Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Samsung Smart TV (Tizen) DNS Queries on wrong server

    Scheduled Pinned Locked Moved DHCP and DNS
    13 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jgauthier @johnpoz
      last edited by

      @johnpoz it tries to connect to the local dns server (pfsense). I don’t understand your last question, did it use what? Thanks

      kiokomanK johnpozJ 2 Replies Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8 @jgauthier
        last edited by

        @jgauthier
        does your new interface have a rule that permit tcp/udp to port 53 ?
        can you post a screenshot of what you see on the log?

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        J 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @jgauthier
          last edited by

          @jgauthier said in Samsung Smart TV (Tizen) DNS Queries on wrong server:

          it tries to connect to the local dns server (pfsense).

          So you pointing to the IP you put on the new network/vlan you created right - and created a rule to allow that.. If your pointing it to your LAN IP, and blocking access to lan then yeah your going to have a bad day..

          Here is example of locked down network, see how I allow access to this network "test" address for dns, etc.

          example.jpg

          the block rfc1918, really a reject since its my local networks. But this would prevent something asking for pfsense lan IP for dns.. But allows to pfsense IP on test network..

          In my case lan is 192.168.9.253, and test is 192.168.200.253

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          kiokomanK 1 Reply Last reply Reply Quote 0
          • kiokomanK
            kiokoman LAYER 8 @johnpoz
            last edited by

            until last year I had a Samsung Tizen television, but one day my dog ​​(65 kg) bumped into it... I could still cry when I think about it

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            1 Reply Last reply Reply Quote 0
            • J
              jgauthier @kiokoman
              last edited by jgauthier

              @kiokoman @johnpoz

              Additional Context:
              My LAN interface is on 192.168.1.1.
              My new interface subnet (INETONLY) is on 192.168.10.1. The TV is connected to this one. The TV gets a lease with a IP like 192.168.10.101.

              The problem: The TV apparently tries repeatedly to access DNS at 192.168.1.1 whereas I would expect it should be using 192.168.10.1.

              does your new interface have a rule that permit tcp/udp to port 53 ? yes
              2e494710-3edf-4067-acfd-2d4f37d6af8e-image.png

              Apparently, the first rule is a hit and i don't understand why.
              2884d15e-d6fb-485a-9415-19695c99c450-image.png

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @jgauthier
                last edited by johnpoz

                @jgauthier your order is wrong to be honest.

                problem.jpg

                You should allow dns before you block.. Order is top down, first rule to trigger wins no other rules are evaluated.

                So trying to go to 192.168.1.1 on 53 would hit that first rule - which matches your lan subnets and would be blocked.

                Putting your 2nd rule above that block would allow access to your 192.168.1.1 on 53.

                But your 2nd issue is why would your tv still be asking 192.168.1.1 for dns? Normally dhcp would hand out its own address that 192.168.10.1, I would check maybe you have a reservation set for that TV mac, that is telling it to still try 1.1, or maybe your handing out both?

                If it was me I would change your 2nd rule to be above your block and would also limit it to just your inetonly address. But yeah you also want to figure out why your device(s) would still be trying to access 1.1 if you have set it to use 10.1 for dns, or told it via dhcp to use 10.1 vs 1.1, etc.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                J 1 Reply Last reply Reply Quote 0
                • J
                  jgauthier @johnpoz
                  last edited by

                  @johnpoz

                  Indeed, I have shared a version of my rules where I wanted to reproduce the problem. I had moved the "Allow DND Requests" first and it solved the flooding in the log but it doesn't change the fact the TV is trying to reach an address it should not.

                  I would check maybe you have a reservation set for that TV mac, that is telling it to still try 1.1, or maybe your handing out both?
                  I've followed this advice and I have an inactive reservation that was there probably prior to the creation of the new subnet. I just deleted it, and will test it.
                  89e9164e-bd05-40f6-8a91-93179cab7c63-image.png

                  If it was me I would change your 2nd rule to be above your block and would also limit it to just your inetonly address. But yeah you also want to figure out why your device(s) would still be trying to access 1.1 if you have set it to use 10.1 for dns, or told it via dhcp to use 10.1 vs 1.1, etc.
                  Thank you for the advice, I will do that once I have solved the problem.

                  Will keep you posted, thanks!

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @jgauthier
                    last edited by

                    @jgauthier that doesn't look like a reservation, a reservation for a device to always get the same IP should be showing NA for the lease time..

                    example

                    reservation.jpg

                    Is it possible your not truly isolated at layer 2 for your differnet networks?

                    That lease looks like it was recently obtained by the start and end dates..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    J 1 Reply Last reply Reply Quote 0
                    • J
                      jgauthier @johnpoz
                      last edited by

                      @johnpoz I understand. I never created a static ip related to that.

                      i think my subnets are correctly isolated. At some point while I was testing my tv, it connected automatically to the former wi-if network, hence it got a lease for LAN. That must be the reason… Since, I made the tv forget this former network.

                      Btw, I still get blocks on 192.168.1.1 coming from the tv :(. When I look at the network parameters in the tv, it shows 192.168.10.1 as the DNS server. Strange…

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @jgauthier
                        last edited by

                        @jgauthier yeah some of these devices suck for their network.. My thermostat I wanted to put it on another network.. And once it got an IP from dhcp it would never ask for another one... I had to fully reset it network settings vs just changing the ssid it connects too..

                        Can you reset its network - worse case scenario if it bugs you that much, but works anyway via doing queries to your 10.1 - you could prob do a full factory reset on it.. Or another option if it is actually working and you don't want the spam in the log, you could set a rule to block it and just not log traffic to 53 to the 1.1 from that tvs IP.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                        kiokomanK 1 Reply Last reply Reply Quote 1
                        • kiokomanK
                          kiokoman LAYER 8 @johnpoz
                          last edited by

                          or a NAT for the port 53 to 10.1
                          that's what i use for iot stuff with 8.8.8.8 hard coded inside ....

                          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                          Please do not use chat/PM to ask for help
                          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.