guest - flak

the day some of the DNS stopped

For the past few months, my iPhone has had a peculiar bug. Apple services didn’t work in my house. I could listen Amazon music, but not Apple music. I could update my Facebook status, but not the Facebook app itself. I could read Apple’s website and learn about security updates in the latest version of iOS, but not download them.

If I disabled wifi, all of these things became possible. Of course, that meant burning through cellular data. And important iOS updates can’t be downloaded except via wifi. If I walked down to a Starbucks and used their wifi, I could download everything. By process of elimination, I concluded the problem was not the phone, Apple’s services, the wifi radio, etc. The problem was local to my home network. (Or perhaps somewhere one step beyond, in the ISP network, but that seemed a somewhat less likely suspect. Also, multiple other local wifi networks worked.)

Knowing nothing about how Apple update works, but speculating about technologies I doubt work in my house, I figure maybe they use some peer to peer sharing service? Or something other than TCP or UDP and it’s not getting NATed correctly? How to identify the problem? In tcpdump we trust.

Running tcpdump on my router and attempting to check for updates a few times was sufficient to spot a suspicious packet. There was a fair bit of noise at first because every app is constantly chattering away, but eventually it settles down and every update attempt ends with the same outbound packets before failing.

18:45:20.904650 > 45472+ A? (32)
18:45:21.913779 > 45472+ A? (32)
18:45:24.925548 > 45472+ A? (32)

Not such a strange packet, actually. Just a DNS request. But sure enough, trying to lookup this host on my laptop fails as well.

;; connection timed out; no servers could be reached

The problem was definitely only (or at least, mostly only) Other Apple hosts worked fine.

host is an alias for is an alias for is an alias for has address has IPv6 address 2001:559:1b:18b::1aca has IPv6 address 2001:559:1b:186::1aca has IPv6 address 2001:559:1b:19a::1aca

I’m running unbound on my router, so the next thing was to try bypassing it and using a public DNS server like Instead of mucking about with the settings on both my phone and my laptop, and then toggling both back as the experiment progressed, let’s use pf.

pass in on cnmac1 proto { udp , tcp } from any to any port 53 rdr-to port 53

This redirects DNS requests around the local server directly to And sure enough, mesu started working.

host is an alias for is an alias for has address has address

And the iPhone commenced downloading its long awaited updates.

Curious as to the cause of the problem, since unbound itself was being very quiet, I switched the pf rule off, reconfirmed the problem, then restarted with verbose debugging. And the problem immediately resolved itself.

What actually happened? No idea really. That particular query somehow found itself trapped in a bad spot in unbound’s cache. Maybe? Oh well, until next time.

Another report with more information.

Posted 2016-05-17 23:45:14 by tedu Updated: 2016-07-12 04:33:12
Tagged: network openbsd