Quad9 DNS servers and plugin/docker check for updates failing?


Recommended Posts

Hello community,

 

This is more just a lessons learned (for myself) vs an ask for help, but I have been going back and forth over the past couple weeks on why CA Auto Update has just not been updating anything. I have unraid set to not check for plugin/docker updates, as I am using CA Auto Udpate to do a daily check, then auto update after 1 days time. Been working fine as far as I can remember.

 

Recently I have been playing around with my network, went 10Gbe, bonded (Active/Passive) setup, I have dual wan at home over pfsense though it's also in an active/passive setup and not load balanced so I only ever have one default gateway and I do have it set to clear my state table on failover. I don't run any adblocking or anything. I use my firewall as my assigned DNS server through both static and dynamic IP hand out's (unless you are on a VLAN and then I assign you two addresses) and I handle all this at the router end (though I still set unraid to a static IP internally in unraid just as a fall back).

 

So, long story short now that you know my setup, I was playing around with blocking UDP 53 on all clients except on local wan, and had that going for a few days. Then I went a few days and noticed that neither my plugins or dockers were showing any updates, which I though was weird. Especially since I run Binhex's jackett build and that thing can get 3 x updates in a day sometimes. So I started trying to manually check for updates, and since I have autocheck disabled in unraid I have the manual "check for updates" button on both plugins and dockers. I would click it, and could see the check randomly fail throughout the check. Sometimes after one plug in, sometimes after 4, 5 etc.. but kept failing. So I thought it was UDP 53 somehow interfering, so I disabled the rule and still saw the same behavior. UNTIL I remembered that I also changed from Cloud Flare DNS servers (1.1.1.2, 1.0.0.2) to Quad9's at the same time (9.9.9.9, 149.112.112.112). So, changing to anything other than Quad9, I am getting consistent update checks, no failures, and all works. I tested with Google DNS, Cloud Flare, and OpenDNS, all worked, Quad9 would fail.

 

So I am not sure if Quad9 is detecting the rapid hits as malicious, or something about how unraid checks for updates maybe ended up on one of Quad9's black lists. But just wanted to share. I can only assume I am the only one being able to repeatedly see this, and most others will say non-issue, but wanted to share anyways. 🙂

 

EDIT: Oh yeah, I DO use DoT if that changes anything.

Edited by cybrnook
Typos Galore
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.