With some more testing, I think this is, indeed, some sort of DNS bug.
On the Balance One, on my VLAN, I turned off the ‘Assign DNS Server automatically’ button, and instead put in the DNS IPs for my ISP:
I rebooted the IOT device, and immediately everything is working normally.
Here’s the packet capture when it starts working:
| no. | time | source | dest | Protocol | length | Info |
|---|---|---|---|---|---|---|
| 246336 | 405.138749 | 10.0.64.1 | 10.0.64.104 | ICMP | 110 | Destination unreachable (Port unreachable) |
| 246337 | 405.138770 | 10.0.64.1 | 10.0.64.104 | ICMP | 110 | Destination unreachable (Port unreachable) |
| 246704 | 406.153046 | 10.0.64.104 | 10.0.64.1 | DNS | 82 | Standard query 0x1234 A intouch2.geckoal.com |
| 246705 | 406.153053 | 10.0.64.104 | 10.0.64.1 | DNS | 82 | Standard query 0x1234 A intouch2.geckoal.com |
| 246706 | 406.153226 | 10.0.64.1 | 10.0.64.104 | ICMP | 110 | Destination unreachable (Port unreachable) |
| 246707 | 406.153247 | 10.0.64.1 | 10.0.64.104 | ICMP | 110 | Destination unreachable (Port unreachable) |
| 256921 | 422.397930 | 10.0.64.104 | 209.xx.xx.xx | DNS | 82 | Standard query 0x1234 A intouch2.geckoal.com |
| 256922 | 422.397937 | 10.0.64.104 | 209.xx.xx.xx | DNS | 82 | Standard query 0x1234 A intouch2.geckoal.com |
| 256927 | 422.410666 | 209.xx.xx.xx | 10.0.64.104 | DNS | 98 | Standard query response 0x1234 A intouch2.geckoal.com A 23.101.153.137 |
| 256928 | 422.410690 | 209.xx.xx.xx | 10.0.64.104 | DNS | 98 | Standard query response 0x1234 A intouch2.geckoal.com A 23.101.153.137 |