'opkg update' fails with custom DNS server set

glinoob · November 11, 2020, 4:50am

Hello, it seems like setting a custom DNS server in the GL-inet interface (More Settings > Custom DNS Server) causes ‘wget’ to be unable to download from fw.gl-inet.com – it always returns “failed to establish connection” – this causes ‘opkg update’ both from the command line and from within the web UI to fail, as it depends on ‘wget’.

Also, when I try to ‘ping fw.gl-inet.com’ on the command line it returns “bad address ‘fw.gl-inet.com’”

But when I use ‘nslookup’ and specify a DNS server, the host resolves properly.

I found that I had to go into Luci > Network > Interfaces, edit LAN, and add a custom DNS server… then ‘ping’ and ‘wget’ work properly, and as a result, so does ‘opkg update’.

This is a somewhat serious bug, I’m not sure if there is anywhere else to report bugs other than the forum… but here’s my report.

alzhao · November 13, 2020, 7:54am

This should not happen. What DNS server are you trying to set up?

glinoob · November 14, 2020, 10:54pm

I set up quad9 - 9.9.9.9 and 149.112.112.112. I tested them on systems other than the Brume at the time (both on the same LAN and elsewhere) and they were working fine, resolving the exact same addresses properly which were failing for ‘ping’ and ‘wget’.

glinoob · October 29, 2021, 9:29pm

Here I am a year later and found my own post while searching for info because I’m having the exact same problem. I did get it working this time though so I thought I would post a solution.

Scenario:

I have a GL-MV1000 Brume running latest stable firmware. It is set up with OpenVPN, and VPN leak protection turned on. I also have ‘Custom DNS Server’ set up in the GL-inet interface to use 9.9.9.9 as stated above.

Setting up ‘Custom DNS Server’ in the GL-inet interface doesn’t appear to break anything for DHCP clients on the LAN, but the settings don’t actually work for the Brume itself, at least not when OpenVPN is active.

When OpenVPN is active and I log in to the Brume, I notice that /etc/resolv.conf is set to the ISP-provided DNS servers obtained during DHCP autoconfig of interface wan … but these servers don’t work when OpenVPN is active, so functions of the Brume such as ‘opkg update’ are broken.

Even if they did work, I don’t want to use them anyway. I want the Brume to use 9.9.9.9 from the ‘Custom DNS Server’ settings in the GL-inet web interface.

Solution

I logged into LuCI, Network > Interfaces > edited interface wan, clicked Advanced Settings tab

unchecked ‘Use DNS servers advertised by peer’
checked ‘Use custom DNS servers’
added 9.9.9.9 and so forth, making sure to click the little + button to the right of the text box after adding each server IP address

This failed the first time I tried it.

The second time I tried, I did ‘Save & Apply’ after step 1, and step 3, and then it worked. I rebooted the router and logged in via ssh, and after OpenVPN came up, /etc/resolv.conf was set properly with 9.9.9.9 as I wanted.

I see there are a number of other forum posts about this issue. IMO it’s a bug, or if not a bug, then definitely a confusing UI issue. Most people would think that if you set ‘Custom DNS Server’ in the GL-inet interface, the router itself would also use this server! But it seems it does not, in at least some cases.

glinoob · October 29, 2021, 9:39pm

glinoob · May 10, 2022, 7:37pm

This bug has bitten me a third time now since I started this thread. This time on Brume running firmware 3.212.

I guarantee it is causing problems for others as well.

alzhao · May 12, 2022, 5:11am

I went throught this post again.

So the problem is, when you set up a custom dns in the UI, the clients uses them but the router itself seems not. Then it caused a problem for the router itself to resolve dns e.g. fw.gl-inet.com?

Happi · May 12, 2022, 8:21am

For info, I also found the update fails if you have a VPN running.

alzhao · May 12, 2022, 9:16am

I tried Nord openvpn and Azirevpn Wireguard on MT1300 3.212 beta3, tried to setup custom dns to 9.9.9.9 as well, update and opkg all works normal.

@Happi can you let me which vpn are you using?

glinoob · May 15, 2022, 2:22pm

Interesting to note there may be a relation to VPN usage.

I have an always-on VPN configured on my GL-inet devices. The only time they are running without VPN + “kill switch” enabled is during initial setup after I flash them.

In my case, it’s an OpenVPN connection to a server I control - I’m not using a VPN provider. The server is running Debian 10, so presumably whatever version of OpenVPN comes standard with that.