Cannot connect to .local host (multicase DNS)

krbonne · March 30, 2021, 10:54pm

Hi,

I just started using brave but I noticed that I cannot connect to my hosts on my LAN using their .local (multicast DNS) names (e.g. http://pi3.local/). I get a DNS-failure error.

Sniffing the traffic on the ethernet interface, it looks like brave does a DNS query for “pi3.local” to my DNS-server, instead of doing the mdns (udp/5353) lookup to the host using IP-multicast on the LAN.

Is there a way to tell brave that for certain domains it should use the normal linux “gai” call instead of its own DNS-lookup?

Brave: Version 1.22.70 Chromium: 89.0.4389.105 (Official Build) (64-bit)
(https://brave.com/latest/)
Linux Mint 20.1 Ulyssa on amd64

Kr.

fanboynz · March 30, 2021, 11:46pm

Does disabling Ads and trackers in shields help @krbonne ?

krbonne · March 31, 2021, 7:37am

Nope. Still the same problem.

fanboynz · March 31, 2021, 9:13am

Okay, what does the error message say, and the devconsole?

krbonne · March 31, 2021, 10:08am

As I explained: a DNS error:

This site can’t be reached

pi3.local ’s DNS address could not be found. Diagnosing the problem.
DNS_PROBE_POSSIBLE

This is what I get in tcpdump:
12:00:46.797254 IP 192.168.2.48.40475 > 192.168.2.1.53: 54771+ A? pi3.local. (30)
12:00:46.797405 IP 192.168.2.48.52448 > 192.168.2.1.53: 11152+ AAAA? pi3.local. (30)
12:00:46.802929 IP 192.168.2.1.53 > 192.168.2.48.40475: 54771 NXDomain 0/0/0 (30)
12:00:46.808373 IP 192.168.2.1.53 > 192.168.2.48.52448: 11152 NXDomain 0/0/0 (30)
12:00:46.808727 IP 192.168.2.48.33700 > 192.168.2.1.53: 35163+ A? pi3.local.home. (35)
12:00:46.808810 IP 192.168.2.48.38516 > 192.168.2.1.53: 38262+ AAAA? pi3.local.home. (35)
12:00:46.814580 IP 192.168.2.1.53 > 192.168.2.48.33700: 35163 NXDomain 0/0/0 (35)
12:00:46.814580 IP 192.168.2.1.53 > 192.168.2.48.38516: 38262 NXDomain 0/0/0 (35

This is what you should see for mdns (when I do a "ping -n pi3.local):
12:02:48.806777 IP 192.168.2.48.5353 > 224.0.0.251.5353: 0 A (QM)? pi3.local. (27)
12:02:48.862498 IP 192.168.2.50.5353 > 224.0.0.251.5353: 0*- [0q] 1/0/0 (Cache flush) A 192.168.2.50 (37)
12:02:48.960147 IP 192.168.2.50.5353 > 224.0.0.251.5353: 0*- [0q] 1/0/0 (Cache flush) A 192.168.2.50 (37)

(and ipv6 to ff02::fb.5353)

krbonne · March 31, 2021, 10:11am

What is the “devconsole”?
Do you mean “more tools” → “developer tools” → console?

That is empty

tagd0tbutl0t · March 31, 2021, 11:02am

u use vpn when do it or dns provider example one.one.one.one? if yes u need disable it

krbonne · March 31, 2021, 11:52am

No, this is just a standard new installation of linux mint, so special configuration.
As you can see in the tcpdump, the dnsquery goes to the DNS-server on my network, so nothing fancy.

If you think about it, if you use an external DNS service, this could be considered a privacy-vulnerability as you leak information about internal hosts on the LAN of the user to the outside world.
There is no reason why a DNS-query for a .local host should ever leave the local network.

fanboynz · March 31, 2021, 12:15pm

Does disabling shields (ads/trackers etc) via brave://settings/shields make any difference?

krbonne · March 31, 2021, 12:46pm

Hi,

No. Not when I change this at global level, nor at site level. No difference.

Do you have the same problem on your setup??

Normally, if you do a query to (say) https://test123.local/, if it does a mdns request, it will take a few seconds for the mdns to time-out.
If you get the answer that the host does exist immediately, then you know that it has done a ‘normal’ DNS query.

fmarier · March 31, 2021, 9:33pm

Does the DNS lookup work if you try another program, say ssh pi3.local?

I ran into similar DNS problems when I upgraded to Ubuntu 20.04:
https://feeding.cloud.geek.nz/posts/upgrading-from-ubuntu-bionic-to-focal/#Network_problems

krbonne · March 31, 2021, 10:01pm

Hi, … yes … everything else works (ping, ssh, …), both resolving ipv4 and ipv6 addresses.
(I did try this before asking the question )

Hum … just did some additional tests.
It turns out that chromium also has the same issue. Firefox does work OK.
so is this related to the chromium code-base?

fmarier · March 31, 2021, 10:54pm

What Secure DNS settings do you have in brave://settings/security?
Screenshot from 2021-03-31 15-52-25

The fact that you’re seeing the same problem in Chromium means that yes, it’s a problem in the Brave code that comes from upstream (Chromium project).

krbonne · April 1, 2021, 8:20pm

Bonjour Francois,

The secureDNS is not configured. I just use my own router as DNS server.

But in the mean time, I managed to solve the issue! I did a test to switch to ubuntu (20.04.2 LTS) and the brave-browser does not seams to have this issue on that distro.
It is the same version of brave (Version 1.22.70 Chromium: 89.0.4389.105 (Official Build) (64-bit); so I guess the issue must be related to an interaction between the name-server system on linux and the brave-browser.

Oddly enough, chromium (or at least the ungoogled version of it on Ubuntu) does still have this issue. Strange!

OK. I propose we close the issue and just archive this discussion per possible future reference.

Thanks all for helping out!

Kr.