Resolving names of local devices returns two IP addresses, one of them wrong

sonntam · June 13, 2020, 8:01pm

The setup

I have a Raspi3B running pi-hole at address 192.168.0.116. DHCP is turned off there. At address 192.168.0.1 I have a router running that poses as dhcp server. The local network suffix is fritz.box.

The problem

When trying to resolve a local hostname, two IP adresses get reported back. I have e.g. a host named raspberrypi4.fritz.box running at address 192.168.0.48. However if I do a nslookup raspberrypi4.fritz.box on the machine itself the output is:

pi@raspberrypi4:~ $ nslookup raspberrypi4.fritz.box
Server:         192.168.0.116
Address:        192.168.0.116#53

Name:   raspberrypi4.fritz.box
Address: 192.168.0.35
Name:   raspberrypi4.fritz.box
Address: 192.168.0.48

This leads to having long access times to the local devices as sometimes the wrong address, in this case 192.168.0.35 is returned first and a timeout has to occur.

Does anybody know how to debug where the wrong address is coming from? A dig call returns the following:

pi@raspberrypi4:~ $ dig raspberrypi4.fritz.box

; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> raspberrypi4.fritz.box
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 315
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;raspberrypi4.fritz.box.                IN      A

;; ANSWER SECTION:
raspberrypi4.fritz.box. 9       IN      A       192.168.0.35
raspberrypi4.fritz.box. 9       IN      A       192.168.0.48

;; AUTHORITY SECTION:
raspberrypi4.fritz.box. 9       IN      NS      fritz.box.

;; ADDITIONAL SECTION:
fritz.box.              9       IN      A       192.168.0.1

;; Query time: 5 msec
;; SERVER: 192.168.0.116#53(192.168.0.116)
;; WHEN: Sat Jun 13 20:59:37 CEST 2020
;; MSG SIZE  rcvd: 102

The same command on the pihole system yields:


pi@raspberrypi:~ $ dig raspberrypi4.fritz.box

; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> raspberrypi4.fritz.box
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54096
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;raspberrypi4.fritz.box.                IN      A

;; ANSWER SECTION:
raspberrypi4.fritz.box. 9       IN      A       192.168.0.35
raspberrypi4.fritz.box. 9       IN      A       192.168.0.48

;; AUTHORITY SECTION:
raspberrypi4.fritz.box. 9       IN      NS      fritz.box.

;; ADDITIONAL SECTION:
fritz.box.              9       IN      A       192.168.0.1

;; Query time: 11 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sa Jun 13 21:02:47 CEST 2020
;; MSG SIZE  rcvd: 102

I already tried flushing the ARP cache on the pi-hole system using

sudo ip -s -s neigh flush all

The /etc/hosts file of the pi-hole system contains

127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

127.0.1.1       raspberrypi

yubiuser · June 13, 2020, 8:22pm

Do you use conditional forwarding for your local domain?
Does it happen for all hostnames?
Has 192.168.0.35 been used before by a device?

Try to query 192.168.0.1 directly for hostnames to see if it's a problem of pihole or the router.

 dig @192.68.0.1 raspberrypi4.fritz.box

sonntam · June 13, 2020, 9:18pm

@yubiuser Thank you!

Yes I use the conditional forwarding for the fritz.box domain. It happens for only some hostnames but I can't seem to see any pattern.

I didn't know I could use dig like that. This reveals to me that the problem seems to be within the router's DNS server config. The output is:

pi@raspberrypi4:~ $ dig @192.168.0.1 raspberrypi4.fritz.box

; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> @192.168.0.1 raspberrypi4.fritz.box
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64110
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;raspberrypi4.fritz.box.                IN      A

;; ANSWER SECTION:
raspberrypi4.fritz.box. 9       IN      A       192.168.0.48
raspberrypi4.fritz.box. 9       IN      A       192.168.0.35

;; AUTHORITY SECTION:
raspberrypi4.fritz.box. 9       IN      NS      fritz.box.

;; ADDITIONAL SECTION:
fritz.box.              9       IN      A       192.168.0.1

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Sat Jun 13 23:13:33 CEST 2020
;; MSG SIZE  rcvd: 86

I'll dig into it.

yubiuser · June 14, 2020, 6:53am

Probably an old config (IP was intermittently assigned to that device and you later created a DHCP reservation?) in the fritzbox. You can download an support config file and see if the reservation is shown there (it's a plain text file):

https://service.avm.de/help/de/FRITZ-Box-6490-Cable-kdg/015/hilfe_support

I had a similar problem once - DHCP would hand out an old reserved IP instead a new configured one. In the end I had to factory reset the device.

You could also use this tool:

and download the internal router config file, modify it and restore it via "backup/restore". Before you can restore the config you have to create a new hash if you made any modification.

sonntam · June 14, 2020, 10:03am

Indeed, after resetting the fritzbox router to factory settings and setting everything up again it works nicely now. As you said somehow the fritzbox must have been reporting old DHCP entries. Everything is super speedy now!

Topic can be closed.