You are not logged in.

#1 2022-01-12 18:32:21

jshogoth
Member
Registered: 2022-01-12
Posts: 4

[SOLVED] mDNS/DNSSD in my Arch setup is broken recently

Hey!

I am having trouble with my network printer and mDNS in general since beginning of the year and after trying a lot of different things I now have arrived a standstill. I could really need some help or ideas as to what I could have missed.

I first noticed problems when I tried to scan a document with my Canon TS5150 (wirelessly connected to my network) using ScanGear (which is a Canon scanner software). Usually, the printer is discovered with DNSSD and listed in the program. However, something must have broken down recently because the printer does not appear anymore. CUPS is also unable to find my network printer using DNSSD, something which hasn't been an issue before.

Additionally, I'm seeing weird behaviour when using mDNS discovery tools like avahi-browse or mdns-scan. These tools also don't show my printer, but looking at their requests with Wireshark reveals what seems to be valid DNSSD responses from the printer to the issued requests? (Please correct me if I'm wrong here.)

192.168.0.104 is my PC, .103 is the printer

Source	Destination	Protocol	Length	Info
192.168.0.104	224.0.0.251	MDNS	88	Standard query 0x0000 PTR _services._dns-sd._udp.local, "QM" question
192.168.0.103	224.0.0.251	MDNS	290	Standard query response 0x0000 PTR _http._tcp.local PTR _uscan._tcp.local PTR _uscans._tcp.local PTR _ipp._tcp.local PTR _ipps._tcp.local PTR _canon-chmp._tcp.local PTR _printer._tcp.local PTR _pdl-datastream._tcp.local PTR _privet._tcp.local
fe80::76bf:c0ff:feb9:9947	ff02::fb	MDNS	310	Standard query response 0x0000 PTR _http._tcp.local PTR _uscan._tcp.local PTR _uscans._tcp.local PTR _ipp._tcp.local PTR _ipps._tcp.local PTR _canon-chmp._tcp.local PTR _printer._tcp.local PTR _pdl-datastream._tcp.local PTR _privet._tcp.local

I'm currently using NetworkManager and systemd-resolved, but switching to avahi or using systemd-networkd (instead of NetworkManager) shows the exact same behavior. Windows on the same machine with the same general setup discovers the printer just fine. mDNS scanning apps for my phone also recognize the printer without issue.

Any ideas as to what I could have missed?

resolvectl status

Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.10#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com
                      2620:fe::10#dns.quad9.net 2001:4860:4860::8888#dns.google

Link 2 (enp34s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.0.1
       DNS Servers: 192.168.0.1

Link 3 (wlo1)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

/etc/resolv.conf

# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search .

Last edited by jshogoth (Yesterday 21:26:40)

Offline

#2 2022-01-12 20:41:24

seth
Member
Registered: 2012-09-03
Posts: 26,306

Re: [SOLVED] mDNS/DNSSD in my Arch setup is broken recently

but switching to avahi

W/ resolved still enabled?
https://wiki.archlinux.org/title/Avahi# … om_working

Offline

#3 2022-01-12 22:12:29

jshogoth
Member
Registered: 2022-01-12
Posts: 4

Re: [SOLVED] mDNS/DNSSD in my Arch setup is broken recently

seth wrote:

but switching to avahi

W/ resolved still enabled?

No. I disabled it and even tried masking it. Also made the necessary nsswitch.conf changes when switching from resolved to avahi and back.

Last edited by jshogoth (2022-01-12 22:13:32)

Offline

#4 Yesterday 21:25:50

jshogoth
Member
Registered: 2022-01-12
Posts: 4

Re: [SOLVED] mDNS/DNSSD in my Arch setup is broken recently

I found the solution. Turns out there is a simple firewall enabled by default if the nftables package is installed.

/etc/nftables.conf

#!/usr/bin/nft -f
# vim:set ts=2 sw=2 et:

# IPv4/IPv6 Simple & Safe firewall ruleset.
# More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/.

table inet filter
delete table inet filter
table inet filter {
  chain input {
    type filter hook input priority filter
    policy drop

    ct state invalid drop comment "early drop of invalid connections"
    ct state {established, related} accept comment "allow tracked connections"
    iifname lo accept comment "allow from loopback"
    ip protocol icmp accept comment "allow icmp"
    meta l4proto ipv6-icmp accept comment "allow icmp v6"
    tcp dport ssh accept comment "allow sshd"
    pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
    counter
  }
  chain forward {
    type filter hook forward priority filter
    policy drop
  }
}

This firewall seems to interfere with mDNS in my setup.

Running

sudo nft flush ruleset

immediately solves all problems. Should I report this to the package maintainer?

Offline

#5 Yesterday 21:29:31

Scimmia
Fellow
Registered: 2012-09-01
Posts: 8,836

Re: [SOLVED] mDNS/DNSSD in my Arch setup is broken recently

jshogoth wrote:

I found the solution. Turns out there is a simple firewall enabled by default if the nftables package is installed.

No, there isn't. Nothing is run by default, you would have to start/enable it.

Offline

#6 Yesterday 21:37:10

jshogoth
Member
Registered: 2022-01-12
Posts: 4

Re: [SOLVED] mDNS/DNSSD in my Arch setup is broken recently

Scimmia wrote:
jshogoth wrote:

I found the solution. Turns out there is a simple firewall enabled by default if the nftables package is installed.

No, there isn't. Nothing is run by default, you would have to start/enable it.

Okay, I must have enabled it at some point in time and forgotten about it. Thanks for letting me know smile

Offline

Board footer

Powered by FluxBB