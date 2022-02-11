Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, 2talk and Vocus)2degrees DNS - no DNS over TCP using broadband (Wellington)
ethanbmnz

133 posts

Master Geek


#293760 11-Feb-2022 21:51
Send private message quote this post

Hi,

 

I've found that sending TCP DNS queries to the (new) 2degrees DNS resolvers does not work on broadband - dig reports that the connection times out.
Can anyone else replicate this? (The broadband connection is in the Wellington region)

 

 

 

I don't encounter any issues sending UDP DNS queries to the new 2degrees DNS resolvers, nor do I encounter any issues sending TCP or UDP DNS queries to the old 2degrees DNS resolvers.

 

I also don't encounter any issues sending TCP or UDP queries to the new 2degrees DNS resolvers using my phone (on 2degrees mobile data) tethered to my laptop.

 

(To be clear, there are no problems with general day to day internet usage that I have experienced. What this breaks is e.g. large UDP DNS responses that are truncated and retried with TCP)

Create new topic
freitasm
BDFL - Memuneh
74172 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2866695 11-Feb-2022 22:11
Send private message quote this post

Is there any documentation indicating they should work over TCP?




Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Backblaze | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 

Affiliate link
 
 
 

Affiliate link: Norton 360 antivirus provides enhanced security for your connected devices, a secure VPN for online privacy, Password Manager, Firewall, SafeCam, PC Cloud Backup, Dark Web Monitoring, Parental Control, and more. An all-in-one cybersecurity solution backed by 100% Virus Protection Promise and 60 Day Money Back Guarantee.
ethanbmnz

133 posts

Master Geek


  #2866702 11-Feb-2022 22:32
Send private message quote this post

freitasm: Is there any documentation indicating they should work over TCP?

 

RFC 1123, section 6.1.3.2 "Transport Protocols"

 

For related reading: "DNS Flag Day 2020" and the associated blog posts by APNIC and Cloudflare.

michaelmurfy
/dev/ttys0
11027 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2866703 11-Feb-2022 22:37
Send private message quote this post

Actually, I am wondering if this is a recent change. Something changed which basically broke my DNS servers on my network and I was seeing a whole lot of timeouts to 2degrees DNS servers (new). I do generate a fair few requests given my network is quite big. In the end to resolve this I set up unbound locally here + my DNS servers talk over UDP/TCP.

 

I know this isn't too helpful, but I think @pwner may be able to provide some more insight.




Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.



freitasm
BDFL - Memuneh
74172 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2866727 11-Feb-2022 23:05
Send private message quote this post

Thanks, I understand that. My question should be “did they ever work this way"?




Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Backblaze | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 

aspired
22 posts

Geek

ID Verified
Trusted
2degrees

  #2866729 11-Feb-2022 23:18
Send private message quote this post

Thanks team for the heads up. I’ll look into this

pwner
389 posts

Ultimate Geek

Trusted
2degrees

  #2867994 14-Feb-2022 10:01
Send private message quote this post

michaelmurfy:

 

Actually, I am wondering if this is a recent change. Something changed which basically broke my DNS servers on my network and I was seeing a whole lot of timeouts to 2degrees DNS servers (new). I do generate a fair few requests given my network is quite big. In the end to resolve this I set up unbound locally here + my DNS servers talk over UDP/TCP.

 

I know this isn't too helpful, but I think @pwner may be able to provide some more insight.

 

 

@aspired is the best person to look at this and looks like he is already onto it.




Any posts are personal comments and not that of my employer

MadEngineer
3062 posts

Uber Geek

Trusted

  #2868071 14-Feb-2022 10:38
Send private message quote this post

freitasm: Is there any documentation indicating they should work over TCP?


https://datatracker.ietf.org/doc/html/rfc1034




You're not on Atlantis anymore, Duncan Idaho.



freitasm
BDFL - Memuneh
74172 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2868110 14-Feb-2022 11:45
Send private message quote this post

Yes, my question is if 2degress ever documented it should work with their network and if it worked before.




Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Backblaze | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 

timmmay
18586 posts

Uber Geek

Trusted
Subscriber

  #2868131 14-Feb-2022 12:02
Send private message quote this post

DNS is meant to work on either TCP or UDP. TCP is typically used for large queries only as UDP is more efficient. Supporting only UDP means some queries may fail.

ethanbmnz

133 posts

Master Geek


  #2934312 25-Jun-2022 16:42
Send private message quote this post

I'm back on a 2degrees broadband connection (been away for a few months), and the original post is still applicable.

 

Just wondering if anyone else can still replicate this (minor) issue?

 

 

As an example, `dig +tcp @111.69.69.69 a www.google.com.` replicates the issue for me. (The server address can be replaced with any of the other new DNS resolver addresses, and the DNS query itself (i.e. querying the A record for www.google.com.) doesn't matter.)

 

 

(I am saying 'Wellington region' broadly - I don't want to provide a more granular location in public.)

timmmay
18586 posts

Uber Geek

Trusted
Subscriber

  #2934335 25-Jun-2022 18:40
Send private message quote this post

I'm in the Wellington area, it looks to me like 2degrees DNS doesn't support TCP. Is this actually causing a problem for you? Maybe you should just use Google / CloudFlare DNS?

ANglEAUT
1699 posts

Uber Geek

Trusted

  #2934452 25-Jun-2022 22:14
Send private message quote this post

ethanbmnz: ... Can anyone else replicate this? (The broadband connection is in the Wellington region) ...

 

Also happening in the Auckland region.

 

 




Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

 

RZmask referral | with small

fe31nz
831 posts

Ultimate Geek


  #2934511 25-Jun-2022 23:49
Send private message quote this post

I am in Palmerston North and am not getting DNS over TCP either.  It is not the most important thing in the world for it to work, but there are certain edge cases of very large queries that will only work over TCP and as I understand it most DNS clients will automatically try TCP when a UDP request fails for that reason.  I thought all the standard DNS servers supported TCP connections by default as it is part of the standard, so for it not to work on 2degrees means they have misconfigured something - maybe some firewall rules?

olivernz
301 posts

Ultimate Geek

ID Verified
Lifetime subscriber

  #2934992 27-Jun-2022 17:35
Send private message quote this post

Nope, no TCP resolution in Kapiti over TCP. But as stated above I tend to use DoH to Cloudflare & Quad9. Of course all behind PiHole ;o)

 

 

michaelmurfy
/dev/ttys0
11027 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2934998 27-Jun-2022 17:53
Send private message quote this post

@olivernz Have a look at https://nextdns.io/ - that is what I am using to supplement PiHole (I also use DoH). Also handy if you have multiple networks (eg, Guest WiFi) as you can set different profiles to each without the need to spawn additional PiHole instances.




Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.

Create new topic





News and reviews »

Belkin Screenforce Tempered Glass Screen Protector and Bumper - Apple Watch
Posted 15-Aug-2022 17:20

Samsung Introducing Galaxy Z Flip4 and Galaxy Z Fold4
Posted 11-Aug-2022 01:00

Samsung Unveils Health Innovations with Galaxy Watch5 and Galaxy Watch5 Pro
Posted 11-Aug-2022 01:00

Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51

ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28

GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41

Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41

Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04

Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50

Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54

Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50

Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48

NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06

New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14

Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac



RSS feeds
Main feed
Forums feed
Copyright
©2002-2022 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Slack
Geekzone on Twitter
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 