Re: How to enable DNS over TCP on Orbi

axemolt · ‎2021-01-13

Certain domans lookups that return with a large list of responses failing currently with:

;; Truncated, retrying in TCP mode.

From what I understood, this is because the response too large for UDP and tries to use TCP which gets a "connection refused".

I don't see an router setting to enable DNS over TCP. Has anyone else experienced this and/or have any suggestions?

CrimpOn · ‎2021-01-13

@axemolt wrote:
Certain domans lookups that return with a large list of responses failing currently with:
;; Truncated, retrying in TCP mode.

No, I have never seen such a message. Where did this message appear? (Orbi log? computer?)

Acccording to this web page, switchover to TCP is supposed to be automatic:

https://www.infoblox.com/dns-security-resource-center/dns-security-faq/is-dns-tcp-or-udp-port-53/

FURRYe38 · ‎2021-01-13

What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

@axemolt wrote:
Certain domans lookups that return with a large list of responses failing currently with:
;; Truncated, retrying in TCP mode.

From what I understood, this is because the response too large for UDP and tries to use TCP which gets a "connection refused".

I don't see an router setting to enable DNS over TCP. Has anyone else experienced this and/or have any suggestions?

axemolt · ‎2021-01-14

I saw this on the my computer (mac), when I was doing an nslookup command. My browser wouldn't load https://travel.state.gov, so I started troubleshooting.

➜ ~ nslookup travel.state.gov
;; Truncated, retrying in TCP mode.
;; Connection to <orbi_ip>#53(<orbi_ip>) for travel.state.gov failed: connection refused.

I confirmed that tcp port 53 is not open on the Orbi:

➜ ~ nc -vzu <orbi_ip> 53
Connection to <orbi_ip> port 53 [udp/domain] succeeded!

➜ ~ nc -vz <orbi_ip> 53
nc: connectx to <orbi_ip> port 53 (tcp) failed: Connection refused

However, today that nslookup command is working and the browser is loading the page fine.

FURRYe38 · ‎2021-01-14

What Firmware version is currently loaded?
What is the Mfr and model# of the Internet Service Providers modem/ONT the NG router is connected too?

axemolt · ‎2021-01-15

Model is RBR40 with latest firmware 2.5.1.22

CrimpOn · ‎2021-01-15

@axemolt wrote:
I saw this on the my computer (mac), when I was doing an nslookup command. My browser wouldn't load https://travel.state.gov, so I started troubleshooting.
However, today that nslookup command is working and the browser is loading the page fine.

Troubleshooting problems that cannot be replicated is really difficult.

My experience with Windows nslookup succeeded first time. And Advanced Port Scanner shows these TCP ports open on the Orbi:

23 -Telnet (which I enabled)

53 - DNS

80 - HTTP

443 - HTTPS

631 - Internet Printing Protocol ("news to me", since I have not enabled ReadyShare. May want to look into this)