Question

DNS Blocking on T-Mobile Gateway, Gateway Refuses to Accept Connection

D
Badge

Have been having issues lately and did some deep trouble-shooting today.

All the usual trouble shooting, restart reboot gate way, reboot router, reset gateway, reset router, unplug devices, etc…

Found the issue was the gateway kept reporting it was connected but the router which is wired directly to the gateway said there was no connection.

I normally use an alternative dns provider for everything, as the ISP provided dns is slow and insecure subject to dns jacking.

As soon as I switch the router to use the ISP Provided dns from the gateway it connected perfectly, devices that were manually configured with the alternative dns on their interfaces still couldn’t connect though.

Switching these devices to the ISP Provided dns solved their issue as well.

Only thing that is working with the alternative dns without issue is the Secure DNS protocol which appears to be immune to what ever is going on with the t-mobile ISP. 

I don’t know if this is a bug or a feature in t-mobile’s book or this is due to their main internet gateway provider somehow getting jacked. 

16 replies

D
Badge

Good News everyone! secure dns is coming to windows 10, it is available on beta builds now.

https://lifehacker.com/how-to-turn-on-dns-over-https-for-all-apps-in-windows-1-1843544589

H
Badge

I actually noticed this myself. My Apple TV was using the Cloudflare DNS 1.1.1.1 and it’s been blocked, my dad’s Chromecast uses Google’s own 8.8.4.4 and 8.8.8.8 DNS servers and it can’t connect to ANYTHING and I can’t change the DNS on the Chromecast. I also had nothing but issues from my Desktop (Windows and Linux), Laptop (Linux), and Tablet (Linux). Until I changed off the Cloudflare DNS to Automatic DNS.

D
Badge

Yep, I was trying to think of an innocent answer to this problem.

Just maybe they have t-mobile using a private dns for name translation for servers needed to connect on the t-mobile network and since other dns providers don’t have the ability to translate these names into an ip address the connection fails.

If so, who ever set this up failed to realize how badly they had broken everyone’s internet connection.

D
Userlevel 5
Badge +5

Basicslly, they need to fix the dual-stack problem.

 

Trying to force everything across an IPv6 only network just ramps up the complexity...  don't think they were quite ready for primetime with this.

H
Badge

I’ve been on the phone with them a couple times to complain about the dual-stack issue. I’m on the phone again right now and I’ve been subjected to 30 minutes of silent hold so far. I’m about to call up Verizon and see about their fixed wireless home internet service.

D
Badge

Basicslly, they need to fix the dual-stack problem.

 

Trying to force everything across an IPv6 only network just ramps up the complexity...  don't think they were quite ready for primetime with this.

IPv6? did you detect ipv6? I tried to detect it and didn’t.

H
Badge

IPv6? did you detect ipv6? I tried to detect it and didn’t.

If you go to whatsmyip.com it will show you the IPv4 and IPv6 address for your T-Mo service.

D
Badge

IPv6? did you detect ipv6? I tried to detect it and didn’t.

If you go to whatsmyip.com it will show you the IPv4 and IPv6 address for your T-Mo service.

It says I am not on ip6, it only picks up a ipv6 on the local computer/network but it isn’t a valid ipv6 address for the internet

H
Badge

Ok, got off the phone with them a while ago, the tech support people said they will be pushing out new firmware to fix the issues. But who knows when that will be.

D
Badge

Well, some others have reported that some of their devices are hard coded with other dns providers. I have a smart thermostat and who knows what else that are dead and can’t connect till either they knock it off or I figure out a good work around.

Only fool proof work around that would turn everything back on is a whole network vpn to forward all traffic.

H
Badge

Well, some others have reported that some of their devices are hard coded with other dns providers. I have a smart thermostat and who knows what else that are dead and can’t connect till either they knock it off or I figure out a good work around.

Only fool proof work around that would turn everything back on is a whole network vpn to forward all traffic.

My VPN is broken. I got it connected over PPTP but it still shows T-Mobile as my carrier and not my VPN. So Idk if that will work. Also for some reason IPSec and IKEV VPN connections are broken!?

D
Badge

Check to make sure you are using their dns to start with before you initiate the vpn connection. I am using a software based vpn and it connects without issue.

If you are using a hardware appliance vpn, it might be hardcoded to use another dns (which should be a feature) so you will have to check the manual to modify the configuration to get it to work.

Once you establish the vpn connection you will be good, yes they can block it but it is unlikely as many people have these vpns to connect for work and many employers even ship vpn appliances to employees to enable them to have many company devices all separated out from the employee’s home network. 

If they had messed with this, now they would get businesses and some of their biggest corporate patrons upset.

H
Badge

Check to make sure you are using their dns to start with before you initiate the vpn connection. I am using a software based vpn and it connects without issue.

If you are using a hardware appliance vpn, it might be hardcoded to use another dns (which should be a feature) so you will have to check the manual to modify the configuration to get it to work.

Once you establish the vpn connection you will be good, yes they can block it but it is unlikely as many people have these vpns to connect for work and many employers even ship vpn appliances to employees to enable them to have many company devices all separated out from the employee’s home network. 

If they had messed with this, now they would get businesses and some of their biggest corporate patrons upset.

They actually told me on the phone IPSec and IKEV are not supported on their Dual-Stack system. Also I discovered my computer is only routing IPv4 Traffic to the VPN, when I turn off IPv6 on my physical NIC then everything goes through the VPN.

It’s all kinds of shifty.

T
Userlevel 2
Badge

One problem here is that we are only getting a /64 prefix for IPV6 from them… when we need more in reality.

I don’t think they thought we would have our own routers connected to the modem…  we should be able to make prefix requests to segment our own IPv6 for home networks with VLANs.

 

and yes, we get IPv6 addresses provided by the network.. but only /64 (single segment)

D
Badge

We don’t have all the same gateways, I can see the wider network is in ipv6 and so is the dns, but my gateway is only ipv4

C

I have learned that tmobile through the gateway (nokia at least) forces ipv6 pretty much. So by setting my ping ips to ipv6 i’ve solved most of the problems I was having. 

 

for cloudflare’s 1.1.1.1 & 1.0.0.1 : 
 

  • 2606:4700:4700::1111
  • 2606:4700:4700::1001

Reply


New badge winners

Show all badges
Terms & Conditions