May 17, 2008

Orange Livebox, Jabber, DNS broken–ness

For some time now, we’ve been trying to work out what’s going wrong with our jabber setup from off-campus.

We have a jabber server set up to handle the domain, and since the server’s hostname isn’t actually ‘’ (that IP having already been taken, sensibly, by a web server), we use an SRV record in DNS to point to the ‘real’ server. Comme ca:

$ dig SRV +noall +answer 43200 IN SRV    5 0 5269

Now, if I try this from home (behind an Orange Livebox router) I get this:

$ dig SRV  +noall +answer

i.e. nothing. The result of this, is that if I try to connect to our jabber server, pidgin first does a lookup for the SRV record, doesn’t get it, so then tries a lookup for the A record and attempts to connect to that instead. Which, of course doesn’t work :-(

But wait! A quick poke in my router config, and I see that the upstream DNS is What happens if I point straight at that?

$ dig SRV  @ +noall +answer 41657 IN SRV    5 0 5269

lo and behold, it works, albeit rather slowly.

A quick bit of digging on the internet didn’t reveal much, but it did thow up this which google translated as

Since their updated their DNS resolver works far less well at home. . It could not find the entrance SRV servers jabber (_jabber._tcp.domain). Suddenly, impossible to establish the connection between my server and other: @ And then at times is a long time to get an answer: / So I use my own Bind is much better. To circumvent the lack of dhcp static, I went in with a static addressing IP outside the beach DHCP. Now everything is back in order.

So, it would seem that the livebox DNS server is basically broken; it either doesn’t understand what to do with an SRV request, or has been misconfigured not to pass them upstream. The upstream servers are too slow/flaky to use without a cacheing layer in between, so what to do? There are a few solutions:

1) Pragmatic one: Just specify a ‘connect server’ in pidgin. This works fine on linux. On adium (OSX) it occasionally gives me a warning that the SSL certificate (which is for does not match the domain ( but that’s kind of OK

2) ‘Paying Customer’ approach. I could complain to Orange. I’m sure that they would leap into action and issue a firmware update forthwith. Oh yes. Still, it probably wouldn’t hurt to try and get it on their to-do list.

3) Geeky fix: Run bind + dhcpd on my NSLU2, disable the livebox DHCP. All good, except that if it breaks when I’m not around, I will be murdered with an axe by a family who have endured a day without the Cbeebies website.

4) Lower-risk geeky fix: Run bind on the NSLU2, reserve a chunk of 192.168/24 from the livebox’s DHCP server, then allocate static IPs and hardcoded resolv.conf’s on my computers, whilst leaving the family computers (which have no need of anyway) well alone.

I think I’ll start with option 4, and see where it gets me to…

- No comments Not publicly viewable

Add a comment

You are not allowed to comment on this entry as it has restricted commenting permissions.

Most recent entries


Search this blog

on twitter...


    Not signed in
    Sign in

    Powered by BlogBuilder