DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Vigor 2830 DNS interception?

  • mikeevans
  • Topic Author
  • Offline
  • New Member
  • New Member
More
03 Oct 2013 10:26 #77854 by mikeevans
Vigor 2830 DNS interception? was created by mikeevans
I have four Linux servers at different sites, all connected to different uk ISPs via (until recently) different routers. Each server is using SpamAssassin, and searching for updates to the SpamAssassin rules requires doing a DNS lookup for TXT records. All has been working fine, until I replaced the routers at two sites with one Vigor 2830 and one Vigor 2830n. Now, on those servers with the Vigor routers, I can't get my TXT lookups to work. From the two non-vigor servers, I can run dig @8.8.8.8 -t A 2.3.3.updates.spamassassin.org to get the A record for 2.3.3.updates.spamassassin.org from google's DNS server, or dig @8.8.8.8 -t TXT 2.3.3.updates.spamassassin.org to get the TXT record, and it all works fine. From either of the two sites that use the Vigor routers, the same command for the A record works as expected, but the command for the TXT record just times out. Where I should get this:
; <<>> DiG 9.9.2-P1 <<>> @8.8.8.8 -t TXT 2.3.3.updates.spamassassin.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13966
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;2.3.3.updates.spamassassin.org. IN TXT

;; ANSWER SECTION:
2.3.3.updates.spamassassin.org. 2479 IN TXT "1528373"

;; Query time: 40 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct 3 10:19:57 2013
;; MSG SIZE rcvd: 79


instead I just get this:
; <<>> DiG 9.9.2-P1 <<>> @8.8.8.8 -t TXT 2.3.3.updates.spamassassin.org
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Since things were working at both sites before I changed the routers I'm suspicious that the Vigors are doing something unexpected (although I haven't yet been able to switch back to confirm this). On both routers the call filter and data filters are disabled. An IPSec VPN has been set up between the two Vigor routers, but the behaviour is the same if I deactivate the VPN.

Can anyone suggest how I might investigate this further?

Please Log in or Create an account to join the conversation.

More
03 Oct 2013 11:23 #77859 by smwardle
Replied by smwardle on topic Re: Vigor 2830 DNS interception?
Hi Mike,

See the thread "v3.6.4 software blocking DNS requests":
http://www.forum.draytek.co.uk/viewtopic.php?f=2&t=18436

Please Log in or Create an account to join the conversation.

  • mikeevans
  • Topic Author
  • Offline
  • New Member
  • New Member
More
03 Oct 2013 11:29 #77860 by mikeevans
Replied by mikeevans on topic Re: Vigor 2830 DNS interception?
Thanks

Please Log in or Create an account to join the conversation.

More
28 Oct 2013 16:57 #78072 by magic919
Replied by magic919 on topic Re: Vigor 2830 DNS interception?
3.6.6 works for this.

Please Log in or Create an account to join the conversation.

  • mikeevans
  • Topic Author
  • Offline
  • New Member
  • New Member
More
28 Oct 2013 17:03 #78073 by mikeevans
Replied by mikeevans on topic Re: Vigor 2830 DNS interception?
How/Where can I get 3.6.6?
http://www.draytek.co.uk/support/downloads.html is only showing 3.6.4

Please Log in or Create an account to join the conversation.

More
28 Oct 2013 17:20 #78074 by babis3g
Replied by babis3g on topic Re: Vigor 2830 DNS interception?

post by magic919 » Mon Oct 28, 2013 7:57 pm
3.6.6 works for this.



MIkeEvans wrote: How/Where can I get 3.6.6?
http://www.draytek.co.uk/support/downloads.html is only showing 3.6.4


Single Band Annex A
ftp://ftp.draytek.com/Vigor2830/Firmware/Single%20band/v3.6.6_SB/

Dual Band Annex A
No firmware update till today 28/10/13

Please Log in or Create an account to join the conversation.

Moderators: Sami