PFSense not playing nicely with Android TV
-
I'm tearing my hair out over this.
I have an Android TV and I use an app called TVirl. It lets you use streaming channels as "live channels" so they look like regular TV channels that you can flick through.
For as long as I can remember it has been buggy as hell. While watching TV it will just stop streaming, giving an error that the hostname can't be resolved.
Now that I've been looking more into it, I'm starting to think it's the entire TV that is having trouble and not just the app. Plex just stops working sometimes, Netflix will cut out etc. I've just put it down to being a shitty TV but I think DNS is actually the problem now.
The only problem that makes this so frustrating is that the entire TV just refuses to do anything once it fails until I do a full reboot or network reset. Previously I'd been turning the TV's WiFi off and on to fix it, which has I assume kicked the DNS into gear again, but I added a powerline ethernet adapter in the hopes of eliminating WiFi as the problem. Unfortunately not.
I have DNS resolver enabled and all devices are using PFSense, including the TV, as their DNS server.
On PFSense I have pfblockerng-devel installed and only a few lists running. I've reduced the number of lists as I thought this might have been slowing down unbound but it still hasn't helped.
I'm not sure if other devices on the network are affected. If they are, they're probably fixing themselves after a failure whereas the TV is just giving up.
I've tried to do packet captures and checked logs but I have no idea what to look for.
Any idea what the hell I can do to fix this?
-
@2fst4u Does it happen every time Unbound reloads?
-
Ooh, this is interesting... I have an LG TV that runs webOS, that has been driving me wild!
While watching YouTube, or Netflix, or Amazon Prime Video (using their respective Apps), it'll work for a while, then stop at a certain point (often between episodes - sometimes during/after YT in-video Ads) and display either a "... Loading" graphic (YT), or a "you don't have sufficient bandwidth to continue playback" (Netflix/APV).,
I've had my ISP check my phone-line, and my router (VDSL modem, PPPoE passthrough to my pfSense), replace it twice & I'm beginning to think it might be something that pfBlockerNG/pfSense is doing to it, that is upsetting the TV.
I have to turn off the TV & turn it back on, in order to get it working again (on any of its "smart"/online services), so I am extremely suspicious of the bandwidth claims & am now thinking it's more like a symptom of the TV not being able to get to its spy services, due to Pi-Hole blocklists that I've deployed on pfBlockerNG...
I'm not trying to steal this thread - it just looks very similar to my issue & though I'd share my experience & my process so far. I've currently got a problem with unbound & have had to allow DNS queries tfrom the LAN to 1.1.1.1, so I'll test tonight, to see if that's solved the TV's issues & report back.
-
@sotirone said in PFSense not playing nicely with Android TV:
@2fst4u Does it happen every time Unbound reloads?
Unbound isn't actually reloading when this happens. It's running constantly. At least I think it is.
@furriephillips interesting, although curious that it isn't Android TV too.
-
@furriephillips Update: it's still happening, even though I'm not currently using pfSense-based DNS, or blocklists.
-
@furriephillips same here. I set the TV to use Google DNS via DHCP and it still cut out. I'm not certain it'll be 100% related though since we have different operating systems
-
@sotirone I'm starting to think it is when unbound reloads. I got a tip-off that it might be a combination of pfblocker slowing down reload time and the setting for hostnames in DHCP logging in DNS.
-
@2fst4u said in PFSense not playing nicely with Android TV:
@sotirone I'm starting to think it is when unbound reloads. I got a tip-off that it might be a combination of pfblocker slowing down reload time and the setting for hostnames in DHCP logging in DNS.
Very true.
unbound restarts (default behaviour) when a new DHCP leases is created.
Adding pfblocker will delay the startup time of unbound.On the other hand : when your watching TV, resources (the URL where the stream comes from) is resolved, and I'm pretty sure Netflix), to name one of them, isn't changing servers while your watching something.
If your program stops during the show, I guess it's not DNS related.
More a generic "not enough bandwidth" issue. -
@Gertjan said in PFSense not playing nicely with Android TV:
@2fst4u said in PFSense not playing nicely with Android TV:
@sotirone I'm starting to think it is when unbound reloads. I got a tip-off that it might be a combination of pfblocker slowing down reload time and the setting for hostnames in DHCP logging in DNS.
Very true.
unbound restarts (default behaviour) when a new DHCP leases is created.Yes, so one of the things I tried was increasing the DHCP lease time to about a day so it happens less frequently, but this didn't help unfortunately.
On the other hand : when your watching TV, resources (the URL where the stream comes from) is resolved, and I'm pretty sure Netflix), to name one of them, isn't changing servers while your watching something.
If your program stops during the show, I guess it's not DNS related.I thought so too, once it's resolved it shouldn't be cutting out halfway to say it can't resolve. Unfortunately that's exactly the error I'm getting, that DNS can't resolve the address. Remember I'm watching TV in a weird way using the app TVirl which I'm also wondering might be the cause of the issue. When I'm watching other things on the TV I don't think it cuts out, although I can think of a couple of occasions where it has.
More a generic "not enough bandwidth" issue.
I wish I could resolve this but alas, I'm stuck on a DSL connection in a semi-rural town.
Another possibility is that it's the TV's fault on the whole and it's just terrible at DNS requests. Once it stops working it takes forever to kick in again whereas I don't experience this with other devices on the network.
-
We've seen issues with Android devices when Unbound has the "respond to SSL/TLS queries" option on. Turning it off fixes it. Interestingly, the Android devices reporting the problems also have problems with Google's own DNS. I haven't had a chance to get my hands on any of the devices in question, but this behavior's been confirmed in a lot of places on a lot of devices, so it's worth a shot.
My understanding is that some Android versions default to SSL over TLS and fall back to regular DNS eventually. The latest pfSense release seemed to "cut off" a lot of recent Android devices (they'd eventually load sites and things, but large numbers of DNS requests timing out = users thinking the internet was down).
-
Your mean this one :
That's an option for pure paranoid network, where even the DNS LAN traffic has to be crypted.
Only experts, who control every connected device, and fools would activate this option (imho).I've never played with this option. I don't know, right now, if my own devices even support it.
-
@Gertjan I wonder how one might test such a situation...
-
@2fst4u Turn off DHCP Registration in DNS Resolver until the need for reloading is fixed in some future version.
How much RAM does your pfsense box have and how many pfblocker dns entries do you have? Low RAM with large pfblocker lists leads to long unbound restart times.
-
@Gertjan that's fine. I have seen many installations where it was turned on just to support it for the devices that wanted it - until recently, that never seemed to be a problem. Just thought I'd put the information out there in case you happened to have turned it on.
-
@beatvjiking said in PFSense not playing nicely with Android TV:
We've seen issues with Android devices when Unbound has the "respond to SSL/TLS queries" option on. Turning it off fixes it. Interestingly, the Android devices reporting the problems also have problems with Google's own DNS. I haven't had a chance to get my hands on any of the devices in question, but this behavior's been confirmed in a lot of places on a lot of devices, so it's worth a shot.
My understanding is that some Android versions default to SSL over TLS and fall back to regular DNS eventually. The latest pfSense release seemed to "cut off" a lot of recent Android devices (they'd eventually load sites and things, but large numbers of DNS requests timing out = users thinking the internet was down).
Thank you for the suggestion. I gave this a try and let it run for a few days but the TV has still had this issue just as often as it was previously. It was worth a shot and I'll leave that setting off now anyway.
@sotirone said in PFSense not playing nicely with Android TV:
@2fst4u Turn off DHCP Registration in DNS Resolver until the need for reloading is fixed in some future version.
How much RAM does your pfsense box have and how many pfblocker dns entries do you have? Low RAM with large pfblocker lists leads to long unbound restart times.
It's an SG-3100. I've pared down my pfblocker lists to just four DNS ones. It's not so much that inbound is taking a long time to reload I think, it's just that when it does reload (maybe - I'm still not sure that's why) the TV gives up trying.
-
@2fst4u 4 lists could still have millions of entries. Do a Force Reload on the pfblocker page and see how many total entries it says it loaded.
The usual culprit for unbound reloading frequently as mentioned before is the DHCP Registration in DNS Resolver. That means every time a DHCP client connects (and maybe disconnects?) unbound reloads to update. This is especially problematic when you have many Wifi clients that might connect and disconnect frequently for whatever reason. I think I read somewhere in here that a fix is being worked on for a future release. The current fix is to disable the DHCP Registration in DNS Resolver.
-
@sotirone pfblocker only reloads at midnight though, so surely it isn't forcing unbound to reload, right?
I've disabled the registration of DHCP clients too. Unfortunately the problem persists.
-
I think I might have resolved my particular issue... I was timing the incidences of the lock-ups of my TV & I could only get about 1 hour before having to reboot it, to resolve the problem. I believe that I set my DHCP lease to 3600s during a DNS outage, as it was causing havoc, having to wait for my devices to re-establish their DNS serviceability.
Anyway, I just set the TV’s IP from automatic, to manual & it has since managed to automatically continue-play a second episode of a Netflix TV show I’ve been watching...
I remain hopeful & will update you if it looks like it has been completely resolved.
-
I can confirm that manually configuring my TV’s network settings has resolved the regular freeze-ups.
Good luck @2fst4u
-
sounds more like your tv was having issues renewing its lease to be honest. Vs a dns related problem.
