FREESCO Support

[Corn]

I've been using this same Freesco-box without any changes for over a year. No problems.
Recently I noticed that I can't seem to reach a few specific domains on the Internet, esp. 'amd.com' and its subdomains, such as 'ati.amd.com'.

After some research I have the strong impression that this is caused by a (for me) strange behaviour of the DNS-server on my Freesco-box.

An example from the 'recent log' looks like this:

Nov 4 13:28:29 - dnsmasq[3057]: query ati.amd.com from 192.168.1.9
Nov 4 13:28:29 - dnsmasq[3057]: forwarded ati.amd.com to 62.45.46.46
Nov 4 13:28:29 - kernel: IP fw-in rej ppp0 UDP 128.8.10.90:53 83.128.67.82:48737 L=517 S=0x00 I=60004 F=0x0000 T=84
Nov 4 13:28:29 - kernel: IP fw-in rej ppp0 UDP 192.203.230.10:53 83.128.67.82:48738 L=529 S=0x00 I=64579 F=0x0000 T=47
Nov 4 13:28:30 - kernel: IP fw-in rej ppp0 UDP 192.228.79.201:53 83.128.67.82:48739 L=517 S=0x00 I=40722 F=0x0000 T=47
Nov 4 13:28:30 - kernel: IP fw-in rej ppp0 UDP 128.8.10.90:53 83.128.67.82:48741 L=517 S=0x00 I=2157 F=0x0000 T=84
Nov 4 13:28:30 - kernel: IP fw-in rej ppp0 UDP 192.203.230.10:53 83.128.67.82:48734 L=529 S=0x00 I=65433 F=0x0000 T=47
Nov 4 13:28:30 - kernel: IP fw-in rej ppp0 UDP 192.228.79.201:53 83.128.67.82:48740 L=517 S=0x00 I=0 F=0x4000 T=47
Nov 4 13:28:30 - kernel: IP fw-in rej ppp0 UDP 192.203.230.10:53 83.128.67.82:48742 L=529 S=0x00 I=65464 F=0x0000 T=47
Nov 4 13:28:31 - kernel: IP fw-in rej ppp0 UDP 202.12.27.33:53 83.128.67.82:48743 L=517 S=0x00 I=54727 F=0x0000 T=56
Nov 4 13:28:32 - kernel: IP fw-in rej ppp0 UDP 192.203.230.10:53 83.128.67.82:48742 L=529 S=0x00 I=2761 F=0x0000 T=47
Nov 4 13:28:32 - kernel: IP fw-in rej ppp0 UDP 192.228.79.201:53 83.128.67.82:48744 L=517 S=0x00 I=0 F=0x4000 T=47
Nov 4 13:28:32 - kernel: IP fw-in rej ppp0 UDP 128.8.10.90:53 83.128.67.82:48745 L=517 S=0x00 I=40078 F=0x0000 T=84
Nov 4 13:28:32 - kernel: IP fw-in rej ppp0 UDP 192.58.128.30:53 83.128.67.82:48747 L=529 S=0x00 I=43777 F=0x4000 T=57
Nov 4 13:28:32 - kernel: IP fw-in rej ppp0 UDP 192.203.230.10:53 83.128.67.82:48746 L=529 S=0x00 I=4281 F=0x0000 T=47
Nov 4 13:28:36 - kernel: IP fw-in rej ppp0 UDP 128.8.10.90:53 83.128.67.82:48745 L=517 S=0x00 I=30083 F=0x0000 T=84
Nov 4 13:28:36 - kernel: IP fw-in rej ppp0 UDP 192.203.230.10:53 83.128.67.82:48746 L=529 S=0x00 I=10467 F=0x0000 T=47
Nov 4 13:28:36 - kernel: IP fw-in rej ppp0 UDP 128.8.10.90:53 83.128.67.82:48748 L=517 S=0x00 I=40153 F=0x0000 T=84
Nov 4 13:28:36 - kernel: IP fw-in rej ppp0 UDP 192.203.230.10:53 83.128.67.82:48749 L=529 S=0x00 I=11631 F=0x0000 T=47

- 62.45.46.46 is one of my ISP's DNS-servers. I have other examples where the other DNS gives a similar result.
- internally I use 192.168.1.0 addresses, so the rejects from the firewall are probably correct.
However, I don't get any replies for this DNS-query onto my internal network. With the result that my computers can't reach the desired websites.
- 192.168.1.9 is an internal DNS-server that I use for my Windows-network. It has forwarding enabled for all domains except the 'internal' domain that it hosts. Disabling recursion on this DNS-server stopped the rejections on the firewall, but I still didn't get a reply for the 'ati.amd.com'-domain.

I have not noticed anything like this for any other domains. Is this something that happens moreoften? Do you recognize this pattern?

I don't know which details would be of interest, so I'm adding the following:

----- : Interfaces : -----
----- ifconfig -----
eth0 Link encap:Ethernet HWaddr 00:10:DC:42:55:EB
inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6671 errors:0 dropped:0 overruns:1 frame:0
TX packets:8710 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 Interrupt:11 Base address:0xc800

eth1 Link encap:Ethernet HWaddr 00:19:E0:10:88:30
inet addr:192.168.100.2 Bcast:192.168.100.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9065 errors:0 dropped:0 overruns:0 frame:0
TX packets:6716 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 Interrupt:10 Base address:0xcc00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:50 errors:0 dropped:0 overruns:0 frame:0
TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
collisions:0

ppp0 Link encap:Point-Point Protocol
inet addr:83.128.67.82 P-t-P:83.128.64.1 Mask:255.0.0.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:9063 errors:0 dropped:0 overruns:0 frame:0
TX packets:6714 errors:0 dropped:0 overruns:0 carrier:0
collisions:0

----- : Routing : -----
----- route -n -----
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
255.255.255.255 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
255.255.255.255 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
83.128.64.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 18 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 2 lo
0.0.0.0 83.128.64.1 0.0.0.0 UG 0 0 175 ppp0

----- : Firewall/Input : -----
----- ipfwadm -I -lne -----
IP firewall input rules, default policy: reject
pkts bytes type prot opt tosa tosx ifname ifaddress source destination ports
34 3501 acc all ---- 0xFF 0x00 lo 0.0.0.0 0.0.0.0/0 0.0.0.0/0 n/a
0 0 acc all ---- 0xFF 0x00 eth1 0.0.0.0 0.0.0.0/0 255.255.255.0 n/a
0 0 acc all ---- 0xFF 0x00 eth1 0.0.0.0 0.0.0.0/0 0.0.0.0/0 n/a
0 0 acc all ---- 0xFF 0x00 eth0 0.0.0.0 0.0.0.0/0 255.255.255.0 n/a
6293 937K acc all ---- 0xFF 0x00 eth0 0.0.0.0 0.0.0.0/0 0.0.0.0/0 n/a
0 0 acc tcp ---- 0xFF 0x00 * 0.0.0.0 62.45.45.45 0.0.0.0/0 53 -> *
0 0 acc tcp ---- 0xFF 0x00 * 0.0.0.0 62.45.46.46 0.0.0.0/0 53 -> *
0 0 rej tcp b--o 0xFF 0x00 * 0.0.0.0 0.0.0.0/0 0.0.0.0/0 53 -> *
0 0 rej tcp ---o 0xFF 0x00 * 0.0.0.0 0.0.0.0/0 0.0.0.0/0 * -> 22
0 0 rej tcp ---o 0xFF 0x00 * 0.0.0.0 0.0.0.0/0 0.0.0.0/0 * -> 9136
0 0 rej tcp ---o 0xFF 0x00 * 0.0.0.0 0.0.0.0/0 0.0.0.0/0 * -> 21
0 0 rej tcp ---o 0xFF 0x00 * 0.0.0.0 0.0.0.0/0 0.0.0.0/0 * -> 514
13 1349 acc udp ---- 0xFF 0x00 * 0.0.0.0 62.45.45.45 0.0.0.0/0 53 -> *
33 4877 acc udp ---- 0xFF 0x00 * 0.0.0.0 62.45.46.46 0.0.0.0/0 53 -> *
28 14632 rej udp b--o 0xFF 0x00 * 0.0.0.0 0.0.0.0/0 0.0.0.0/0 53 -> *
0 0 rej udp ---o 0xFF 0x00 * 0.0.0.0 0.0.0.0/0 0.0.0.0/0 * -> 22
0 0 rej udp ---o 0xFF 0x00 * 0.0.0.0 0.0.0.0/0 0.0.0.0/0 * -> 9136
0 0 rej udp ---o 0xFF 0x00 * 0.0.0.0 0.0.0.0/0 0.0.0.0/0 * -> 21
0 0 rej udp ---o 0xFF 0x00 * 0.0.0.0 0.0.0.0/0 0.0.0.0/0 * -> 514
0 0 rej all ---o 0xFF 0x00 * 0.0.0.0 0.0.0.0/0 192.168.100.0/24 n/a
0 0 rej all ---o 0xFF 0x00 * 0.0.0.0 192.168.100.0/24 0.0.0.0/0 n/a
0 0 rej all ---o 0xFF 0x00 * 0.0.0.0 0.0.0.0/0 192.168.1.0/24 n/a
0 0 rej all ---o 0xFF 0x00 * 0.0.0.0 192.168.1.0/24 0.0.0.0/0 n/a
8212 7258K acc all ---- 0xFF 0x00 * 0.0.0.0 0.0.0.0/0 0.0.0.0/0 n/a

----- : Firewall/Forward : -----
----- ipfwadm -F -lne -----
IP firewall forward rules, default policy: reject
pkts bytes type prot opt tosa tosx ifname ifaddress source destination ports
0 0 acc/m all ---- 0xFF 0x00 eth1 0.0.0.0 192.168.1.0/24 192.168.100.1 n/a
5108 811K acc/m all ---- 0xFF 0x00 ppp0 0.0.0.0 192.168.1.0/24 0.0.0.0/0 n/a

In the attachment is a report for the current configuration.

Can anyone help me with this?

Corné

[dilberts_left_nut]

It would seem that your internal DNS server is querying a lot of other servers besides your freesco, and it looks like the return packets from those servers are getting blocked.
This is not a setup I have tried (or would recommend )
Any reason why you don't point your clients (and/or your DNS server) at (only) your freesco DNS server?

[Corn]

I do have my internal DNS-server forward all requests (except the ones for its own zone) to the Freesco-box. The Freesco IP is the only forwarding IP-adres that I filled in on the internal DNS-server. All my clients only have the internal DNS-server in their IP-configuration.

Turning the 'recursion'-option on or of on the DNS-server, doesn't really influence the endresult. I can turn it of to get rid of the firewall-messages (which indeed make a bad impression ), but I still get no reply on these particular DNS-requests.

Mind you, this only happens for the 'amd.com'-domain. For all other domains it works fine. For example:

Nov 4 15:54:58 - dnsmasq[3057]: query download.windowsupdate.com from 192.168.1.9
Nov 4 15:54:58 - dnsmasq[3057]: forwarded download.windowsupdate.com to 62.45.46.46
Nov 4 15:54:58 - dnsmasq[3057]: reply download.windowsupdate.nsatc.net is 87.248.197.38
Nov 4 15:54:58 - dnsmasq[3057]: reply download.windowsupdate.nsatc.net is 87.248.197.48
Nov 4 15:54:58 - dnsmasq[3057]: reply mscom-wui.vo.llnwd.net is 87.248.197.38
Nov 4 15:54:58 - dnsmasq[3057]: reply mscom-wui.vo.llnwd.net is 87.248.197.48
Nov 4 15:54:58 - dnsmasq[3057]: query http://www.update.microsoft.com from 192.168.1.9
Nov 4 15:54:58 - dnsmasq[3057]: forwarded http://www.update.microsoft.com to 62.45.46.46
Nov 4 15:54:58 - dnsmasq[3057]: reply http://www.update.microsoft.com is 65.55.184.27
Nov 4 15:54:58 - dnsmasq[3057]: reply http://www.update.microsoft.com.nsatc.net is 65.55.184.27

When I turn of recursion on the internal DNS, all I get in the log is a 'forwarded ati.amd.com to 62.45.46.46' and then it stops; there is never a reply. The rejECTED messages from the firewall actually are the only proof that the DNS-query is sent to the outside world. And that there are DNS-servers answering. Albeit not an answer I can use...

What could I do to help troubleshoot this problem?

Corné

[dilberts_left_nut]

amd.com works ok from here...

Code: Select all

C:\Documents and Settings\Craig>nslookup amd.com
Server:  dns
Address:  192.168.0.99

Non-authoritative answer:
Name:    amd.com
Addresses:  163.181.251.236, 163.181.251.237, 139.95.251.236, 139.95.251.237

Try another DNS server than your ISP (in freesco), maybe openDNS.
Ask your ISP why everything except amd.com works.
The fact that everything else works points to it not being your problem ....

[Corn]

OK, thanks!
I suppose I'll look into the OpenDNS-option further. Today I installed the DNSpatch for Freesco 038, so that part is takenn care of. Now only to find the correct IP-adresses (I assume that's just one Google away ). Something for tomorrow morning.
And/or calling my ISPs helpdesk. I wonder what that will bring

I had already verified that the problem was not with AMD (!), by running an nslookup on a UNIX-host located on the Internet. But I hadn't thought of a problem at my ISP as a possible cause.

The fact that everything else works points to it not being your problem ....

This is a little optimistic. The cause may lie elsewhere, I still have the problem...

Corné

[Lightning]

You can program any DNS server IP address into your FREESCO box because all public DNS servers are just that "public". So it could be something as simple as a unusual entry your ISP has in there data base for those IP addresses and changing the server may resolve that problem. It could also be that there is some type of exception in your internal DNS server that is causing the problem. The simplest way to test that is to just turn the internal machine off and try it with the clients directly pointed at FREESCO. If that works fine then it is something set wrong in the internal DNS server. With your network configuration there are a lot of minor settings that could cause these types of problems. So it will need to be tested removing one thing at a time to figure it out.

[Corn]

I just overruled the DNS-setting on one of my clients that it had gotten by DHCP, with the IP-address of the Freesco-box.
The result on the client is that 'ati.amd.com' still can't be resolved. In the recent-log it looks like this:

Nov 5 06:45:57 - dnsmasq[3057]: query ati.amd.com from 192.168.1.22
Nov 5 06:45:57 - dnsmasq[3057]: forwarded ati.amd.com to 62.45.46.46
Nov 5 06:45:58 - dnsmasq[3057]: query ati.amd.com from 192.168.1.22
Nov 5 06:45:58 - dnsmasq[3057]: forwarded ati.amd.com to 62.45.45.45
Nov 5 06:45:59 - dnsmasq[3057]: query ati.amd.com from 192.168.1.22
Nov 5 06:45:59 - dnsmasq[3057]: forwarded ati.amd.com to 62.45.46.46

Other websites do still work. For instance:

Nov 5 06:51:01 - dnsmasq[3057]: query global-download.acer.com from 192.168.1.22
Nov 5 06:51:01 - dnsmasq[3057]: forwarded global-download.acer.com to 62.45.45.45
Nov 5 06:51:01 - dnsmasq[3057]: reply global-download.acer.com is 193.0.238.182
Nov 5 06:51:01 - dnsmasq[3057]: reply global-download.gtm.acer.com is 193.0.238.182

I'll post other results later.

Corné

[Corn]

I just added the IP-adresses of 2 OpenDNS-servers in Advanced option 41. There were already 2 DNS-servers from my ISP, so there was still room for a 3rd and 4th. Rebooted the Freesco-box, et voila ... the 'ati.amd.com'-website opens in my webbrowser.

Now just for fun, let's have a look at the recent-log:

Nov 5 09:20:51 - dnsmasq[3064]: query ati.amd.com from 192.168.1.9
Nov 5 09:20:51 - dnsmasq[3064]: forwarded ati.amd.com to 62.45.45.45
Nov 5 09:20:53 - dnsmasq[3064]: query ati.amd.com from 192.168.1.9
Nov 5 09:20:53 - dnsmasq[3064]: forwarded ati.amd.com to 208.67.222.222
Nov 5 09:20:53 - dnsmasq[3064]: reply ati.amd.com.edgesuite.net is 213.155.157.49
Nov 5 09:20:53 - dnsmasq[3064]: reply ati.amd.com.edgesuite.net is 213.155.157.41
Nov 5 09:20:53 - dnsmasq[3064]: reply a677.g.akamai.net is 213.155.157.49
Nov 5 09:20:53 - dnsmasq[3064]: reply a677.g.akamai.net is 213.155.157.41
Nov 5 09:20:53 - dnsmasq[3064]: query http://www.ati.com from 192.168.1.9
Nov 5 09:20:53 - dnsmasq[3064]: forwarded http://www.ati.com to 208.67.222.222
Nov 5 09:20:54 - dnsmasq[3064]: reply http://www.ati.com.edgesuite.net is 213.155.157.16
Nov 5 09:20:54 - dnsmasq[3064]: reply http://www.ati.com.edgesuite.net is 213.155.157.33
Nov 5 09:20:54 - dnsmasq[3064]: reply a674.g.akamai.net is 213.155.157.16
Nov 5 09:20:54 - dnsmasq[3064]: reply a674.g.akamai.net is 213.155.157.33
Nov 5 09:20:54 - dnsmasq[3064]: query a.amd.com from 192.168.1.9
Nov 5 09:20:54 - dnsmasq[3064]: forwarded a.amd.com to 208.67.222.222
Nov 5 09:20:54 - dnsmasq[3064]: reply a.amd.com is 64.154.87.157
Nov 5 09:20:54 - dnsmasq[3064]: reply ehg-amd.1p.hitbox.com is 64.154.87.157
Nov 5 09:20:56 - dnsmasq[3064]: reply ccdn-www.amd.com.edgesuite.net.chinaredirector.akadns.net is 213.155.157.10
Nov 5 09:20:56 - dnsmasq[3064]: reply ccdn-www.amd.com.edgesuite.net.chinaredirector.akadns.net is 213.155.157.50
Nov 5 09:20:56 - dnsmasq[3064]: reply a24.g.akamai.net is 213.155.157.10
Nov 5 09:20:56 - dnsmasq[3064]: reply a24.g.akamai.net is 213.155.157.50
Nov 5 09:20:59 - dnsmasq[3064]: query metrics.amd.com from 192.168.1.9
Nov 5 09:20:59 - dnsmasq[3064]: forwarded metrics.amd.com to 208.67.222.222
Nov 5 09:20:59 - dnsmasq[3064]: reply metrics.amd.com is 66.235.143.121
Nov 5 09:20:59 - dnsmasq[3064]: reply metrics.amd.com is 66.235.142.2
Nov 5 09:20:59 - dnsmasq[3064]: reply metrics.amd.com is 66.235.142.3
Nov 5 09:20:59 - dnsmasq[3064]: reply metrics.amd.com is 66.235.142.20
Nov 5 09:20:59 - dnsmasq[3064]: reply metrics.amd.com is 66.235.142.24
Nov 5 09:20:59 - dnsmasq[3064]: reply metrics.amd.com is 66.235.143.54
Nov 5 09:20:59 - dnsmasq[3064]: reply metrics.amd.com is 66.235.143.118
Nov 5 09:20:59 - dnsmasq[3064]: reply amd.com.122.2o7.net is 66.235.143.121
Nov 5 09:20:59 - dnsmasq[3064]: reply amd.com.122.2o7.net is 66.235.142.2
Nov 5 09:20:59 - dnsmasq[3064]: reply amd.com.122.2o7.net is 66.235.142.3
Nov 5 09:20:59 - dnsmasq[3064]: reply amd.com.122.2o7.net is 66.235.142.20
Nov 5 09:20:59 - dnsmasq[3064]: reply amd.com.122.2o7.net is 66.235.142.24
Nov 5 09:20:59 - dnsmasq[3064]: reply amd.com.122.2o7.net is 66.235.143.54
Nov 5 09:20:59 - dnsmasq[3064]: reply amd.com.122.2o7.net is 66.235.143.118
Nov 5 09:20:59 - dnsmasq[3064]: query support.amd.com from 192.168.1.9
Nov 5 09:20:59 - dnsmasq[3064]: forwarded support.amd.com to 208.67.222.222
Nov 5 09:20:59 - dnsmasq[3064]: reply support.amd.com.edgekey.net is 88.221.167.144
Nov 5 09:20:59 - dnsmasq[3064]: reply e1820.c.akamaiedge.net is 88.221.167.144

I know the Internet is global, but I'm in Europe, AMD is in America, now what is the 'chinaredirector' doing in my DNS-path?
Sinister conspiracy ...


Whatever, it works! Thanks for all the help.

Corné

[Corn]

PS.
I still will have to contact my ISP, since the DNS now works fine, but I still have problems contacting some of the AMD-sites (like game.amd.com).

Corné