Intermittent connection issue
-
Exactly. That's what I've been telling them. DNS traffic is nothing special. It's like they're forcing their customers to only forward DNS requests.
-
@kevindd992002 said in Intermittent connection issue:
It's like they're forcing their customers
They discovered, like many before, that that info is worth a max. People are using already themself's massively the "let bring everything to 8.8.8.8".
And lets face it : if you are an ISP, and you have to make this deal with nearby Google's data centre to invest in a very costly 50 / 50 % fiber POP between the Google data centre and the ISP centre (ISP users consume a LOT of Youtube traffic !!) then what should this ISP do ? They cash cash out or they 'make this another deal'.
So, yes, DNS is manly 'visible' to they can grab it, and do what they want with it.Btw : it's the technical point of views that interests me here. I don't care what Google does, neither my ISP. They can have it, I don't care.
-
Get a different ISP? Clearly you pointed out them that their carrier grade nat is broken..
-
@Gertjan said in Intermittent connection issue:
@kevindd992002 said in Intermittent connection issue:
It's like they're forcing their customers
They discovered, like many before, that that info is worth a max. People are using already themself's massively the "let bring everything to 8.8.8.8".
And lets face it : if you are an ISP, and you have to make this deal with nearby Google's data centre to invest in a very costly 50 / 50 % fiber POP between the Google data centre and the ISP centre (ISP users consume a LOT of Youtube traffic !!) then what should this ISP do ? They cash cash out or they 'make this another deal'.
So, yes, DNS is manly 'visible' to they can grab it, and do what they want with it.Btw : it's the technical point of views that interests me here. I don't care what Google does, neither my ISP. They can have it, I don't care.
But I don't forward to 8.8.8.8. I'm trying to resolve. Sorry, not sure what you mean?
@johnpoz said in Intermittent connection issue:
Get a different ISP? Clearly you pointed out them that their carrier grade nat is broken..
I can't, I'm still locked in with them (contract) and I have a point-to-point VPN connection with my other house that's using the same ISP (so best connection quality).
-
@kevindd992002 said in Intermittent connection issue:
But I don't forward to 8.8.8.8
8.8.8 is just an example. And I was talking about 8.8.8.8, choosen by your ISP, the DNs where they are forwarding to.
@kevindd992002 said in Intermittent connection issue:
I had to go back to using unbound (forwarder) again as a workaround.
To who ?
Sending DNS request to
Hostname IP address IPv4 / IPv6 Organization a.root-servers.net 198.41.0.4, 2001:503:ba3e::2:30 VeriSign, Inc. b.root-servers.net 199.9.14.201, 2001:500:200::b University of Southern California (ISI) c.root-servers.net 192.33.4.12, 2001:500:2::c Cogent Communications d.root-servers.net 199.7.91.13, 2001:500:2d::d University of Maryland e.root-servers.net 192.203.230.10, 2001:500:a8::e NASA f.root-servers.net 192.5.5.241, 2001:500:2f::f Internet Systems Consortium, Inc. g.root-servers.net 192.112.36.4, 2001:500:12::d0d US Department of Defense (NIC) h.root-servers.net 198.97.190.53, 2001:500:1::53 US Army (Research Lab) i.root-servers.net 192.36.148.17, 2001:7fe::53 Netnod j.root-servers.net 192.58.128.30, 2001:503:c27::2:30 VeriSign, Inc. k.root-servers.net 193.0.14.129, 2001:7fd::1 RIPE NCC l.root-servers.net 199.7.83.42, 2001:500:9f::42 ICANN m.root-servers.net 202.12.27.33, 2001:dc3::35 WIDE Projector, the DNS you choose to forward to, what is the difference ? Yet you said that the first 13 are not possible.
Read, for example https://securitytrails.com/blog/dns-root-servers and understand something is very wrong.
Reset pfSense to default, and see if it works. If not, take a look at your ISP contract.
@kevindd992002 said in Intermittent connection issue:
I have a point-to-point VPN connection
Aha. That changes a lot.
Use pfSense with default settings (again !) and the resolver will work.
Adding a VPN and suddenly it stops. That make the solution rather simple. : remove things that break things.
Or setup correctly the new things. -
@Gertjan said in Intermittent connection issue:
@kevindd992002 said in Intermittent connection issue:
But I don't forward to 8.8.8.8
8.8.8 is just an example. And I was talking about 8.8.8.8, choosen by your ISP, the DNs where they are forwarding to.
@kevindd992002 said in Intermittent connection issue:
I had to go back to using unbound (forwarder) again as a workaround.
To who ?
Sending DNS request to
Hostname IP address IPv4 / IPv6 Organization a.root-servers.net 198.41.0.4, 2001:503:ba3e::2:30 VeriSign, Inc. b.root-servers.net 199.9.14.201, 2001:500:200::b University of Southern California (ISI) c.root-servers.net 192.33.4.12, 2001:500:2::c Cogent Communications d.root-servers.net 199.7.91.13, 2001:500:2d::d University of Maryland e.root-servers.net 192.203.230.10, 2001:500:a8::e NASA f.root-servers.net 192.5.5.241, 2001:500:2f::f Internet Systems Consortium, Inc. g.root-servers.net 192.112.36.4, 2001:500:12::d0d US Department of Defense (NIC) h.root-servers.net 198.97.190.53, 2001:500:1::53 US Army (Research Lab) i.root-servers.net 192.36.148.17, 2001:7fe::53 Netnod j.root-servers.net 192.58.128.30, 2001:503:c27::2:30 VeriSign, Inc. k.root-servers.net 193.0.14.129, 2001:7fd::1 RIPE NCC l.root-servers.net 199.7.83.42, 2001:500:9f::42 ICANN m.root-servers.net 202.12.27.33, 2001:dc3::35 WIDE Projector, the DNS you choose to forward to, what is the difference ? Yet you said that the first 13 are not possible.
Read, for example https://securitytrails.com/blog/dns-root-serversand understand something is very wrong.
Reset pfSense to default, and see if it works. If not, take a look at your ISP contract.
@kevindd992002 said in Intermittent connection issue:
I have a point-to-point VPN connection
Aha. That changes a lot.
Use pfSense with default settings (again !) and the resolver will work.
Adding a VPN and suddenly it stops. That make the solution rather simple. : remove things that break things.
Or setup correctly the new things.I'm currently forwarding to another local ISP's DNS servers that's known to be more stable. This works fine. As soon as I use resolver (querying against root hints servers), I get random drops. Are you saying ISP themselves just forward to Google for example? I was under the impression that they act as a resolver.
The link you gave is not found.
If you remember, we've been over the resetting of things to defaults :) It doesn't work. What I've been able to deduce/conclude is what I've explained just recently (resolver vs forwarder).
Not sure how a point to point VPN connection affects this? DNS traffic isn't routing through the tunnel. Also, like I said I did try pfsense with default settings already, to no avail. With a static IP from the ISP, everything works as expected. So there's really something wrong with their dynamic IP VLAN.
-
@kevindd992002 said in Intermittent connection issue:
I was under the impression that they act as a resolver.
You have no idea what they do.. They could resolve, they could forward... You threw your dns over the fence to them - what they do with it is out of your control... You just hope they give you back an answer, and you trust them to give you good info... They could give you whatever they want..
This is one of the big advantages to resolving - you control the dns.. You ask the authoritative NS directly... Not just trust someone else to have the right answer.
For all you know they forward, and the person they forward to forwards ;) Yes at some point there has to be a resolver.. But it could be a couple of forwarders in there for sure..
-
@johnpoz said in Intermittent connection issue:
@kevindd992002 said in Intermittent connection issue:
I was under the impression that they act as a resolver.
You have no idea what they do.. They could resolve, they could forward... You threw your dns over the fence to them - what they do with it is out of your control... You just hope they give you back an answer, and you trust them to give you good info... They could give you whatever they want..
This is one of the big advantages to resolving - you control the dns.. You ask the authoritative NS directly... Not just trust someone else to have the right answer.
For all you know they forward, and the person they forward to forwards ;) Yes at some point there has to be a resolver.. But it could be a couple of forwarders in there for sure..
Exactly! I want to have my own resolver. I told them that I don't want to rely on their DNS servers.
-
@kevindd992002 said in Intermittent connection issue:
Are you saying ISP themselves just forward to Google for example?
Well. Yes.
I don't know what they do, as they don't tell me, and I did not asked them.
But what would you do, being an ISP - and you have to pay the POP's ?
Resolve ? Or use Google DNS and billing them with thousands every month ? or not paying that POP thousands a month ?Again, you should be able to 'contact' the main 13 first core DNS servers. If not, something is very wrong.
-
@Gertjan said in Intermittent connection issue:
@kevindd992002 said in Intermittent connection issue:
Are you saying ISP themselves just forward to Google for example?
Well. Yes.
I don't know what they do, as they don't tell me, and I did not asked them.
But what would you do, being an ISP - and you have to pay the POP's ?
Resolve ? Or use Google DNS and billing them with thousands every month ? or not paying that POP thousands a month ?Again, you should be able to 'contact' the main 13 first core DNS servers. If not, something is very wrong.
I am able to contact the root hints servers but they're randonly dropping traffic, as if they're traffic shaping or something. Oh well, I'm still making them have a hard time about this.
