UniFi AP's w/ Untangle Router @ home, Not Working Properly

EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136
Alright, so this has been driving me to near madness for almost a week now.

Long story short, we upgraded all of our equipment to Sonicwall at the office so I took the old Ubiquiti access points home since nobody wanted them. There's 2 UniFi AP-AC Lites and 1 AP-AC Long Range (LR) w/ PoE injectors. Simple stuff. I added all 3 MAC ID's to my Untangle router's DHCP table and installed the software on a small home server. AP's were found/adopted, firmware was automatically updated, and all seemed good.

Here's the problem: despite the overall site/network status reading as "Good" I am getting nothing but DNS connectivity issues. One second it's good, next clients can't get internet access; this happens over and over to no end. Connection to the AP's themselves is perfect (full signal) but I can't for the life of me figure out what is wrong. Here's a list of stuff I've tried:

Enabled QoS/Bandwidth shaping on router (Untangle)
Tried different DNS servers (Xfinity to Google)
Replaced two or three Cat5e cables
Reset the PoE adapters
Swapping locations of the UAP's
Reboot modem, router, and UniFi server

Nothing has helped. At this point I'm just going to revert all of my efforts because all of my unmanaged AP's before were working just fine--was just a PITA having to connect to different SSID all the time. Does anyone with more networking experience have an idea about what could be going on here? Should I have them set up differently? I'm having a hard time accepting that this is as complicated as I'm making it.
 

EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136

Hmm, that's similar scenario all right... I might try the "adding the VLAN interfaces as Listen Interfaces under services > DNS" assuming that is done at the router. The AP's aren't on separate VLANs however.


Same issue with one, two, or three AP's... great connectivity to actual AP but internet access is unreliable.
 

ch33zw1z

Lifer
Nov 4, 2004
37,734
18,005
146
Are you running any vlans?

Maybe some screen shots of the untangle and ubnt controller config would help
 

ch33zw1z

Lifer
Nov 4, 2004
37,734
18,005
146
You can try just making one untagged vlan for the entire subnet and see if that clears it up
 

EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136
Where are the dns addresses coming from? The router (proxy) or the isp?

Well, here's the thing. I thought they'd be coming from my ISP but it turns out that the wireless clients attached to the UAP's were using my router's LAN IP as the DNS servers. Put in Google DNS servers manually (on endpoints) and viola, perfect internet connectivity. So, I don't know what I did but the wired endpoints are also using my router's IP as DNS and they're totally fine??

There are no static DNS entries listed in my router and DNS sessions are NOT bypassed via port 53.
 

SamirD

Golden Member
Jun 12, 2019
1,489
276
126
www.huntsvillecarscene.com
Yep, that's why I asked. :D I've seen something similar on my netgear routers. There's a 'dns proxy' option that makes the router ip the dns. Once I turned that off and the clients got the direct dns address, my issues disappeared too.

I'd check the untangle for a 'dns proxy' type of option and see if it is set.
 

EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136
I believe Untangle uses something called 'dnsmasq' by default so I'm looking into how to add manual arguments to pass DNS to clients. I don't know if it can simply be disabled.
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
I put the following extra options for my FreshTomato Netgear router's DNSmasq

==

all-servers
# By default, when dnsmasq has more than one upstream server available, it will send
# queries to just one server. Setting this flag forces dnsmasq to send all queries to all
# available servers. The reply from the server which answers first will be returned to
# the original requester.


strict-order

# upstream DNS servers
server=4.2.2.1
server=8.8.8.8
server=1.1.1.1
 
Last edited:
  • Like
Reactions: EXCellR8 and SamirD

EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136
what is considered an upstream DNS server in this case? I assume any server that isn't on my network...

I put in the "dhcp-option=6,xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx but all clients still show my router IP as the DNS server.
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
what is considered an upstream DNS server in this case? I assume any server that isn't on my network...

I put in the "dhcp-option=6,xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx but all clients still show my router IP as the DNS server.

I did not set dhcp-option=6,xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx so I don't know.

I set my PC using router's IP 192.168.1.1 as DNS and get all DNS query results.

Upstream DNS servers list means your router will forward DNS queries to these servers for your client device (PC, laptop, smartphone) and return the answers for them.
 
Last edited:

ch33zw1z

Lifer
Nov 4, 2004
37,734
18,005
146
Good posts in here. I also just have my routers ip as my dns source and have no issues. Router is an ER-x
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
If you want to use DNSmasq as your local DNS server for your network devices, you can add following options.

local=/lan/
domain=homelab.lan
expand-hosts


then your PC which is named pc1 will become pc1.homelab.lan, pc2 will become pc2.homelab.lan etc.

==

According to this, I think you should just remove that dhcp-option line.
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2004q4/000010.html
 
Last edited:
  • Like
Reactions: killster1

EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136
Good posts in here. I also just have my routers ip as my dns source and have no issues. Router is an ER-x

router IP works fine for my wired endpoints but for whatever reason the wireless ones don't like it. I tried putting in my ISP's DNS into each UAP manually but that didn't seem to work either.

If you want to use DNSmasq as your local DNS server for your network devices, you can add following options.

...According to this, I think you should just remove that dhcp-option line.
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2004q4/000010.html

It's not that I want to use dnsmasq but I am not sure it can be removed from untangle, therefore I have to figure out how to bypass it.
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
Have you tried resetting the WAPs?

In post #9 you said if you put in Googls DNS IP in endpoints then it works, you mean PC/tablet/smartphone right?, so your WiFi clients still get router IP as their DNS server via Untangle DHCP?

Have you tried put in extra options commands in Untangle?

I believe you can't disable DNSmasq (a DNS & DHCP server combo) since I believe Untangle needs the service itself.

You also should not let WAP acting as DHCP servers. There should be only one device acting as DHCP server on your network, and it should be Untangle.
 
Last edited:

ch33zw1z

Lifer
Nov 4, 2004
37,734
18,005
146
router IP works fine for my wired endpoints but for whatever reason the wireless ones don't like it. I tried putting in my ISP's DNS into each UAP manually but that didn't seem to work either.

You're gonna need to show a screen shot of this or tell me where this config section is. I'm digging through the Controller software right now and can't seem to locate this information....probably my error.

The DNS requests should just flow from the clients to the router software without the AP's interference.

Edit: I found it, mine is all DHCP. DNS on the AP would only really matter if using NTP or wanting to download firmware direct from UBNT. DNS on the AP should have no impact on the clients connectivity
 
Last edited:

SamirD

Golden Member
Jun 12, 2019
1,489
276
126
www.huntsvillecarscene.com
Now that I'm thinking about this, even though dns proxy can cause all sorts of trouble, it seems that it might be an issue with the ubiquitis since your existing aps used to work fine.

In fact, let's prove this to be the case by connecting one of the unmanaged aps and see if clients connected to that work fine. If so, I'd try changing to another firmware version on the ubiquities and see if the problem magically fixes itself.
 

ch33zw1z

Lifer
Nov 4, 2004
37,734
18,005
146
Now that I'm thinking about this, even though dns proxy can cause all sorts of trouble, it seems that it might be an issue with the ubiquitis since your existing aps used to work fine.

In fact, let's prove this to be the case by connecting one of the unmanaged aps and see if clients connected to that work fine. If so, I'd try changing to another firmware version on the ubiquities and see if the problem magically fixes itself.

He should post what version he's running now. He should also just start with one, get it on the network, factory reset it, and start from scratch. I strongly advise a static DHCP reservation configured at the router software and allowing the AP to pickup IP config via DHCP. He has a LR version, as do I, and there's only one mention of a DNS fix in the latest change log here: https://community.ui.com/releases/F...42-10433/75a45ae4-66f6-4e59-8167-8d0b4925b4eb

I'm currently running the AP with no problems at that firmware level. I have one untagged VLAN for the entire 192.168.1.x subnet, one tagged vlan off a single port to play with managed network gear. I would suspect his problem is config at the router side.
 
Last edited: