My eBlocker 3.1.0 is running on Raspberry Pi 3 4 GB RAM with an Fritzbox 7490. I think something now has went wrong regarding the configuration of DNS servers. My eBlocker and Fritzbox did work for months without complaint. But now within two weeks I have no access to the internet. Obviously there is something wrong with the DNS server configuration. I have set in eBlocker:
- resolve domain names via external servers
- using external server by availability
- servers are 1.1.1.1 with a green hook and 9.9.9.9 with a red cross.
So I have deleted the 9.9.9.9 entry.
But nevertheless I have no internet access.
What's going wrong?
@facebita Thanks for your post.
If I remember right, you reported a very similar issues that kind of "solved itself" in the past: https://eblocker.org/community/bugs-features/losing-internet-connection-almost-every-night/#post-7401
To rule out any latency/availability issues with the configured DNS servers, I'd suggest to switch to use the DNS of your provider. To do so just set the DNS to Default/Internet Provider:
In case you are using individual or expert network mode, you can achieve the same result by deleting all(!) entries from the tab "DNS Server Custom List". Then add the IP address of your router as the only entry.
If the issue still persists then we know DNS is not the culprit.
BTW: To verify if it's just a DNS issue or the Internet is really "down" you can run a ping or traceroute to 1.1.1.1 next time the Internet is "down". You will get a proper result if the Internet is not down (but DNS will not be used).
Hope this helps.
THX!
In case you are using individual or expert network mode, […]
Yes, I do. Because I run the eBlocker with a Fritzbox 7490.
[…] you can achieve the same result by deleting all(!) entries from the tab "DNS Server Custom List". Then add the IP address of your router as the only entry. […]
I did it.
If the issue still persists then we know DNS is not the culprit.
For a few minutes I could reach servers in the internet. While this has worked I did a traceroute which results in:
% traceroute 1.1.1.1 traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 52 byte packets 1 dnscheck.eblocker.org (my_eblocker_ip_address) 13.808 ms 13.738 ms 1.605 ms 2 fritz.box (my_fritzbox_ip_address) 2.308 ms 4.074 ms 2.803 ms 3 * * * 4 188.111.213.40 (188.111.213.40) 16.556 ms 188.111.213.38 (188.111.213.38) 10.256 ms 10.451 ms 5 88.79.25.24 (88.79.25.24) 12.680 ms 88.79.24.20 (88.79.24.20) 10.427 ms 88.79.25.24 (88.79.25.24) 10.954 ms 6 92.79.214.206 (92.79.214.206) 13.813 ms 92.79.214.200 (92.79.214.200) 12.678 ms 15.400 ms 7 145.254.2.51 (145.254.2.51) 17.067 ms 27.134 ms 145.254.2.49 (145.254.2.49) 19.765 ms 8 145.254.2.49 (145.254.2.49) 16.867 ms 145.254.2.51 (145.254.2.51) 14.682 ms 14.921 ms 9 193.178.185.17 (193.178.185.17) 23.012 ms 1.1.1.1 (1.1.1.1) 13.234 ms 193.178.185.17 (193.178.185.17) 13.721 ms
The I've tried to connect amazon.de with my browser. But it did found no server. My eBlocker has said at http://my_eblocker_IP_address/settings/#!/dns/server for my eBlockers address "not available" "not available". So I have re-added 1.1.1.1. And suddenly my browser found servers in the internet. And tracerout said:
(base) vatolin@vatobair ~ % traceroute 1.1.1.1 traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 52 byte packets 1 dnscheck.eblocker.org (my_eblocker_ip_adress) 3.799 ms 2.559 ms 2.176 ms 2 fritz.box (my_fritzbox_ip_address) 1.950 ms 3.861 ms 2.841 ms 3 * * * 4 188.111.213.40 (188.111.213.40) 10.989 ms 188.111.213.38 (188.111.213.38) 11.522 ms 10.724 ms 5 88.79.25.24 (88.79.25.24) 10.760 ms 88.79.24.20 (88.79.24.20) 10.433 ms 88.79.25.24 (88.79.25.24) 10.562 ms 6 92.79.214.206 (92.79.214.206) 12.181 ms 92.79.214.200 (92.79.214.200) 11.285 ms 11.192 ms 7 145.254.2.51 (145.254.2.51) 17.439 ms 14.495 ms 145.254.2.49 (145.254.2.49) 17.508 ms 8 145.254.2.49 (145.254.2.49) 15.449 ms 145.254.2.51 (145.254.2.51) 15.611 ms cloudflare.bcix.de (193.178.185.17) 31.909 ms 9 cloudflare.bcix.de (193.178.185.17) 13.976 ms 14.277 ms 15.211 ms 10 one.one.one.one (1.1.1.1) 30.855 ms 16.390 ms 14.344 ms
So I am a little bit confused, what is it that sometimes is making internet ressources unavailable for me?
@facebita Just to get this straight (making sure there is no misunderstanding):
- You've removed all DNS entries as discussed above (i.e. 1.1.1.1)
- You've added your router's IP as the only DNS server (instead of 1.1.1.1 and others)
- You can not resolve amazon.com using your router's DNS
If all points are true, I fear some issues on your provider's side or a misconfiguration of your router. In any case this is not an eBlocker issue - but I'll try to help anyway.
To investigate further run "nslookup www.amazon.com" (after step 3) and share a screenshot of the result here.
THX!
If all points are true, […]
Almost. I could not first remove all entries. So first I have added my routers address, and than I have removed 1.1.1.1.
run "nslookup www.amazon.com" (after step 3) and share a screenshot of the result here.
% nslookup www.amazon.com ;; Got SERVFAIL reply from fe80::dea6:32ff:fe22:6ad9%4, trying next server Server: my_eblocker_ip_address Address: my_eblocker_ip_address#53 ** server can't find www.amazon.com: SERVFAIL
And this is - for comparison - the outpoot when 1.1.1.1 is given as external DNS server:
% nslookup www.amazon.com Server: fe80::dea6:32ff:fe22:6ad9%4 Address: fe80::dea6:32ff:fe22:6ad9%4#53 Non-authoritative answer: www.amazon.com canonical name = tp.47cf2c8c9-frontier.amazon.com. tp.47cf2c8c9-frontier.amazon.com canonical name = d3ag4hukkh62yn.cloudfront.net. Name: d3ag4hukkh62yn.cloudfront.net Address: 13.227.152.59
my_eblocker_ip_address
Obfuscation makes it more challenging to read - but I assume it's the same IP as in the second quote, right?
I wonder very much why eBlocker is reached via IPv6 and not IPv4 🤔 @bpr any ideas?
@facebita Could you please share the network config (IP, Mask, Gateway, DNS) of your client as well as of your eBlocker.
THX!
Maybe the eBlocker DNS server has an issue.
You can generate a diagnostics report in the eBlocker settings at System / Diagnostics / Generate report.
There is a log file "eblocker-dns.log". Are there many lines with "WARN -- : no answer from upstream servers"?
scutil --dns
scutil --dns
DNS configuration
resolver #1
nameserver[0] : fe80::dea6:32ff:fe22:6ad9%4d
nameserver[1] : 192.168.178.83
if_index : 4 (en0)
flags : Request A records, Request AAAA records
reach : 0x00020002 (Reachable,Directly Reachable Address)
resolver #2
domain : local
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300000
resolver #3
domain : 254.169.in-addr.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300200
resolver #4
domain : 8.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300400
resolver #5
domain : 9.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300600
resolver #6
domain : a.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 300800
resolver #7
domain : b.e.f.ip6.arpa
options : mdns
timeout : 5
flags : Request A records, Request AAAA records
reach : 0x00000000 (Not Reachable)
order : 301000
DNS configuration (for scoped queries)
resolver #1
nameserver[0] : fe80::dea6:32ff:fe22:6ad9%4d
nameserver[1] : 192.168.178.83
if_index : 4 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : 0x00020002 (Reachable,Directly Reachable Address)
Are there many lines with "WARN -- : no answer from upstream servers"?
Yes. 71 lines matching a syntax like:
W, [2024-08-01T18:57:10.546830 #556] WARN -- : no answer from upstream servers [[:udp, "1.1.1.1", 53]]
@facebita I've checked back with @bpr today. He told me the IPv6 addresses seen in nslookup are a feature and normal.
We both wonder why your router is not responding to DNS requests as you've shown above:
nslookup www.amazon.com ;; Got SERVFAIL reply from fe80::dea6:32ff:fe22:6ad9%4, trying next server Server: my_eblocker_ip_address Address: my_eblocker_ip_address#53 ** server can't find www.amazon.com: SERVFAIL
Could you please run "nslookup www.eblocker.org <your router's IP address>". Background: This directs the DNS request to your router (instead of eBlocker).
Next time a domain is not resolving ("Internet is down"), please run nslookup as above with your router's IP, 1.1.1.1, 8.8.8.8 and 9.9.9.9 (each).
THX!
% nslookup www.eblocker.org 192.168.178.83 Server: 192.168.178.83 Address: 192.168.178.83#53 Non-authoritative answer: Name: www.eblocker.org Address: 174.138.100.168
Could you please run "nslookup www.eblocker.org <your router's IP address>"
@facebita 🤔 Maybe there is a misunderstanding but above you've stated 192.168.178.1 is your router. We know eBlocker (.83) is resolving correctly already.
To get this straight: We are looking for issues in your network configuration (nothing to do with eBlocker). Sorry if I didn't make this clear above.
So again, please focus on your router and next time domains are not resolving we need the nslookup to all mentioned DNS resolvers (again: 192.168.178.1, 192.168.178.83, 1.1.1.1, 8.8.8.8, 9.9.9.9) to get a clear sight.
THX!
@random Okay. At the last couple of days no resolver issues have appeared. If they come back, I’ll report.
@facebita OK. Same as some 6 months ago... 🗓️
To get a baseline (and find possible config errors in your router) please run (now) and share result:
nslookup www.eblocker.org 192.168.178.1
Last: Just to make this clear again. Chances eBlockerOS is the culprit for your outages is practically equal to zero. If everything holds you've stated above the just mentioned nslookup will fail - as this is the same as adding your router as the only DNS to eBlockerOS - which failed...
THX!
% nslookup www.eblocker.org 192.168.178.1 Server: 192.168.178.1 Address: 192.168.178.1#53 Non-authoritative answer: Name: www.eblocker.org Address: 174.138.100.168 % nslookup www.eblocker.org 1.1.1.1 Server: 1.1.1.1 Address: 1.1.1.1#53 Non-authoritative answer: Name: www.eblocker.org Address: 174.138.100.168 % nslookup www.eblocker.org 2.2.2.2 Server: 2.2.2.2 Address: 2.2.2.2#53 Non-authoritative answer: Name: www.eblocker.org Address: 174.138.100.168
@facebita Thanks very much.
Could you please retry to add your router's IP to the DNS Server Custom List and delete all other entries. This will direct all DNS requests to your provider. Then we eliminate the uncertainty about the availability of 1.1.1.1/9.9.9.9 which might cause the issue.
I'd bet the "Internet down" will disappear now - unless your provider has issues 😉
THX!
There ist something weird. Obviously I misconfigured the co-operation between eBlocker and Fritzbox: Today my Mac says my Routers address would be 192.168.1.83. .83 is the fix address of the eBlocker .1 is the fix address of the Fritzbox. Obviously Fritzbox and eBlocker battle on being the router.
Obviously Fritzbox and eBlocker battle on being the router.
I'd stop the "battle" (which is caused by a misconfiguration) by disabling the DHCP server on your router and keep this in mind: https://eblocker.org/en/docs/dhcp-server-there-can-only-be-one/
But still your "outages" are strange. I could only think that your router has wrong DNS settings - and if it "wins the battle" then it tries to route to those faulty DNS.
BTW: I would not recommend not to change any router (DNS) settings and leave everything at default if you are not an IT professional...
THX!
I'd stop the "battle" (which is caused by a misconfiguration) by disabling the DHCP server on your router
The DHCPv4 server on Fritzbox is already being disabled. But I have found the DHCPv6 server at Fritzbox yet being active. So now I have disabled this server as well. I have chosen the option "There are no other DHCPv6 servers in the home network."
DNSv4 server on Fritzbox are being set to the eBlockers IP address 192.168.178.83, and alternatively to 1.1.1.1, and as fallback "public DNS server".
And is this okay (see screenshot)? I am a little bit confused about which device is the router in my network: Fritzbox or eBlocker?
DNSv4 server on Fritzbox are being set to the eBlockers IP address 192.168.178.83, and alternatively to 1.1.1.1, and as fallback "public DNS server".
Well thanks, I guess by chance we have found the core issue: Your router's DNS should not be pointing to eBlocker! That's the reason why you couldn't resolve any domains via your router when resolving via quad1/quad9 failed. (As this will direct DNS request back to eBlocker where only failing DNS are available). So leave your router at the provider's default (where the router's DNS is assigned via the provider's DHCP server).
The IPv6 "DHCP" on the other router is no problem as long as eBlocker is enabled for IPv6. This will supersede the router's setting.
As your DNS setup is not what we suggest, I'd recommend to once work thru the setup docu whenever you find time. A correct setup avoids the pitfalls you've been unfortunately experiencing a lot (and unnecessarily)...
THX!