Hi all, @noris,
thank you all for your responses ! I was glad to read that some of your problems where solved so I signed in to Qobuz again in the RoonApp Services tab.
When I tried to load the Qobuz Menu item in the RoonApp, nothing happened and I got the same error. So, @noris, the issue you resolved had no effect on the error I encountered.
But… I found out what caused it…
Doing a tail on the log files I noticed that Roonserver does a lot of requests to the host “metadataserver<.>roonlabs<.>net” and that this request returns a failure code later on in the log.
Excerpt from .RoonServer/Logs/RoonServer_log.txt
Trace: [metadatasvc] REQ [xx] hxxps://metadataserver.roonlabs.net/md/4/qobuz/featured/albums?uid= <…>
Warn: Error in web request hxxps://metadataserver.roonlabs.net/md/4/qobuz/featured/albums?uid= <…> NetworkError (Error: ConnectFailure (Connection timed out))
So, it looks like there is something wrong with “metadataserver<.>roonlabs<.>net”. I did a nslookup on it and found out it lives on 35.244.225.31 and that a reverse lookup on this IP address resolves to “31<.>225<.>244<.>35<.>bc<.>googleusercontent<.>com.”
nslookup “metadataserver<.>roonlabs<.>net”:
“metadataserver<.>roonlabs<.>net” canonical name = “roonlabs<.>net”
Name: “roonlabs<.>net”
Address: 35.244.225.31
Reverse lookup:
31.225.244.35.in-addr.arpa name = “31<.>225<.>244<.>35<.>bc<.>googleusercontent<.>com.”
When I searched my logging for IP address 35.244.225.31, I found out my firewall is blocking all traffic from my RoonServer to and from 35.244.225.31
Looking in the firewall logging I found out my firewall detected suspicious inbound traffic on February 17 and 18 and classified it as a Stealth Scan.
The reverse ip address points to a domain with a reverse address that didn’t match the A record so the IP address ended up on a watch-list…
Feb 17 10:10:00 xxx kernel: […] Stealth scan? (UNPRIV): IN=eth1 OUT= MAC= SRC=35.244.225.31 DST=x.x.x.x LEN=810 TOS=0x00 PREC=0x00 TTL=123 ID=38679 PROTO=TCP SPT=443 DPT=50720 WINDOW=248 RES=0x00 ACK PSH URGP=0
Feb 17 18:21:31 xxx kernel: […] Stealth scan? (UNPRIV): IN=eth1 OUT= MAC= SRC=35.244.225.31 DST=x.x.x.x LEN=810 TOS=0x00 PREC=0x00 TTL=123 ID=25185 PROTO=TCP SPT=443 DPT=54428 WINDOW=244 RES=0x00 ACK PSH URGP=0
Feb 18 22:53:55 xxx kernel: […] Stealth scan? (UNPRIV): IN=eth1 OUT= MAC= SRC=35.244.225.31 DST=x.x.x.x LEN=585 TOS=0x00 PREC=0x00 TTL=123 ID=51465 PROTO=TCP SPT=443 DPT=37332 WINDOW=458 RES=0x00 ACK PSH URGP=0
On February 24 another scan took place and the firewall started blocking all traffic to and from this address
Feb 24 18:17:40 xxx kernel: […] Stealth scan? (UNPRIV): IN=eth1 OUT= MAC= SRC=35.244.225.31 DST=x.x.x.x LEN=585 TOS=0x00 PREC=0x00 TTL=123 ID=91187 PROTO=TCP SPT=443 DPT=37332 WINDOW=458 RES=0x00 ACK PSH URGP=0
Feb 24 18:17:41 xxx kernel: […] Blocked host(s): IN=eth1 OUT= SRC=35.244.225.31 DST=x.x.x.x LEN=585 TOS=0x00 PREC=0x00 TTL=123 ID=91187 PROTO=TCP SPT=443 DPT=37332 WINDOW=458 RES=0x00 SYN URGP=0
…
Mar 3 13:20:44 xxx kernel: […] Blocked host(s): IN= OUT=eth1 SRC=x.x.x.x DST=35.244.225.31 LEN=60 TOS=0x08 PREC=0x00 TTL=64 ID=50042 PROTO=TCP SPT=47230 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0
So… after finding out what caused it, I took the IP address and hostnames of the blacklist and entered them in the whitelist, restarted my firewall and Roonserver and tried to load the Qobuz Menu item in the RoonApp again and …
All is back to normal and the Mar 3, 13:20:44 firewall log entry was the last one I saw !
But why did I notice this yesterday if this all started on February 24th ? Because I was traveling for the past 10 day’s and the rest of the family only listen to (low-res) internet radio stations. They are not used to Qobuz yet
It would be interesting to know why my firewall detected scans from “roonlabs<.>net”… Is there anyone at RoonLabs who knows why this happens ?
Best regards,
larsh
PS: Sorry for all the obfuscation of host names and links but I can’t post links in the forum as a new user…