Ping.manjaro.org.lan is not resolving

Sounds like your router thinks http://ping.manjaro.org is a local address. Maybe because it’s not using https?

Found it! It’s only for the AAAA records. ping.manjaro.org does not have an IPv6 address configured. Please add that in the DNS records.

I don’t think that’s going to happen. :wink:

Put we can ping @philm who controls that stuff to see what he can do about it.

It’s not like this IPv6 stuff is totally new and unknown off: https://tools.ietf.org/html/rfc2460 :wink:

You block every Domain that does not have a AAAA record? I mean, I can understand why you want to block Amazon and big parts of AWS, but there are many domains out there that does not have a AAAA record.

My ISP gives me full IPv6 access and I run dual stack. I don’t block any hosts that do not have an IPv6 address, that would be silly.

But every other DNS lookup that only resolves to an IPv4 address does not result in additional lookups that get the .lan attached.

So, I don’t know what causes this behavior. I think it is something about NetworkManager. It uses this FQDN for checking network connectivity and I think it does additional weird things when it receives only an IPv4 but not an IPv6 address when checking for connectivity. This additional weird stuff does not happen for normal DNS lookups.

We currently only offer A Records for all our services. Let’s see what I can do about AAAA Records.

1 Like

That shouldn’t matter.

Notice the NODATA entry for the AAAA query.

What are you using for DNS resolution? IOW, how are requests getting to your pi-hole?

I am on xfce unstable and the recent Network Manager update on 2/26/2021 removed my interval setting in /usr/lib/NetworkManager/conf.d/20-connectivity.conf . I put interval = back to 36000, however, it is still pinging archlinux.org. I am not sure what the source of aur.archlinux.org is. Hourly??? Maybe pamac?? Here is the log from asuswrt-Merlin running Diversion. Note that gaps are because it will not show while running vpn.

2021-03-02 16:33	www.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 16:12	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 16:12	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 16:01	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 15:38	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 15:38	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 15:37	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 15:01	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 14:00	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 13:00	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 12:00	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 11:00	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 10:06	www.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 10:00	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 08:09	www.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 08:00	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 07:05	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 07:05	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 07:05	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 07:01	aur.archlinux.org	192.168.1.6	A	Allowed
2021-03-02 07:00	www.archlinux.org	192.168.1.6	A	Allowed

The Plasma NetworkManager applet has an exclamation point next to the wifi indicator. I occasionally get the following notification, even though I clearly have Internet access:

image

I believe this is related to ping.manjaro.org as well.

; <<>> DiG 9.16.12 <<>> ping.manjaro.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58149
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 2701e624038e3e4747a38dce603f39ca17c9125311e9f474 (good)
;; QUESTION SECTION:
;ping.manjaro.org.		IN	A

;; ANSWER SECTION:
ping.manjaro.org.	17614	IN	A	176.9.38.148

;; AUTHORITY SECTION:
manjaro.org.		2187	IN	NS	ns1.first-ns.de.
manjaro.org.		2187	IN	NS	robotns2.second-ns.de.
manjaro.org.		2187	IN	NS	robotns3.second-ns.com.

;; ADDITIONAL SECTION:
robotns2.second-ns.de.	18658	IN	A	213.133.105.6
robotns3.second-ns.com.	3372	IN	A	193.47.99.3
robotns3.second-ns.com.	104580	IN	AAAA	2001:67c:192c::add:a3

Somewhere the settings for your network is incorrect - most likely a zone file.

If the settings for your dns/dhcp your local domain is not terminated with a dot (.) and thus extensions can be appended.

Examples for bind zone files

CNAME record host.domain.lan.
Domain record domain.lan.

1 Like

Good point. I see you are running your own recursive DNS resolver. On my Pihole I have simply set a number of the predefined DNS providers.

I have set my Pihole as the default DNS in my lan and I get DNS requests from all the hosts in my lan on the Pihole. But, I still also get DNS requests from my router on the Pihole. This is not an issue, they get resolved normally, passed back to the router and the router passes them on to whoever queried the router for that domain. It’s the last bit of configuration hackery that I have not solved, because I don’t want any DNS requests going through my router, but it’s not a biggie.

I use Openwrt on my router and I have set my Pihole as the default DNS in the DHCP/DNS settings and as the custom DNS for each applicable interface.

The ping.manjaro.org AAAA record gives me a NODATA response as well, so that’s not the issue.

When looking at the ping.manjaro.org.lan requests, they are only for the AAAA record, never for the A record. They only come directly from my Manjaro machines and not via the router. They get a NXDOMAIN response, so that’s correct.

The two main issues are:

  1. where is that .lan appended to the DNS requests… I don’t know and it could well be configuration error on my end, but it never misbehaved with the previous setting for the Arch Linux domain which does resolve to an IP address for the AAAA record
  2. the request for ping.manjaro.org.lan gets passed on to the authoritative DNS resolvers I have set and this most likely is something I can prevent in Pihole, but have not yet figured out how.

I’m probably being dense. I can’t seem to find any bind zone files. Not on my pc, nor router, nor Pihole.

I have no proof to give, other than my gut: this stinks of avahi interference.

That’s tied in with IPv6. I see the same thing, and I hate it-although I’ve been able to tame it to only the wireless devices used in the house.

Have you set your pi-hole’s IPv6 address as the IPv6 DNS server in your DHCP configuration (DHCP - option6)?

I think this should resolve it:

nslookup ping.manjaro.org
Server:		192.168.XX.Y
Address:	192.168.XX.Y#ZZ

Non-authoritative answer:
Name:	ping.manjaro.org
Address: 176.9.38.148
Name:	ping.manjaro.org
Address: 2a01:4f8:150:448b::1

I’ll now add to all our other services the AAAA record.

5 Likes

Looks good! I don’t see any lookups of ping.manjaro.org.lan in the logs any more and I do see succesful IPv6 lookups for ping.manjaro.org. So it was something weird about the connectivity check and the missing AAAA record. Thanks @philm! And thanks for letting the other Manjaro domains/hosts join the IPv6 future as well :smiley:

In your /etc/resolv.conf, you probably have the entry search lan. Now, if it can’t find a record (probably NODATA), it will try to locate this in the local network which is .lan.

1 Like

Indeed. I see that is automatically configured in man 5 resolv.conf /The file says it’s generated by NetworkManager, which makes me think I should go through NetworkManager to change the settings. Going through the man page for NetworkManager.conf and nm-settings.conf, I don’t see if and how.

I can edit resolv.conf directly and see what happens, but I’d still like to look up hostnames on my lan. What I find strange though, is that a FQDN gets looked up on the lan side…

Is this also connected somehow with the issue I explained here?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.