Amazon Echo no longer working



  • About 4 days ago all of my Amazon Echo devices quit working (I have 4) - could no longer register with Amazon. I tunnel all of my DNS traffic via PIA (VPN tunnel is terminated on my PFSENSE firewall) - and I use PIA provided DNS servers (209.222.18.222 and 218). If I swapped out my PFSENSE firewall with a generic home router-built-in WIFI - problem solved. So that pointed me to an issue with my PFSENSE firewall. I'll cut to what I found - took me 3 days doing sniffer traces: Amazon Echo - upon bootup - does several things before it declares sucess - one of the things that it does is a DNS query for www.example.com asking for a AAAA record (an ipv6 address). If it does not get a sucessful answer back it CANNOT register with Amazon - and what the user will hear from Echo is some message that it cannot communicate to the internet. I changed my DNS configuration in PFSENSE to use google (8.8.8.8)...all 4 Echo devices immediately was able to register. I don't know if Amazon upgraded code on their Echos 4 days ago - or the behavior of PIA's provided DNS servers changed when doing a AAAA DNS query - but it was one or the other. This was not a Pfsense issue - but I wanted to at least let other folk know if they have a similar setup....The bitmap attached (hopefully attached) shows a bad wiresharp trace on the left (line 38) and on the right a good (sucessful Amazon registration upon bootup) trace. 0_1530368057432_Amazon-Echo-DNS-Issue.png


  • Netgate Administrator

    Interesting. Hard to believe Echo cannot work without IPv6. Still a good portion of the world in that category. Unfortunately.

    Did you try adding a host override for www.example.net/com?

    Steve



  • Host over ride? Assume you mean a manual local entry? I'm sure that would have worked but I never tried it. I reported this issue to Amazon - I'll be curious if I hear anything (serious) back from the technical side. And I don't care - I just wanted to at least let some folks know about this. It would have been a lot easier to trouble shoot this problem if I had a way to capture the traffic when it was working (i.e. going thru a regular home router/WIFI) - getting a capture of when it was broken (going thru pfsense) was easy. It wasn't until I found out that there was a tcpdump abiltiy via CLI in my UNIFI AP that gave me that ability that I was able to generate a "good capture" - and compare the 2 traces....Before I could that CLI tcpdump on my Unifi AP I was getting closer to dragging out an old Cisco switch and putting it in-between the home router and my ISP box - and port mirror the traffic to another port so I could sniff it. I hated doing that since you no longer see your internal sources - only the local NAT - but that was my final approach if all else failed. Major PIA. I use Echo for a lot of home automation - music - talk - the spouse was not happy during those 3 days...



  • I noticed something like this that just started happening. As my main dns servers in pfsense are setup PIA dns servers and has been working for over a year this way until the last couple weeks when I could not longer reach amazon or Netflix. I switched out the dns servers with goggle dns and it all started working again.



  • Somewhat related comment. I just found out that that D-Link DGS-1100 managed switches (which someone in this forum recommend) support port mirroring. That capability would have really helped if I had been aware of it. I just made the assumption that you needed an enterprise capable switch for that feature.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy