DNS not working for private IPs


  • The router seems to be preventing DNS resolution to private IP addresses.

    0_1526342985962_C184D80A-D9E4-4C2A-A061-8870A4A7E5E0.jpeg

    When I send the DNS request to the router, I get no answer:

    dig @10.0.1.1 10.0.1.2.xip.io
    
    ; <<>> DiG 9.8.3-P1 <<>> @10.0.1.1 10.0.1.2.xip.io
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15532
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;10.0.1.2.xip.io.               IN      A
    
    ;; Query time: 70 msec
    ;; SERVER: 10.0.1.1#53(10.0.1.1)
    ;; WHEN: Mon May 14 19:59:29 2018
    ;; MSG SIZE  rcvd: 33
    

    When I send the request directly to the DNS server that the router is configured to forward DNS requests to, it works:

    dig @68.105.28.11 10.0.1.2.xip.io
    
    ; <<>> DiG 9.8.3-P1 <<>> @68.105.28.11 10.0.1.2.xip.io
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57198
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;10.0.1.2.xip.io.               IN      A
    
    ;; ANSWER SECTION:
    10.0.1.2.xip.io.        300     IN      A  10.0.1.2
    
    ;; Query time: 70 msec
    ;; SERVER: 68.105.28.11#53(68.105.28.11)
    ;; WHEN: Mon May 14 20:14:46 2018
    ;; MSG SIZE  rcvd: 49
    

  • @David-Loehr I know this is an old thread, but it came up in my Google results. This was answered in another thread here: https://community.amplifi.com/topic/489/amplifi-dns-server-strips-rfc1918-results-in-replies-to-clients

    Essentially, you need enable the feature "Bypass DNS cache", which is only accessible on the web interface from your computer (not from the mobile app).


  • This just started happening to us, and has unfortunately broken VPN usage for work.
    Some of our systems have public IP addresses, some have private IP addresses (for security), but they all have publicly resolvable names in DNS

    nslookup xxx.ucsd.edu
    nslookup xxx.ucsd.edu 192.168.1.1
    

    both fail ro resolve when xxx has a private IP address
    however

    nslookup xxx.ucsd.edu 1.1.1.1
    nslookup xxx.ucsd.edu 8.8.8.8
    nslookup xxx.ucsd.edu <ISP dns as shown in Amplifi>
    

    return the right private IP addresses.

    This was working fine till recently, and we do not use the bypass DNS cache option, so it seems a recent update may have regressed the behavior?


Log in to reply