BalenaOS DNS failure

Hi all,

Seldom we experience a DNS failure in some devices Raspberry Pi3 (containers and Raspberry Pi Zero W

I’ve read some topics on this forum but, although sometimes insightful, couldn’t find one that helps with this.

Both containers and the Host cannot ping domains but can ping IP’s

Captura de ecrã 2023-06-29, às 13.51.021242×1480 125 KB

This leads to lose track of time, I guess because it cannot resolve NTP server names

Captura de ecrã 2023-06-29, às 13.56.341472×280 145 KB

NetworkManager and Dnsmasq are both running in the Host and I tried restarting them but it didn’t solve.

Captura de ecrã 2023-06-28, às 01.14.131920×1110 185 KB

If I reboot system, it can be solved but I was looking for a smoother recovery and reboot only as a last resort.

Any hints?

Thank you and best regards

Hi, when the problem occurs can you ping the default gateway and DNS server by IP address?

Hello @alexgg ,

Thanks for replying.
As soon as I catch a similar situation, I’ll make the test you’re suggesting!

Hi @alexgg

I’m facing a similar situation: ping IP addresses but not domains

Captura de ecrã 2023-07-06, às 15.51.14912×1308 96.1 KB

Captura de ecrã 2023-07-06, às 16.16.102304×720 179 KB

It somehow lost reference to 8.8.8.8 DNS server in resolv.dnsmasq

A BIT OF CONTEXT
This is a device running raspberrypi zero 2W (64 bit)
BalenaOs in development mode

Captura de ecrã 2023-07-06, às 15.50.421100×340 54.8 KB

It is connected via a lte 4G modem and it connects to the balena VPN: I have access, via dashboard, to both HostOS and a container

Also it is connected via ethernet to a router which I disconnected from the internet (gateway: 192.168.2.10)

and despite from being connected to the internet via 4G modem, it seems that it is routing DNS through the router (that is disconnected from internet)

I’m trying to wrap my head around this.

If I understood correctly your suggestion, it pings the gateway: 192.168.2.10

Captura de ecrã 2023-07-06, às 16.54.25840×360 107 KB

Any ideas ?

FINAL EDIT:
As soon as I unplugged the eth from the router (which is not connected to the internet) all is fine again…

Captura de ecrã 2023-07-06, às 16.42.53846×222 16 KB

Captura de ecrã 2023-07-06, às 16.43.331018×282 59.9 KB

My guess is that somehow it uses primarily the DNS routing from the eth (besides the actual active connection).

PS - plugging the eth cable again, it falls back again to be unable to resolve DNS

If you can help understanding this behavior and some way to avoid this.

Thank you very much
If need be I can provide you with more details about the fleet and device

Best regards

Hi,

Could it be that this is simply an issue of metrics?
In general ethernet devices get assigned a better routing metric than wireless or gsm.
You can check this with ip route.
You can try to force the route to use your 4G by adding a rule to your connection settings.
nmcli connection modify <name> ipv4.routes 8.8.8.8/32 <metric>

Regarding your DNS entries getting replaced all together, you can try to add ipv4.ignore-auto-dns to your ethernet connection settings; that should prevent DHCP from adding new DNS servers.

Hi @TJvV !

Thank you for the quick reply.
I also thought about that possibility, but we had already defined the route metrics as follows:

Ethernet: 6
nmcli connection show eth0

Captura de ecrã 2023-07-07, às 15.47.27746×918 169 KB

Cellular (4G): 3
nmcli connection show cellular

Captura de ecrã 2023-07-07, às 15.48.03742×920 170 KB

To be more concise:

With the ETH cable plugged (links to a router without internet)

nmcli: cellular connection is prioritized due to the route metric

Captura de ecrã 2023-07-07, às 16.10.03860×900 168 KB

ping domain - NOK, ping IP - OK

Captura de ecrã 2023-07-07, às 16.04.21828×572 148 KB

ip route

Captura de ecrã 2023-07-07, às 16.06.00930×434 157 KB

nslookup

Without ETH cable

nmcli

Captura de ecrã 2023-07-07, às 16.12.46854×826 78.3 KB

ping domain - OK, ping IP - OK

Captura de ecrã 2023-07-07, às 16.20.28830×574 169 KB

ip route

Captura de ecrã 2023-07-07, às 16.19.49958×362 130 KB

nslookup

Captura de ecrã 2023-07-07, às 16.21.41832×256 59.3 KB

IN SHORT

Despite the route metric favoring cellular connection over the ethernet connection, it seems that whenever I plug the ethernet cable, it automatically tries to resolve DNS “through it”

Thank you and best regards

Hi,

The configuration does sound sane.

Can you show your /etc/resolv.conf in both scenarios?
My guess is that your DHCP adds a server in the 192.168.2.9/24 subnet, which would get picked up with metric 6 as the cellular only has a /30 subnet.

Again, can you also try it with ipv4.ignore-auto-dns enabled on your ethernet connection?
That should prevent DHCP from adding new servers.

Hi @TJvV

Without ethernet cable

Captura de ecrã 2023-07-12, às 19.33.251852×328 92 KB

With ethernet cable plugged

Captura de ecrã 2023-07-12, às 19.35.441856×354 31.9 KB

After adding:

nmcli connection modify eth0 ipv4.ignore-auto-dns yes

The behavior stops and, as you suggested, and the resolv files remain unchanged

Captura de ecrã 2023-07-12, às 20.05.141830×320 90.1 KB

Now We have to ponder if this is an overall good configuration for our purposes.
Thank you a lot for the suggestion and best regards

Hi,

glad to hear it’s working

If you don’t want to discard the DHCP DNS altogether, it seems there’s also a setting ipv4.dns-priority that might help in fixing the order of your nameservers.
Maybe try setting that on both connections, with the cellular having a lower value; note that the default values are 50 for VPN and 100 for others and 0 selects the default.

Based on your routing table, it should then first try the 172.30.8.5 and 172.30.8.6 via cdc-wdm0, only going to 192.168.2.10 via eth0