You are not logged in.

#1 2019-01-15 02:29:02

JuanPotato
Member
Registered: 2016-09-06
Posts: 7

Using Unbound for DNS over TLS breaks printer with cups and Avahi

Hi guys, I've had my network printer connected to my laptop using Avahi and have been able to print things using cups. Things were going fine until I set up unbound to be my DNS server so I could have DNS over TLS.

My unbound config is

server:
  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
  use-syslog: yes
  do-daemonize: no
  username: "unbound"
  directory: "/etc/unbound"
  trust-anchor-file: trusted-key.key

forward-zone:
  name: "."
  forward-tls-upstream: yes
  # Cloudflare DNS
  forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
  forward-addr: 1.1.1.1@853#cloudflare-dns.com
  forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
  forward-addr: 1.0.0.1@853#cloudflare-dns.com

And my resolv.conf

# Generated by resolvconf
nameserver ::1
nameserver 127.0.0.1

The error cups give me is just `"Unable to locate printer "BRWB01041DDA6F0"."` in the online control but I'm not sure where I should get more logs from.

Last edited by JuanPotato (2019-01-15 02:44:19)

Offline

#2 2019-01-15 02:34:10

bugsmanagement
Member
Registered: 2017-04-21
Posts: 201

Re: Using Unbound for DNS over TLS breaks printer with cups and Avahi

Hello there,

Out of curiosity, can you not change the information in Avahi to IP?

I don't have formality with Avahi, doesn't Avahi uses it's own network protocol?

Regards

Offline

#3 2019-01-15 03:35:23

loqs
Member
Registered: 2014-03-06
Posts: 17,195

Re: Using Unbound for DNS over TLS breaks printer with cups and Avahi

JuanPotato wrote:

Things were going fine until I set up unbound to be my DNS server so I could have DNS over TLS.

What was providing Avahi DNS resolution before you switched to unbound?  What is the system's current /etc/nsswitch.conf ?

Offline

#4 2019-01-15 03:43:39

JuanPotato
Member
Registered: 2016-09-06
Posts: 7

Re: Using Unbound for DNS over TLS breaks printer with cups and Avahi

bugsmanagement wrote:

Out of curiosity, can you not change the information in Avahi to IP?

No clue, couldn't immediately find something on the arch wiki related to that but there still might be an option somewhere?

loqs wrote:

What was providing Avahi DNS resolution before you switched to unbound?  What is the system's current /etc/nsswitch.conf ?

Well my resolvconf was just pointing to 192.168.1.1 instead of 127.0.0.1. And I had 1.1.1.1 set in the router dns settings. I didn't change anything else so I'm not sure what other info you'd want.

Here is my nsswitch.conf

# Name Service Switch configuration file.
# See nsswitch.conf(5) for details.

passwd: files mymachines systemd
group: files mymachines systemd
shadow: files

publickey: files

hosts: files mymachines myhostname mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files

Offline

#5 2019-01-15 04:04:08

loqs
Member
Registered: 2014-03-06
Posts: 17,195

Re: Using Unbound for DNS over TLS breaks printer with cups and Avahi

mdns_minimal is before resolve and dns which from my limited understanding should try mdsn_minimal first.
What is the output of

getent hosts BRWB01041DDA6F0

cups log location is covered in https://wiki.archlinux.org/index.php/CU … leshooting

Offline

#6 2019-01-15 04:13:56

JuanPotato
Member
Registered: 2016-09-06
Posts: 7

Re: Using Unbound for DNS over TLS breaks printer with cups and Avahi

loqs wrote:

mdns_minimal is before resolve and dns which from my limited understanding should try mdsn_minimal first.
What is the output of

getent hosts BRWB01041DDA6F0

cups log location is covered in https://wiki.archlinux.org/index.php/CU … leshooting

With my dns server as unbound (resolveconf 127.0.0.1) there is no output and just an error code of 2.

But with the old setup, the output is

192.168.1.254   BRWB01041DDA6F0

Offline

#7 2019-01-15 04:23:13

bugsmanagement
Member
Registered: 2017-04-21
Posts: 201

Re: Using Unbound for DNS over TLS breaks printer with cups and Avahi

I use ubound myself. unbound is a recursive DNS caching server. Unbound use root DNS servers first unless you configure it otherwise. Avahi is mDNS from a quick Google search. it's multicast, not a unicast, eg not contacting a UDP/53 for information. See https://en.wikipedia.org/wiki/Multicast_DNS

Last edited by bugsmanagement (2019-01-15 04:24:15)

Offline

#8 2019-01-15 04:25:36

loqs
Member
Registered: 2014-03-06
Posts: 17,195

Re: Using Unbound for DNS over TLS breaks printer with cups and Avahi

The following should test if the router can reolve BRWB01041DDA6F0 whch it might have been doing if mdns_minimal is not matching the entry.

host BRWB01041DDA6F0 192.168.1.1

Offline

#9 2019-01-15 04:32:04

JuanPotato
Member
Registered: 2016-09-06
Posts: 7

Re: Using Unbound for DNS over TLS breaks printer with cups and Avahi

loqs wrote:

The following should test if the router can reolve BRWB01041DDA6F0 whch it might have been doing if mdns_minimal is not matching the entry.

host BRWB01041DDA6F0 192.168.1.1

Yep that's working and giving me

Using domain server:       
Name: 192.168.1.1
Address: 192.168.1.1#53
Aliases: 

BRWB01041DDA6F0 has address 192.168.1.254

So is my mdns_minimal not working properly then? I really don't know much about networking and I really appreciate you helping me out.

Offline

#10 2019-01-15 04:38:59

bugsmanagement
Member
Registered: 2017-04-21
Posts: 201

Re: Using Unbound for DNS over TLS breaks printer with cups and Avahi

From my experience with Unbound, it's picky, you looked at https://nlnetlabs.nl/documentation/unbo … ound.conf/ ?

EDIT: You might want to search https://nlnetlabs.nl/mailman/listinfo/unbound-users for similar problems

Last edited by bugsmanagement (2019-01-15 04:44:56)

Offline

#11 2019-01-15 09:30:33

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 592

Re: Using Unbound for DNS over TLS breaks printer with cups and Avahi

mDNS needs a domain (.local in default configuration) for hostname lookups, i.e. hostname.local not hostname; read https://wiki.archlinux.org/index.php/Av … resolution . So, JuanPotato, you were never using mDNS to find BRWB01041DDA6F0. The queries were always answered by the network's DNS server.

If you want to use mDNS, use BRWB01041DDA6F0.local for the printer address.

Offline

#12 2019-01-17 02:34:07

JuanPotato
Member
Registered: 2016-09-06
Posts: 7

Re: Using Unbound for DNS over TLS breaks printer with cups and Avahi

bugsmanagement wrote:

From my experience with Unbound, it's picky, you looked at https://nlnetlabs.nl/documentation/unbo … ound.conf/ ?

EDIT: You might want to search https://nlnetlabs.nl/mailman/listinfo/unbound-users for similar problems

Thanks for the links, will definitely check them out.

nl6720 wrote:

mDNS needs a domain (.local in default configuration) for hostname lookups, i.e. hostname.local not hostname; read https://wiki.archlinux.org/index.php/Av … resolution . So, JuanPotato, you were never using mDNS to find BRWB01041DDA6F0. The queries were always answered by the network's DNS server.

If you want to use mDNS, use BRWB01041DDA6F0.local for the printer address.

If I remember, cups broke still with BRWB01041DDA6F0.local, I will try to find a way to test. And I never manually set the hostname, cups just gave me a selection of found printers.

Offline

#13 2019-02-12 04:49:51

JuanPotato
Member
Registered: 2016-09-06
Posts: 7

Re: Using Unbound for DNS over TLS breaks printer with cups and Avahi

My solution to this was that I switched to dnscrypt and added some forwarding rules to forward the printer domain to 192.168.1.1 for resolution. H

Offline

Board footer

Powered by FluxBB