Request for participants - PMS 1.23.x DNS investigation

@voorhees98

Here is a correctly working DNS query

[chuck@lizum ~.501]$ dig plex.tv aaaa

; <<>> DiG 9.11.31-RedHat-9.11.31-1.fc33 <<>> plex.tv aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51634
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;plex.tv.			IN	AAAA

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri May 28 15:20:54 EDT 2021
;; MSG SIZE  rcvd: 36

[chuck@lizum ~.502]$ 

1. I am requesting AAAA records
2. Notice the status: NOERROR message. This is correct. There are no AAAA records.
3. Eero returns status: SERVFAIL. This is incorrect because it’s telling PMS that it can’t service the request at all which is false.

I can confirm 1.23.2.4600 fixed the issue for me.

Hey all,
I also have an Eero Pro 6. Plex server runs on a Synology 918+. I installed Plex version 1.23.2.4600 and I’m still experiencing the issue:
`; <<>> DiG 9.10.6 <<>> plex.tv AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36465
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;plex.tv. IN AAAA

;; Query time: 28 msec
;; SERVER: 2001:558:feed::1#53(2001:558:feed::1)
;; WHEN: Sun May 30 18:14:25 EDT 2021
;; MSG SIZE rcvd: 25`

I disabled Eero Secure and this resolved the issue for me.

Is there an issue we can track?

Please confirm 1.23.2.4600 ?

If it is then we’re not at the bottom of the rabbit hole

I don’t know if we’ll ever be because this is a firmware problem we’re trying to work around. The only apparent viable option, until fixed by Eero, is to turn off secure.

I got this from Eero
This is John with eero following up. Did you test adding plex.tv to your list of allowed websites and retest?

Letting my presence be known, as requested by ChuckPa. I found and reported my own solution for Arch Linux Plex Media Server after the issue appeared in v1.23 here (1.23.2.4656-85f0adf5b did not fix it as some have reported here):

Whitelisting didn’t appear to make any difference to me. The problem wasn’t that the eero filter was blocking Plex domains, it was replacing normal responses (NXDOMAIN) with an error (SERVFAIL).

1. Whatever happens in Arch Linux is the responsibility of whomever provides the package. We do not have any Arch installations to even support with or from nor do we package it.

2. PMS did resolve the SERVFAIL messages with EERO devices by working around that firmware bug. If it exists elsewhere will need be investigated and Engineering will need determine how they want to handle it.

Arch Linux uses the RedHat/Fedora/CentOS/SUSE package straight from downloads.plex.tv (see the Sources section here: AUR (en) - plex-media-server, currently https://downloads.plex.tv/plex-media-server-new/1.23.2.4656-85f0adf5b/redhat/plexmediaserver-1.23.2.4656-85f0adf5b.x86_64.rpm).

I completely agree that it is the responsibility of Plex to provide a working package.

… on supported platforms.

Ubuntu, Synology, and Docker are supported, and all developed this problem at v1.23.

Clarification:

1. This AAAA DNS error with the resolver began with 1.23.0.

2. It was discovered and mitigated for all the known instances in 1.23.1. The problem presented itself with EERO devices.

3. This is not the appropriate thread to discuss adding support for Arch Linux.

If I were the only one with the problem, I would say “ah, it isn’t supported on Arch Linux”, but people across various OS’s have the problem.

This issue persisted in 1.23.1 and persists in 1.23.2 [1], [2], [3] which is why I’m here, not to get Arch Linux any kind of support.

I am having this issue. I was told that 1.23.4 was going to fix it, but it did not. If there is anything I can provide to aiding in a solution lmk.

@j_r0dd1

DEBUG logs ZIP please which capture this?

Also please share what you’re using for equipment between PMS and the internet; including if PMS is native on the host or abstracted in any way.

Plex Media Server Logs_2021-06-26_15-03-32.zip (4.8 MB)

I have a 10Gbe fiber connection going from my server to a Mikrotik switch and from the switch to a Mikrotik router. Both have ipv6 disabled. I am running this on my Kubernetes cluster with a docker image. Port 32400/tcp is open to the internet and exposed from the container. I also opened 32469/tcp, 1900/udp, 8324/tcp, 32410/udp, 32412/udp, 32413/udp & 32414/udp from the container to the lan. The container and ALL my other containers access the internet without issue. Only the plex app itself is having this disconnect. I was using the freebsd version for years and just recently migrated to the linux version.

I will say that the new version 1.23.4.4712-1f0ed4aea is at least partly usable. All other versions of 1.23 would not even let me access the server. The web app would keep telling me to install the server. 1.22.3.4523-d0ce30438 is the last version that works for me.

You log file SCREAMS “DNS lookup failure”

Jun 26, 2021 14:52:24.298 [0x7f5901ec4b38] ERROR - Error issuing curl_easy_perform(handle): 6
Jun 26, 2021 14:52:24.298 [0x7f5901e9fb38] ERROR - [MediaProviderManager] Error issuing curl_easy_perform(handle): 6
Jun 26, 2021 14:52:24.298 [0x7f5901ec4b38] WARN - HTTP error requesting GET https://plex.tv/api/v2/server/access_tokens?auth_token=xxxxxxxxxxxxxxxxxxxx (6, Couldn't resolve host name) (Could not resolve host: plex.tv)

The docker container is relying on your host.

Why can’t the host resolve plex.tv ?

Does the host have /etc/resolv.conf ?

@ChuckPa ”Why can’t the host resolve plex.tv ?” This is why I am in this thread. You asked for people that were affected by this. Yes it has resolv.conf. I have numerous containers running with zero issues. I fought with plex for a solid week before I found the other thread and simply installed 1.22 to get up and running. It is the plex app itself that has resolve issues. I can curl plex.tv from the container just fine. Your app can not as of v1.23. It doesn’t matter if it’s your official container or a custom built container. The results are exactly the same.

You guys are trying to blame everything else except taking responsibility for this. It’s an EERO bug, arch linux doesn’t have an official package, now you are wondering if my host has a resolv.conf. Im not trying to be a d*ck, but your update introduced this bug.

I understand and understand your frustration.
This problem was driving me nuts trying to figure it out.

I can share what we found / what we know. Somewhere in that we will find intersection with what you have and we’ll get to a solution.

A. The initial problem

1. EERO devices have a bug which returns “SERVFAIL” when searching for IP addresses instead of “Not Found”.

2. Engineering wrote very specific code to watch for those devices and handle that case.

B. Since then

1. We’ve found the ‘musl’ library gets all uptight when /etc/resolv.conf doesn’t exist
   -or

2. /etc/resolve.conf points to bad DNS resolvers.

3. musl does not like DNS filtering / shaping which some users perform for security purposes.

C. what’s been done.

Engineering has preprogrammed 1.1.1.1 (CloudFlare DNS) as the absolute fallback DNS resolver should everything else on the host fail

Prior to this case cropping up, I thought it all had been resolved.

Now we begin.

In the container – on the shell command line

What do you get with dig plex.tv ?

Now follow up with dig plex.tv AAAA ?