You are here

DNS Timeout when using wifi client

14 posts / 0 new
Last post
n7uf
DNS Timeout when using wifi client

Hello, i'm hopeful that someone can help me figure this out. 
I have 2 antennas connect to a MikroTik hAP ac lite. Every thing works as I would expect here.

With the hAP, it is configured with Radio1) Wifi for clients to connect, Radio2) Wifi client to access home LAN.

I want to use any device on my LAN to access mesh and have done the following:
1) Add a static route to my home LAN router, 10.0.0.0, 255.0.0.0, gateway set to home LAN IP of Radio2 home LAN IP.
2) Added DNS entry of the hAP device, I have tried both home LAN and mesh IP.
3) Modified DNS servers on hAP device to point to dns server on home LAN

Problem: DNS is unresponsive. Using nslookup, the request times out when directly querying either IP address of the hAP from a pc on my home LAN. Connections to the hAP device by ip address are functional from the home LAN, http, ssh etc.

Note: DNS is functional from when connected to Radio1 resolving devices on the home LAN.

If someone is able to point me in the right direction, I would be very grateful. 
I have attempted adding additional rules to /etc/config.mesh/firewall but did not have any impact. DNS continues to be unresponsive when attempting to resolve mesh hosts from my home LAN.


Thank you in advance,
Nick N7UF

nc8q
nc8q's picture
hAP-WiFi_AP-WiFi_client

"With the hAP, it is configured with (2 GHz) Radio1) Wifi Access Point for clients to connect, (5 GHz) Radio2) Wifi client to access home LAN.

I want to use any device on my (hAP's) LAN to access mesh"

Hi, Nick:
This might work for you.
73, Chuck

 

Image Attachments: 
n7uf
Thank you for your response

Thank you for your response Chuck. I'm not exactly sure what you are showing? This is a similar setup to what I have, and this portion of the setup works well and as expected. Its DNS specifically that is unresponsive when attempting to query the hAP device from my home LAN with this configuration.

Nick N7UF

nc8q
nc8q's picture
That is a reverse direction.

Hi, Nick:
Devices on the LAN of a router can search DNS toward the internet.
Devices on the WAN of the hAP, your home LAN, are not supposed to see devices or services or domain names
on 'the other side' of a router.
Please, why are you not seeking DNS queries in the 'normal' direction?

3s, Chuck
 

n7uf
My goal was to be able to

My goal was to be able to access mesh systems from any computer on my home LAN. Personal contacts and information found online indicate that this was possible to accomplish with appropriate configurations. Everything works, except DNS.

K5DLQ
K5DLQ's picture
this is going to be

this is going to be problematic i suspect...
---->>  1) Add a static route to my home LAN router, 10.0.0.0, 255.0.0.0, gateway set to home LAN IP of Radio2 home LAN IP.

Your HOME network is 10.x.x.x and the MESH is also 10.x.x.x
 

n7uf
Thank you for the reply,

Thank you for the reply, correction...
My home LAN is 192.168.1.0. The static route was added to my home LAN to route traffic to the mesh network using the hAP's 192.168.1.0 network address as the gateway. Accessing mesh via direct IP works! Its only DNS that I can't seem to get working.

Please see attached screenshot, the operations are taking place from a machine on my home LAN. 192.168.1.211 is the IP the hAP device.

 

nc8q
nc8q's picture
I want to use any device on my LAN to access mesh

'I want any device at my home to have access to my Mikrotik hAP's LAN.'

Move any such home device to the LAN of the hAP.
The DNS on the hAP will resolve hosts on your local AREDN LAN.
The DNS on your home router will resolve hosts on your home LAN.
The DNS on your ISP will resolve hosts on the internet.


Chuck
 
 

n7uf
Thank you Chuck, I believe we

Thank you Chuck, I believe we have reached the crux of the issue here. 
It is my expectation that when using the wifi client configuration, this would connection would be a LAN connection and allow queries to DNS to resolve mesh hosts. Reality, timeout occurs and DNS is unresponsive. 

 

nc8q
nc8q's picture
using the wifi client configuration, this would connection would

"using the wifi client configuration, this would connection would be a LAN connection"

Hi, Nick:

A Wi-Fi client connection on an AREDN device is a WAN connection on the AREDN device to a LAN port on the other router (home LAN).

Devices on the LAN of the AREDN device are not DNS resolvable from LAN devices on the home router.

Internet devices do not have access to your home LAN devices by DNS nor IP address, home LAN devices do not have access to your AREDN router's LAN devices by DNS nor IP address.

DNS does work from AREDN LAN to AREDN WAN (which is home LAN). DNS does work from home LAN to internet (WAN). Ergo, DNS works from AREDN LAN to home router to internet, but not the other direction. I hope this helps, Chuck

n7uf
Thank you Chuck. That does

Thank you Chuck. That does clarify things.
Is there a reason for this limitation? 

nc8q
nc8q's picture
Is there a reason for this limitation?

Hi, Nick
It is the purpose and function of a router to to what it does.
When something does what it is supposed to do, it cannot be a limitation.

Originally:

"I want to use any device on my LAN to access mesh..."

Then put the device on the same LAN of a 'mesh' device or accessible via that 'mesh' device's WAN.
Do not put it in the LAN of a 'mesh' device whose WAN is on your LAN.

73, Chuck


 

K6CCC
K6CCC's picture
This is what I'm doing.

I am not connected the way most people are - but it works.  In my case, I am NOT using a consumer type router, but rather a more commercial router - Mikrotik RB4011.  I have a cable from a LAN port on my hAP by way of a couple managed switches to a VLAN port on the router (the switches tag the hAP LAN traffic as VLAN 5).  That port of the router is set up as a DHCP client, so it gets a DHCP address from the hAP.  Therefore, the router has a direct presence on the AREDN mesh.  In the router, I have a manual route set for 10.0.0.0/8 to use the IP of the hAP as the gateway, and there is a static DNS entry in the router to point to the hAP for anything local.mesh.  Lastly, there are firewall rules so that only certain home network devices can get to the hAP.

For those that speak RouterOS, here is a serious extract of applicable config settings in the router.  I may have missed something, and I intentionally deleted a bunch of stuff that would only confuse the issue (for example, there are several AREDN connections to different devices).
/interface vlan
add comment="AREDN hAP-at-Home LAN" interface=E05-pA10_802.1Q name=VLAN_005 \
    vlan-id=5

/interface list
add name="AREDN LAN"

/interface list member
add interface=VLAN_005 list="AREDN LAN"

/ip dhcp-client
add add-default-route=no disabled=no interface=VLAN_005 use-peer-ntp=no
set allow-remote-requests=yes servers=8.8.8.8,4.2.2.1

/ip dns static
add address=10.9.60.81 name=local.mesh

/ip firewall filter
add action=accept chain=forward comment=\
    "Allow privileged PCs access to AREDN mesh LANs" in-interface-list=LAN \
    out-interface-list="AREDN LAN" src-address-list=Privileged
add action=accept chain=forward comment=\
    "Allow all AREDN LANs access to NTP server UDP port 123." dst-address=\
    192.168.123.123 dst-port=123 in-interface-list="AREDN LAN" protocol=udp

/ip route
add comment="AREDN hAP-at-Home" distance=1 dst-address=10.0.0.0/8 gateway=\
    10.9.60.81

/ip route rule
add action=lookup-only-in-table dst-address=10.0.0.0/8 interface=E02-pB4_101 \
    table=main
add action=lookup-only-in-table dst-address=10.0.0.0/8 interface=E06-pA2_201 \
    table=main

n7uf
Thank you all for your

Thank you all for your responses and K6CCC - this is helpful! Thank you! My difference is that i'm connecting to my home LAN via wifi client, complicating matters. I may need to just pony up and run a network cable to the hAP device.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer