Picture of Jürgen Kreileder

Posts Tagged ‘soa’

Speedport Routers Eat Your DNS SOA Requests in Modem-Mode

Some years ago I switched to using a Speedport W701V from Deutsche Telekom on my ADSL line at home. I set it up in modem-mode and let a small Linux box handle everything else. This setup had worked fine with other modems but shortly after switching to the Speedport I noticed that my local caching DNS server didn’t work correctly anymore. I didn’t really connect the dots at this point, though.

That happened a few days later when I tried to use Apple’s Back to My Mac — it just didn’t work. After some network tracing I found out that the Apple machine sent DNS SOA requests but never got a reply back. It turned out that all SOA request got blocked somewhere. Sending requests to my own name server (host -t soa blackdown.de ns.blackdown.de) and tracing DNS there showed that no packet ever arrived.

I put the Speedport back into router-mode at this point and, who would have guessed it, SOA requests worked fine again.

After fruitless discussions with Deutsche Telekom support (it was impossible to find anyone who even remotely understood what I was talking about) and sending a bug report to AVM (the 701V actually is a FRITZ!Box) which never got an answer, I finally solved the problem by putting a Freetz firmware on the Speedport. This firmware had an option to disable the PPPoE-Filter. After disabling the filter the device worked flawlessly in modem-mode.

Now, a few days ago, I switched to VDSL and got a new router: a Speedport W920V.
First thing I did was to put it into modem-mode. And there it was again, the DNS SOA problem!

Knowing what the problem was, I found a simpler fix this time:

  1. Download the configuration from the device
  2. Manually change dnsfilter_for_active_directory = yes; to dnsfilter_for_active_directory = no; in the pppoefw section
  3. Manually change ipnetbiosfilter = yes; to ipnetbiosfilter = no; in the pppoefw section
  4. Insert a NoChecks=yes line after the Country=… line in the header to make the device accept the modified file although its checksum is wrong now
  5. Upload the modified configuration to the device

(If you have a local NTP server, you also might want to add it to the server_list in the ntpclient section while editing the configuration of the Speedport.)