense are checked. After installing 2.2.6 all hell broke loose with LAN devices not given DNS resolution! Now with 2.2.5, they still all checked and no DNS problem! BTW I don't have what you call a "controller".
Yes, I terminated the site-to-site and the client-to-gateway connection to my son's home.
Yes, I tried hard-coding different DNS servers (Google, OpenDNS, Cloudflare, etc) on both the ER605 WAN side and on the LAN sude in its DHCP server. Yes, I hard-coded DNS in LAN device(s).
It has to be in one of the options in the Attack defense which I didn't want to play around with!
Why do you not feel that Flood defense is not significant to the firewall function?
605 has been released for nearly 6 months.
I recalled that I have pushed the beta for a test back in July. Basically, it is 6 months old.
If you have changed the LAN DNS and you use auto DNS on your clients, they should get the public DNS servers and resolve.
I am pretty interested in what your nslookup looks like. As you say none can be resolved.
- Copy Link
- Report Inappropriate Content
Thank you.
I apologize. My mistake. Yes it was released in July, 024. Before I messed with hard-coding the DNS server in the client side, when I did a nslookup, the server that came up is the ER605 LAN IP, of course. Nslookup does not resolve any FQDN I enter. It times out. Then I hard-coded the DNS server in my computer (Google, OpenDNS, Cloudflare, etc.) nslookup was blind.
It doesn't matter now - version 2.2.5 is working for me. I like the ER605 but there are things that I desire and have expressed these in previous threads before but there is no action done! Like being able to enter a FQDN on the wireguard VPN endpoint, show in the System Log the IP address of a client VPN connection. I have dynamic IP from my ISP and I constantly change the endpoint IP's of my wireguard site-to-site connection. I was tired of it so I switched to IPSec LAN-to-LAN.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 170
Replies: 8
Voters 0
No one has voted for it yet.