Hi there again, wonderful Linux world! Here is another question from a bona fide newbie and overall IT "dummy" .. please bear with me ...
I already asked a similar question in the past, but I don't think we got anywhere.
Maybe someone who has time can just look mover all this and pint me in the right direction.
It seems to me that my DNS thingo is not functioning correctly - but it is intermittent. Sometimes (but too often for my liking) a website would not load (Firefox showing a little flag "looking up www. google.com" in bottom l.h. corner", then goes to message "Hmmm... we are having trouble finding that site..."). Also, email client (Evolution) at that same time cannot connect to the server and gives the message "failed to resolve name" or something like that).
So I really don't what I am talking about - but is it a DNS issue?
I am posting the output of a few commands. Interestingly to me, the ping 127.0.1.1 command output just keeps on going forever it seems, like it just keeps pinging non-stop? When I close the terminal, it says that a command is still running, do you want to kill it... but maybe it's normal.
Other details: Linux Mint XFCE
I have a modem/router supplied by ISP with DHCP turned off
To it I connected another modem/router Lan to Lan, with DHCP enabled and DNS set to Open DNS (I did all this because the DNS setting on ISP's router is locked, but I want to use OpenDNS). When everything is working, Open DNS website confirms that I am using their server.
There is another headless PC with Windows 10 connected to same network. I am also running NoMachine app on both to connect them. ISP's modem also has VoIp.
So, is there a way to futther troubleshoot it all?
thank you!!

Attached Thumbnails

     

This is a bad move. If the connection to the ISP resets, you need the DHCP to get a new IP address. It probably causes that "Hmm ..." message, like I see when my interface is not properly configured.
If you do not want to use your ISP DNS services, then you will need to point your computers to use the DNS supplied by your second router.

1 members found this post helpful.

Yes, if you mean that you turned off the DHCP used to get an IP from your ISP, that is indeed bad, and would cause the DNS problem as well, since you want to use the DNS of your ISP to resolve domain names.

If you mean that you turned of the DHCP server in the router so that it no longer provides IP addresses to your attached computers/devices, then you must tell each computer what DNS server to use to resolve domain name. Again, that should be the DNS servers of your ISP, or you can use Google's at 8.8.8.8.
See the man pages referenced at the top of the file.

(all of which, I just realized, echos what allend said)

ping on linux will continue forever unless you specify how many times. Aside: If you copy/paste from the terminal into [code] tags when you post instead of using screen shots, it's easier for us to review what you're posting.

1 members found this post helpful.

Thank you, everyone!

Just to clarify - on the second router, where I have DHCP on, I also specified the DNS servers I want.
And so it works - I am using Open DNS servers, according to their website. It is just that I have this intermittent annoying glitch.

So - should I just turn the DHCP server on the first router back on?
Whatever happens - I want to continue using OpenDNS, which I am using now, according to their website.

Can someone explain what allend said here:
"If you do not want to use your ISP DNS services, then you will need to point your computers to use the DNS supplied by your second router."

To follow what he said, I used "Network Connections' Gui, added DNS servers I want there.
Also added the nameservers I want in the gui "network settings"
Was that right?
How can I check which DNS server my Linux PC is pointing to?
When i use "dig" command, it just shows 127.0.1.1 as the server - but I know I am using open DNS... Why does it show 127.0.1.1?
Thanks!

this is the loopback address of your system (or anybody's for that matter!). Pinging it just confirms your internal network works.

The ping command in Linux/Unix systems will go on forever unlike Windows which only sends four requests if I remember correctly. You use <Ctrl>C to stop it.

Play Bonny!

1 members found this post helpful.

Ordinarily, routers provide DHCP services to the internal network. (And, they usually employ DHCP to obtain their public IP-address from the ISP.)

To my way of thinking, it is extremely logical for a router to perform this service.

Standard console commands include dig and nslookup.

You can use "TCP/IP sniffers" such as tcpdump or (I prefer ...) WireShark™ to watch the interaction between a DHCP server and a device. You will see a "broadcast" being sent by the device, asking for a DHCP server to respond, and then you'll see the subsequent exchange. (Sniffers routinely include a set of standard filter-sets, including this one, to quickly isolate the packets of interest.) If you're having problems of this sort, a "packet sniffer" is a standard way to very-quickly diagnose it.

1 members found this post helpful.

Look at the contents of /etc/resolv.conf

1 members found this post helpful.

As I tried to explain in your other thread Mint uses dnsmasq to cache DNS queries which is why you see 127.0.1.1 in your /etc/resolv.conf command versus opendns or your router's IP address. dnsmasq stores the upstream DNS in its configuration files.

https://wiki.archlinux.org/index.php/Dnsmasq

NetworkManager works with dnsmasq and allows you to configure DNS independent of the DHCP server. There is no requirement that the DHCP server needs to run on the same physical device as the gateway or use the ISPs DNS.

Does the Windows PC exhibit the same problems?

I don't remember what configuration files you changed in your other thread.

1 members found this post helpful.

Interesting, my system gives:
which is the local loop back. Hmmm...

I had to log in to my router to find the DNS server being used.

Play Bonny!

Thank you all, especially michaelk!
So, things are getting clear and I have these, hopefully, last, questions, that I hope someone (especially michaelk) can answer:

1. So, as I understood - I can set DNS settings in the router (they are in the DHCP server settings) and I can set it in the PC (in /etc/resolv.conf). How can I make sure that when I use a browser, I use the settings of the PC (since I can't change the ones in the router, locked by ISP)?

2. If I edit /etc/resolv.conf (which I realized I can do through gui "Network Settings") - if edit it to only have the DNS server addresses I need and delete 127.0.1.1 - would that ensure my PC uses those DNS addresses I want?

3. Extra general knowledge question: Why are DNS settings of the browser located in the DHCP settings? What does DHCP has to do with DNS?
Thanks!!

When a computer is configured to use DHCP, network settings are not stored but received as part of the protocol or negotiation process. The typical information received is IP address/netmask, gateway address and DNS name servers.

DNS is not only used by a web browser but by any TCP/IP process that accesses the internet like finding available updates, ntp (network time protocol), ping command etc. DNS (Domain Name Service) is basically the Yellow pages (US reference) of the internet.

These days NetworkManager and other automatic configuration utilities write to the /etc/resolv.conf file so editing by hand is not recommended any more. Using the applet or other utilities is the preferred method. Although you can configure them to not overwrite the file.

1 members found this post helpful.

I'm guessing you meant DNS settings of the router yes?
My router says they're optional, but they are there so you can specify to use different DNS servers than that provided by your ISP. I note on mine that they only appear to affect the IP addresses the DHCP server in the router is serving, so they won't affect static IP addresses on the LAN

1 members found this post helpful.

Thank you!
Still, my question remains:
How can I make sure that when I use a browser, I use the DNS settings of the PC and NOT of the router(since I can't change the ones in the router, locked by ISP)?

Here is my last experiment:
1. Got rid of 2nd router, plug everything into 1st one (ISP's)
2. Reinstated DHCP server on that router
3. Changed DNS server settings to OpenDNS in the /etc/resolv.conf (using gui), deleted 127.0.1.1 and just left 208.67.222.222 (Open DNS)

(DNS settings are locked in the ISP's browser, there is no way to change them. But I was hoping I will use the DNS I set in the PC's settings.)

SO, after these changes
- when I $ dig google.com, it shows me that the Dns server is 208.67.222.222 - that's good ...
OpenDNS site shows that I am using OpenDNS - that's good...
BUT! BUT! BUT! When I actually access, via a browser, a site that I BLOCKED in my OpenDNS user account (I blocked porn sites, for example) - it just goes right in! As if it is not blocked by OpenDNS! What is the story?!

It did not happen with my first set-up (with two routers). So I now reinstated that first set-up and - it blocks the sites...
Does anyone (michaelk in particular, as the apparently most knowledgeable party) have any idea what's happening?
Thanks!

Ok, everyone, probably my last post was in "too hard basket", and I understand why. BUT - since then I have done more work, so here is another question (and please tell me if I should have started a new thread with this one):
With the help of OpenDNS support team, I have worked out that, somehow, something is closing, intermittently, ports 443 and 5353 (more info below)
So, my question - HOW CAN I FIND OUT WHAT APP IS CLOSING THEM AND WHY?
I know it is not GUFW because it happens with it is turned off.
In the GUFW report, is lists in the "report" tab: UPD6 protocol, port 5353, address *, application avahi-daemon
I can't find any documentation showing what the "report" tab in GUFW is actually showing.
MORE INFO if you are interested:
the OpenDNS support got me to run this commands:

nslookup -type=txt debug.opendns.com. 208.67.222.222 -port=443
nslookup -type=txt debug.opendns.com. 208.67.222.222 -port=5353

when the issue I described was happening, these returned:

;; connection timed out; no servers could be reached

but when everything was OK, they returned this:

bekor@Lab1 ~ $ nslookup -type=txt debug.opendns.com. 208.67.222.222 -port=443
Server: 208.67.222.222
Address: 208.67.222.222#443

Non-authoritative answer:
debug.opendns.com text = "server m33.syd"
debug.opendns.com text = "flags 20 0 50 39500007E00400014C3"
debug.opendns.com text = "originid 55659598"
debug.opendns.com text = "actype 2"
debug.opendns.com text = "bundle 9077860"
debug.opendns.com text = "source 123.243.37.178:36245"

DNS is cached by a number of entities.
You could even have a DNS server running on your machine (and not be aware of it) that is caching DNS entries.
Each DNS server will check its cache, and when it does not find the name, will bounce the request to another DNS server, up until it reaches the host site.
There are some commands


> dig badsite.com +trace
- large printout of all DNS servers queried.
- the very last line will show you who supplied the address
- if it fails to find the site, then it could be the browser caching the address ? maybe