You are not logged in.
- Topics: Active | Unanswered
#1 2022-01-12 18:32:21
- jshogoth
- Member
- Registered: 2022-01-12
- Posts: 6
[SOLVED] mDNS/DNSSD in my Arch setup is broken recently
Hey!
I am having trouble with my network printer and mDNS in general since beginning of the year and after trying a lot of different things I now have arrived a standstill. I could really need some help or ideas as to what I could have missed.
I first noticed problems when I tried to scan a document with my Canon TS5150 (wirelessly connected to my network) using ScanGear (which is a Canon scanner software). Usually, the printer is discovered with DNSSD and listed in the program. However, something must have broken down recently because the printer does not appear anymore. CUPS is also unable to find my network printer using DNSSD, something which hasn't been an issue before.
Additionally, I'm seeing weird behaviour when using mDNS discovery tools like avahi-browse or mdns-scan. These tools also don't show my printer, but looking at their requests with Wireshark reveals what seems to be valid DNSSD responses from the printer to the issued requests? (Please correct me if I'm wrong here.)
192.168.0.104 is my PC, .103 is the printer
Source Destination Protocol Length Info
192.168.0.104 224.0.0.251 MDNS 88 Standard query 0x0000 PTR _services._dns-sd._udp.local, "QM" question
192.168.0.103 224.0.0.251 MDNS 290 Standard query response 0x0000 PTR _http._tcp.local PTR _uscan._tcp.local PTR _uscans._tcp.local PTR _ipp._tcp.local PTR _ipps._tcp.local PTR _canon-chmp._tcp.local PTR _printer._tcp.local PTR _pdl-datastream._tcp.local PTR _privet._tcp.local
fe80::76bf:c0ff:feb9:9947 ff02::fb MDNS 310 Standard query response 0x0000 PTR _http._tcp.local PTR _uscan._tcp.local PTR _uscans._tcp.local PTR _ipp._tcp.local PTR _ipps._tcp.local PTR _canon-chmp._tcp.local PTR _printer._tcp.local PTR _pdl-datastream._tcp.local PTR _privet._tcp.localI'm currently using NetworkManager and systemd-resolved, but switching to avahi or using systemd-networkd (instead of NetworkManager) shows the exact same behavior. Windows on the same machine with the same general setup discovers the printer just fine. mDNS scanning apps for my phone also recognize the printer without issue.
Any ideas as to what I could have missed?
resolvectl status
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.10#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com
2620:fe::10#dns.quad9.net 2001:4860:4860::8888#dns.google
Link 2 (enp34s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.0.1
DNS Servers: 192.168.0.1
Link 3 (wlo1)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported/etc/resolv.conf
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0 trust-ad
search .Last edited by jshogoth (2022-01-18 21:26:40)
Offline
#2 2022-01-12 20:41:24
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,922
Re: [SOLVED] mDNS/DNSSD in my Arch setup is broken recently
but switching to avahi
W/ resolved still enabled?
https://wiki.archlinux.org/title/Avahi# … om_working
Offline
#3 2022-01-12 22:12:29
- jshogoth
- Member
- Registered: 2022-01-12
- Posts: 6
Re: [SOLVED] mDNS/DNSSD in my Arch setup is broken recently
but switching to avahi
W/ resolved still enabled?
No. I disabled it and even tried masking it. Also made the necessary nsswitch.conf changes when switching from resolved to avahi and back.
Last edited by jshogoth (2022-01-12 22:13:32)
Offline
#4 2022-01-18 21:25:50
- jshogoth
- Member
- Registered: 2022-01-12
- Posts: 6
Re: [SOLVED] mDNS/DNSSD in my Arch setup is broken recently
I found the solution. Turns out there is a simple firewall enabled by default if the nftables package is installed.
/etc/nftables.conf
#!/usr/bin/nft -f
# vim:set ts=2 sw=2 et:
# IPv4/IPv6 Simple & Safe firewall ruleset.
# More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/.
table inet filter
delete table inet filter
table inet filter {
chain input {
type filter hook input priority filter
policy drop
ct state invalid drop comment "early drop of invalid connections"
ct state {established, related} accept comment "allow tracked connections"
iifname lo accept comment "allow from loopback"
ip protocol icmp accept comment "allow icmp"
meta l4proto ipv6-icmp accept comment "allow icmp v6"
tcp dport ssh accept comment "allow sshd"
pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
counter
}
chain forward {
type filter hook forward priority filter
policy drop
}
}This firewall seems to interfere with mDNS in my setup.
Running
sudo nft flush rulesetimmediately solves all problems. Should I report this to the package maintainer?
Offline
#5 2022-01-18 21:29:31
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 12,354
Re: [SOLVED] mDNS/DNSSD in my Arch setup is broken recently
I found the solution. Turns out there is a simple firewall enabled by default if the nftables package is installed.
No, there isn't. Nothing is run by default, you would have to start/enable it.
Offline
#6 2022-01-18 21:37:10
- jshogoth
- Member
- Registered: 2022-01-12
- Posts: 6
Re: [SOLVED] mDNS/DNSSD in my Arch setup is broken recently
jshogoth wrote:I found the solution. Turns out there is a simple firewall enabled by default if the nftables package is installed.
No, there isn't. Nothing is run by default, you would have to start/enable it.
Okay, I must have enabled it at some point in time and forgotten about it. Thanks for letting me know 
Offline