From avkaplmkt at gmail.com Sat Jun 16 14:01:58 2018 From: avkaplmkt at gmail.com (Advrk Aplmrkt) Date: Sat, 16 Jun 2018 14:01:58 +0000 Subject: [getdns-users] Stubby constantly has to be restarted to work in Manjaro Message-ID: Hello, I've been using Stubby on default settings per the instructions here for several months: https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby I installed it from the official repositories for my Manjaro Linux system and I used Network Manager to point my home wifi connection to always use Stubby for DNS at 127.0.0.1. It worked well enough until a few weeks ago when all DNS look ups on this system failed. I discovered that after restarting Stubby via the command "systemctl restart stubby" makes DNS lookups work again, **but only for a few minutes at a time!!!** So now, I have to keep a terminal window open all the time and rerun "systemctl restart stubby" every few minutes just to keep my Internet connection working... This is clearly not a sustainable solution. Can anyone advise on how to troubleshoot this issue? Thanks! From willem at nlnetlabs.nl Mon Jun 18 10:21:16 2018 From: willem at nlnetlabs.nl (Willem Toorop) Date: Mon, 18 Jun 2018 12:21:16 +0200 Subject: [getdns-users] Stubby constantly has to be restarted to work in Manjaro In-Reply-To: References: Message-ID: Thanks Advrk, Could you provide a few more details on the versions? The output of stubby -i and/or getdns_query -i Thanks, -- Willem Op 16-06-18 om 16:01 schreef Advrk Aplmrkt: > Hello, > > I've been using Stubby on default settings per the instructions here > for several months: > > https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby > > I installed it from the official repositories for my Manjaro Linux > system and I used Network Manager to point my home wifi connection to > always use Stubby for DNS at 127.0.0.1. It worked well enough until a > few weeks ago when all DNS look ups on this system failed. > > I discovered that after restarting Stubby via the command "systemctl > restart stubby" makes DNS lookups work again, **but only for a few > minutes at a time!!!** > > So now, I have to keep a terminal window open all the time and rerun > "systemctl restart stubby" every few minutes just to keep my Internet > connection working... This is clearly not a sustainable solution. > > Can anyone advise on how to troubleshoot this issue? Thanks! > _______________________________________________ > Users mailing list > Users at getdnsapi.net > https://getdnsapi.net/mailman/listinfo/users > From avkaplmkt at gmail.com Tue Jun 19 19:40:31 2018 From: avkaplmkt at gmail.com (Advrk Aplmrkt) Date: Tue, 19 Jun 2018 19:40:31 +0000 Subject: [getdns-users] Stubby constantly has to be restarted to work in Manjaro In-Reply-To: References: Message-ID: Thanks Willem, here's the output of `stubby -i`: https://framabin.org/p/?8a235367bb28d8de#wpiW/+3K66F4yFqr6aRd1enfCGC+NolOEoG/SG21NGM= And here's the output of `getdns_query -i`: https://framabin.org/p/?9e9fed3b8d641187#/5y59RJ4tVtbtZcIPeQKRv+Nsnamy9LA1dIpF/jby6c= Do you see any problems with it? Thanks for your help! On 18/06/2018, Willem Toorop wrote: > Thanks Advrk, > > Could you provide a few more details on the versions? > The output of > > stubby -i > > and/or > > getdns_query -i > > Thanks, > > -- Willem > > Op 16-06-18 om 16:01 schreef Advrk Aplmrkt: >> Hello, >> >> I've been using Stubby on default settings per the instructions here >> for several months: >> >> https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby >> >> I installed it from the official repositories for my Manjaro Linux >> system and I used Network Manager to point my home wifi connection to >> always use Stubby for DNS at 127.0.0.1. It worked well enough until a >> few weeks ago when all DNS look ups on this system failed. >> >> I discovered that after restarting Stubby via the command "systemctl >> restart stubby" makes DNS lookups work again, **but only for a few >> minutes at a time!!!** >> >> So now, I have to keep a terminal window open all the time and rerun >> "systemctl restart stubby" every few minutes just to keep my Internet >> connection working... This is clearly not a sustainable solution. >> >> Can anyone advise on how to troubleshoot this issue? Thanks! >> _______________________________________________ >> Users mailing list >> Users at getdnsapi.net >> https://getdnsapi.net/mailman/listinfo/users >> > > _______________________________________________ > Users mailing list > Users at getdnsapi.net > https://getdnsapi.net/mailman/listinfo/users > From willem at nlnetlabs.nl Wed Jun 20 10:36:10 2018 From: willem at nlnetlabs.nl (Willem Toorop) Date: Wed, 20 Jun 2018 12:36:10 +0200 Subject: [getdns-users] Stubby constantly has to be restarted to work in Manjaro In-Reply-To: References: Message-ID: Op 19-06-18 om 21:40 schreef Advrk Aplmrkt: > Thanks Willem, here's the output of `stubby -i`: > > https://framabin.org/p/?8a235367bb28d8de#wpiW/+3K66F4yFqr6aRd1enfCGC+NolOEoG/SG21NGM= > > And here's the output of `getdns_query -i`: > > https://framabin.org/p/?9e9fed3b8d641187#/5y59RJ4tVtbtZcIPeQKRv+Nsnamy9LA1dIpF/jby6c= > > Do you see any problems with it? I notice you do have DNSSEC validation enabled and we do have a bug since 1.4.2 (introduced with the partly trace DNSSEC up from the root fix). Could you give the attached two patches a try and see if that works? Thanks! -- Willem > Thanks for your help! > > On 18/06/2018, Willem Toorop wrote: >> Thanks Advrk, >> >> Could you provide a few more details on the versions? >> The output of >> >> stubby -i >> >> and/or >> >> getdns_query -i >> >> Thanks, >> >> -- Willem >> >> Op 16-06-18 om 16:01 schreef Advrk Aplmrkt: >>> Hello, >>> >>> I've been using Stubby on default settings per the instructions here >>> for several months: >>> >>> https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby >>> >>> I installed it from the official repositories for my Manjaro Linux >>> system and I used Network Manager to point my home wifi connection to >>> always use Stubby for DNS at 127.0.0.1. It worked well enough until a >>> few weeks ago when all DNS look ups on this system failed. >>> >>> I discovered that after restarting Stubby via the command "systemctl >>> restart stubby" makes DNS lookups work again, **but only for a few >>> minutes at a time!!!** >>> >>> So now, I have to keep a terminal window open all the time and rerun >>> "systemctl restart stubby" every few minutes just to keep my Internet >>> connection working... This is clearly not a sustainable solution. >>> >>> Can anyone advise on how to troubleshoot this issue? Thanks! >>> _______________________________________________ >>> Users mailing list >>> Users at getdnsapi.net >>> https://getdnsapi.net/mailman/listinfo/users >>> >> >> _______________________________________________ >> Users mailing list >> Users at getdnsapi.net >> https://getdnsapi.net/mailman/listinfo/users >> > _______________________________________________ > Users mailing list > Users at getdnsapi.net > https://getdnsapi.net/mailman/listinfo/users > -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fix-finding-signer-of-NSEC-and-NSEC3s.patch Type: text/x-patch Size: 8517 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-DS-is-always-a-delegation-and-never-at-the-apex.patch Type: text/x-patch Size: 1719 bytes Desc: not available URL: From avkaplmkt at gmail.com Wed Jun 20 11:10:33 2018 From: avkaplmkt at gmail.com (Advrk Aplmrkt) Date: Wed, 20 Jun 2018 11:10:33 +0000 Subject: [getdns-users] Stubby constantly has to be restarted to work in Manjaro In-Reply-To: References: Message-ID: Thanks for getting back to me! I'm happy to apply the patch, but I am unfamiliar with stubby. To which files to I apply the patches to??? On 20/06/2018, Willem Toorop wrote: > Op 19-06-18 om 21:40 schreef Advrk Aplmrkt: >> Thanks Willem, here's the output of `stubby -i`: >> >> https://framabin.org/p/?8a235367bb28d8de#wpiW/+3K66F4yFqr6aRd1enfCGC+NolOEoG/SG21NGM= >> >> And here's the output of `getdns_query -i`: >> >> https://framabin.org/p/?9e9fed3b8d641187#/5y59RJ4tVtbtZcIPeQKRv+Nsnamy9LA1dIpF/jby6c= >> >> Do you see any problems with it? > > I notice you do have DNSSEC validation enabled and we do have a bug > since 1.4.2 (introduced with the partly trace DNSSEC up from the root > fix). Could you give the attached two patches a try and see if that works? > > Thanks! > > -- Willem > >> Thanks for your help! >> >> On 18/06/2018, Willem Toorop wrote: >>> Thanks Advrk, >>> >>> Could you provide a few more details on the versions? >>> The output of >>> >>> stubby -i >>> >>> and/or >>> >>> getdns_query -i >>> >>> Thanks, >>> >>> -- Willem >>> >>> Op 16-06-18 om 16:01 schreef Advrk Aplmrkt: >>>> Hello, >>>> >>>> I've been using Stubby on default settings per the instructions here >>>> for several months: >>>> >>>> https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby >>>> >>>> I installed it from the official repositories for my Manjaro Linux >>>> system and I used Network Manager to point my home wifi connection to >>>> always use Stubby for DNS at 127.0.0.1. It worked well enough until a >>>> few weeks ago when all DNS look ups on this system failed. >>>> >>>> I discovered that after restarting Stubby via the command "systemctl >>>> restart stubby" makes DNS lookups work again, **but only for a few >>>> minutes at a time!!!** >>>> >>>> So now, I have to keep a terminal window open all the time and rerun >>>> "systemctl restart stubby" every few minutes just to keep my Internet >>>> connection working... This is clearly not a sustainable solution. >>>> >>>> Can anyone advise on how to troubleshoot this issue? Thanks! From willem at nlnetlabs.nl Wed Jun 20 11:26:55 2018 From: willem at nlnetlabs.nl (Willem Toorop) Date: Wed, 20 Jun 2018 13:26:55 +0200 Subject: [getdns-users] Stubby constantly has to be restarted to work in Manjaro In-Reply-To: References: Message-ID: <76f4bea0-3125-722e-f4ff-5de80d5013d4@nlnetlabs.nl> These patches apply to the getdns source. How did you install stubby initially? If you followed these instructions: https://dnsprivacy.org/wiki/pages/viewpage.action?pageId=3145786 Then you can just do that again, as the patches are on the develop branch of the repository already... If you succeed you should see getdns version 1.4.3-rc1 reported with stubby -i. i.e.: { "all_context": { "add_warning_for_bad_dns": GETDNS_EXTENSION_FALSE, etc. "resolution_type": GETDNS_RESOLUTION_STUB, "version_number": 17040065, "version_string": } Cheers, -- Willem Op 20-06-18 om 13:10 schreef Advrk Aplmrkt: > Thanks for getting back to me! I'm happy to apply the patch, but I am > unfamiliar with stubby. To which files to I apply the patches to??? > > On 20/06/2018, Willem Toorop wrote: >> Op 19-06-18 om 21:40 schreef Advrk Aplmrkt: >>> Thanks Willem, here's the output of `stubby -i`: >>> >>> https://framabin.org/p/?8a235367bb28d8de#wpiW/+3K66F4yFqr6aRd1enfCGC+NolOEoG/SG21NGM= >>> >>> And here's the output of `getdns_query -i`: >>> >>> https://framabin.org/p/?9e9fed3b8d641187#/5y59RJ4tVtbtZcIPeQKRv+Nsnamy9LA1dIpF/jby6c= >>> >>> Do you see any problems with it? >> >> I notice you do have DNSSEC validation enabled and we do have a bug >> since 1.4.2 (introduced with the partly trace DNSSEC up from the root >> fix). Could you give the attached two patches a try and see if that works? >> >> Thanks! >> >> -- Willem >> >>> Thanks for your help! >>> >>> On 18/06/2018, Willem Toorop wrote: >>>> Thanks Advrk, >>>> >>>> Could you provide a few more details on the versions? >>>> The output of >>>> >>>> stubby -i >>>> >>>> and/or >>>> >>>> getdns_query -i >>>> >>>> Thanks, >>>> >>>> -- Willem >>>> >>>> Op 16-06-18 om 16:01 schreef Advrk Aplmrkt: >>>>> Hello, >>>>> >>>>> I've been using Stubby on default settings per the instructions here >>>>> for several months: >>>>> >>>>> https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby >>>>> >>>>> I installed it from the official repositories for my Manjaro Linux >>>>> system and I used Network Manager to point my home wifi connection to >>>>> always use Stubby for DNS at 127.0.0.1. It worked well enough until a >>>>> few weeks ago when all DNS look ups on this system failed. >>>>> >>>>> I discovered that after restarting Stubby via the command "systemctl >>>>> restart stubby" makes DNS lookups work again, **but only for a few >>>>> minutes at a time!!!** >>>>> >>>>> So now, I have to keep a terminal window open all the time and rerun >>>>> "systemctl restart stubby" every few minutes just to keep my Internet >>>>> connection working... This is clearly not a sustainable solution. >>>>> >>>>> Can anyone advise on how to troubleshoot this issue? Thanks! > _______________________________________________ > Users mailing list > Users at getdnsapi.net > https://getdnsapi.net/mailman/listinfo/users > From avkaplmkt at gmail.com Wed Jun 20 14:43:27 2018 From: avkaplmkt at gmail.com (Advrk Aplmrkt) Date: Wed, 20 Jun 2018 14:43:27 +0000 Subject: [getdns-users] Stubby constantly has to be restarted to work in Manjaro In-Reply-To: <76f4bea0-3125-722e-f4ff-5de80d5013d4@nlnetlabs.nl> References: <76f4bea0-3125-722e-f4ff-5de80d5013d4@nlnetlabs.nl> Message-ID: I see. I originally installed stubby from the Manjaro Linux Community repository, so it's a prebuilt binary. Should I uninstall that first, then follow your instructions to build from source? (sorry I'm kind of new to this so some hand holding needed...) On 20/06/2018, Willem Toorop wrote: > These patches apply to the getdns source. How did you install stubby > initially? If you followed these instructions: > > https://dnsprivacy.org/wiki/pages/viewpage.action?pageId=3145786 > > Then you can just do that again, as the patches are on the develop > branch of the repository already... > > If you succeed you should see getdns version 1.4.3-rc1 reported with > stubby -i. i.e.: > > { > "all_context": > { > "add_warning_for_bad_dns": GETDNS_EXTENSION_FALSE, > > etc. > > "resolution_type": GETDNS_RESOLUTION_STUB, > "version_number": 17040065, > "version_string": > } > > > Cheers, > -- Willem > > Op 20-06-18 om 13:10 schreef Advrk Aplmrkt: >> Thanks for getting back to me! I'm happy to apply the patch, but I am >> unfamiliar with stubby. To which files to I apply the patches to??? >> >> On 20/06/2018, Willem Toorop wrote: >>> Op 19-06-18 om 21:40 schreef Advrk Aplmrkt: >>>> Thanks Willem, here's the output of `stubby -i`: >>>> >>>> https://framabin.org/p/?8a235367bb28d8de#wpiW/+3K66F4yFqr6aRd1enfCGC+NolOEoG/SG21NGM= >>>> >>>> And here's the output of `getdns_query -i`: >>>> >>>> https://framabin.org/p/?9e9fed3b8d641187#/5y59RJ4tVtbtZcIPeQKRv+Nsnamy9LA1dIpF/jby6c= >>>> >>>> Do you see any problems with it? >>> >>> I notice you do have DNSSEC validation enabled and we do have a bug >>> since 1.4.2 (introduced with the partly trace DNSSEC up from the root >>> fix). Could you give the attached two patches a try and see if that >>> works? >>> >>> Thanks! >>> >>> -- Willem >>> >>>> Thanks for your help! >>>> >>>> On 18/06/2018, Willem Toorop wrote: >>>>> Thanks Advrk, >>>>> >>>>> Could you provide a few more details on the versions? >>>>> The output of >>>>> >>>>> stubby -i >>>>> >>>>> and/or >>>>> >>>>> getdns_query -i >>>>> >>>>> Thanks, >>>>> >>>>> -- Willem >>>>> >>>>> Op 16-06-18 om 16:01 schreef Advrk Aplmrkt: >>>>>> Hello, >>>>>> >>>>>> I've been using Stubby on default settings per the instructions here >>>>>> for several months: >>>>>> >>>>>> https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby >>>>>> >>>>>> I installed it from the official repositories for my Manjaro Linux >>>>>> system and I used Network Manager to point my home wifi connection to >>>>>> always use Stubby for DNS at 127.0.0.1. It worked well enough until a >>>>>> few weeks ago when all DNS look ups on this system failed. >>>>>> >>>>>> I discovered that after restarting Stubby via the command "systemctl >>>>>> restart stubby" makes DNS lookups work again, **but only for a few >>>>>> minutes at a time!!!** >>>>>> >>>>>> So now, I have to keep a terminal window open all the time and rerun >>>>>> "systemctl restart stubby" every few minutes just to keep my Internet >>>>>> connection working... This is clearly not a sustainable solution. >>>>>> >>>>>> Can anyone advise on how to troubleshoot this issue? Thanks! >> _______________________________________________ >> Users mailing list >> Users at getdnsapi.net >> https://getdnsapi.net/mailman/listinfo/users >> > > _______________________________________________ > Users mailing list > Users at getdnsapi.net > https://getdnsapi.net/mailman/listinfo/users > From willem at nlnetlabs.nl Wed Jun 20 15:47:19 2018 From: willem at nlnetlabs.nl (Willem Toorop) Date: Wed, 20 Jun 2018 17:47:19 +0200 Subject: [getdns-users] Stubby constantly has to be restarted to work in Manjaro In-Reply-To: References: <76f4bea0-3125-722e-f4ff-5de80d5013d4@nlnetlabs.nl> Message-ID: Op 20-06-18 om 16:43 schreef Advrk Aplmrkt: > I see. I originally installed stubby from the Manjaro Linux Community > repository, so it's a prebuilt binary. Should I uninstall that first, > then follow your instructions to build from source? (sorry I'm kind of > new to this so some hand holding needed...) No problem! I have to think about how to continue... In the mean time, could you try to comment out the dnssec_return_status option in your stubby.yml file, to see if the issue is indeed DNSSEC validation related? Did you enable that option yourself btw? Or was that the Manjaro default? -- Willem From avkaplmkt at gmail.com Wed Jun 20 21:02:43 2018 From: avkaplmkt at gmail.com (Advrk Aplmrkt) Date: Wed, 20 Jun 2018 21:02:43 +0000 Subject: [getdns-users] Stubby constantly has to be restarted to work in Manjaro In-Reply-To: References: <76f4bea0-3125-722e-f4ff-5de80d5013d4@nlnetlabs.nl> Message-ID: OK, I've commented out the DNSSEC section and restarted stubby. I will wait a while to see if it is still working or not. As for whether DNSSEC was on by default, honestly I can't remember. Sorry! In the mean time, do let me know if I should uninstall the stubby I installed from the repository and build from source. Thanks for your help! On 20/06/2018, Willem Toorop wrote: > Op 20-06-18 om 16:43 schreef Advrk Aplmrkt: >> I see. I originally installed stubby from the Manjaro Linux Community >> repository, so it's a prebuilt binary. Should I uninstall that first, >> then follow your instructions to build from source? (sorry I'm kind of >> new to this so some hand holding needed...) > > No problem! I have to think about how to continue... > > In the mean time, could you try to comment out the dnssec_return_status > option in your stubby.yml file, to see if the issue is indeed DNSSEC > validation related? > > Did you enable that option yourself btw? > Or was that the Manjaro default? > > -- Willem > _______________________________________________ > Users mailing list > Users at getdnsapi.net > https://getdnsapi.net/mailman/listinfo/users > From avkaplmkt at gmail.com Sun Jun 24 20:39:42 2018 From: avkaplmkt at gmail.com (Advrk Aplmrkt) Date: Sun, 24 Jun 2018 20:39:42 +0000 Subject: [getdns-users] Stubby constantly has to be restarted to work in Manjaro In-Reply-To: References: <76f4bea0-3125-722e-f4ff-5de80d5013d4@nlnetlabs.nl> Message-ID: OK. I've tried this for a while and here's what I found. I commented out the dnssec line in stubby.yml and restarted stubby via systemctl. After that stubby worked reliably for several hours of general Internet use like web browsing. Next, I put the dnssec line *back* into stubby.yml and restarted stubby again. This time, even though stubby didn't fail every few minutes, the lookups are unreliable (some times I have to reload a site two or even three times before the lookup worked) and performance is bad (lookups take much longer than without dnssec). Even then, I still have to restart stubby every once in a while (maybe a few times per hour) for it to work. Finally, I removed the dnssec line again from stubby.yml, and stubby is suddenly much more reliable and performant again. Is this information helpful for diagnosing the problem? How can we solve this problem? Thanks!! On 20/06/2018, Willem Toorop wrote: > Op 20-06-18 om 16:43 schreef Advrk Aplmrkt: >> I see. I originally installed stubby from the Manjaro Linux Community >> repository, so it's a prebuilt binary. Should I uninstall that first, >> then follow your instructions to build from source? (sorry I'm kind of >> new to this so some hand holding needed...) > > No problem! I have to think about how to continue... > > In the mean time, could you try to comment out the dnssec_return_status > option in your stubby.yml file, to see if the issue is indeed DNSSEC > validation related? > > Did you enable that option yourself btw? > Or was that the Manjaro default? > > -- Willem > _______________________________________________ > Users mailing list > Users at getdnsapi.net > https://getdnsapi.net/mailman/listinfo/users >