No TCP connection to host if the DNS resolved IP same as gateway IP

rbhuksin · 07-20-2009, 12:43 AM

Hi,

I have following setup:

Internet <=ETH=> DSL Router <=ETH=> Linux (CentOS) m/c

Requirement:
When there is no physical connection between Internet and DSL Router, the DSL router should redirect any access to external site to an error page with message "No Physical Connection".

Issue:
When DSL Router is connected to internet, I can successfully browser internet from the Linux m/c. The DSL router (LAN IP 192.168.1.254) has DHCP server running and I use dhclient on the Linux m/c to get IP. Successful dhclient sets following on Linux m/c:
IP: 192.168.1.64
Gateway: 192.168.1.254
Nameserver (as in /etc/resolv.conf): 192.168.1.254
With these setting I can successfully browse say "www.google.com"

When I disconnect the connection between Internet and DSL Router, and browse to www.google.com, I get standard "Address not found" page of Firefox. I used wireshark to trace the packets and I observed following:
1: DNS request to router for www.google.com
2: DNS response from router with IP as 192.168.1.254
No further packets.

To isolate, I tried the same test on same setup with one change. I replaced Linux m/c with a Windows m/c and following was the observation in wireshark:
1: DNS request to router for google.com
2: DNS response from router with IP as 192.168.1.254
3: TCP handshake between Windows m/c and router
4: HTTP request to router with host as "www.google.com"
5: HTTP 302 response from router with location containing URL of custom error page
6: Browser displayed error page with message "No Physical connection".

Question:
One thing to note here is that DSL Router resolved www.google.com to its correct address when there was Internet connection and the Linux m/c established further connection and was able to access google. However, when there is no internet connection, DSL Router resolved www.google.com to 192.168.1.254. At this point the IP of www.google.com is same as that of Default Gateway, which in turn is same as that of nameserver.
Does Linux treat this situation in a special way and doesn't attempt to connect to resolved IP? Is there a way this can be overridden through some config file changes??

The fact that it works fine with Windows, I don't think there is any issue with the DSL Router.

Thanks in Advance!

PS. This is my first post and sorry for the long post

unSpawn · 07-21-2009, 12:48 PM

Quote:

Originally Posted by rbhuksin

This is my first post

Welcome to LQ, hope you like it here.

Quote:

Originally Posted by rbhuksin

and sorry for the long post

Absolutely not! I'd wish more people would post that verbose.

Quote:

Originally Posted by rbhuksin

5: HTTP 302 response from router with location containing URL of custom error page 6: Browser displayed error page with message "No Physical connection". (...) The fact that it works fine with Windows, I don't think there is any issue with the DSL Router.

Wrt DNS traffic accounting, in GNU/Linux applications use either their own resolver code or a resolver stub. So wrt caching records, in the case of a web browser the browser, the nscd service *and* any caching DSN you run may cache records... Besides, the HTTP 302 ("moved permanently") response is not implemented in the DNS protocol as far as I know, some web browsers allow for what they call "friendly error messages" and then there might have been uPNP traffic between web browser and router. Sofar it isn't clear to me if the argument that "it works" for the combination of certain products by this particular vendor founded to develop and sell BASIC interpreters for the Altair 8800 and your router is founded on standards and that FF is to blame...

rbhuksin · 07-22-2009, 02:18 AM

Thanks!

The issue is not at FF end because I even tried "wget http://www.google.com" and the result was same.

The 302 is HTTP response from router and it is returned when client attempts to connect to www.google.com when the WAN connection is down.
The issue I am seeing is that my linux client is not attempting to connect to router i.e. no TCP connection after receiving valid DNS response from router.

Looks like Linux is treating it as a security issue i.e. when host IP, gateway IP and DNS server IP is same, and not attempting to connect to resolve host IP. I couldn't find any security related message in the logs.

Any pointers? Any tests you would like me to try that can help debug the issue?

unSpawn · 07-22-2009, 07:25 PM

If possible could you post/attach the Wireshark session payload wrt point 5: "HTTP 302 response from router with location containing URL of custom error page"?

rbhuksin · 07-23-2009, 01:39 AM

It is not possible to upload pcap files. I exported the trace as XML file and renamed it as txt.

I have attached two files:
trace_linux.xml.txt : Linux trace showing DNS req and resp
trace_win.xml.txt: Windows trace showing trace from DNS req to HTTP 302 resp from router.

unSpawn · 07-24-2009, 06:47 AM

"XML Parsing Error: unclosed token". Sorry, can't parse that. Regardless of it I doubt the "i.e. when host IP, gateway IP and DNS server IP is same, and not attempting to connect to resolve host IP." statement holds true.

Suncoast · 07-24-2009, 01:42 PM

How about a printscreen with the responding packet expanded on the screen?