Jump to content
Not connected, Your IP: 52.14.252.16
Sign in to follow this  
stevevarney

Failed DNS Lookup

Recommended Posts

Whenever I enter an invalid web address such as www.xecrtre.com I get redirected to the RoadRunner invalid DNS lookup page (http://dnssearch.rr.com/index.php?origURL=http%3A//www.xecrtre.com/&r=)

This might make sense for USA based servers if the ISP hosting the VPN traffic is RoadRunner, but it doesn't make sense to me when connected to the non-USA based VPN servers. Anyone have any idea why this behaves like this? I would expect a different DNS not found message for non-USA based servers. Anyone have any idea what is going on here?

Share this post


Link to post

stevevarney wrote:

Whenever I enter an invalid web address such as www.xecrtre.com I get redirected to the RoadRunner invalid DNS lookup page (http://dnssearch.rr.com/index.php?origURL=http%3A//www.xecrtre.com/&r=)

This might make sense for USA based servers if the ISP hosting the VPN traffic is RoadRunner, but it doesn't make sense to me when connected to the non-USA based VPN servers. Anyone have any idea why this behaves like this? I would expect a different DNS not found message for non-USA based servers. Anyone have any idea what is going on here?

Hello!

This is not normal. Please check your network, DNS (does your system accept DNS push from our server?) and host file settings.

Perform a small test too, please: when connected to a VPN server, browse to http://rojadirecta.com. Do you see the ICE domain seizure page, or the real RojaDirecta website?

Can you also please send us an OpenVPN connection log? Which OS are you using?

Kind regards

AirVPN

Share this post


Link to post

Using Windows 7 64-bit.

I don't think OpenVPN ever pulled down any config files as part of the install. The config and log directories are empty and the OpenVPN taskbar icon is red. Looks like an installation issue.

What exactly do you want me to check on the hosts file? Also, how can I check if DNS push is enabled or not. Thanks.

Share this post


Link to post

stevevarney wrote:

Using Windows 7 64-bit.

I don't think OpenVPN ever pulled down any config files as part of the install. The config and log directories are empty and the OpenVPN taskbar icon is red. Looks like an installation issue.

What exactly do you want me to check on the hosts file? Also, how can I check if DNS push is enabled or not. Thanks.

Hello!

If you are using the AirVPN client you don't need to download any file. Configuration, certificates and private key files are necessary and must be stored in your OpenVPN config directory if you connect directly with OpenVPN. You can obtain all those files (after you log in the website) through the menu "Member"->"Access without our client", choosing server and port and downloading the air.zip package that our system prepares for you.

The following information might help us give you proper support:

- configuration of your TUN adapter when you are connected to an AirVPN server (you can obtain it by opening a shell and typing "ipconfig /all")

- connection log (right-click on the Air dock icon, select "Logs"; a window will pop-up, click on "Copy to clibpboard" then paste on the forum)

- result of the test with http://rojadirecta.com (do you see the ICE domain seizure page, or the real RojaDirecta website?)

About the host file, please check that there are no anomalous entries.

Kind regards

AirVPN admins

Share this post


Link to post

When I connect to the rojadirecta.com website, I see the real site and not the ICE seizure page. Interestingly, I see the real site even when not connected through the VPN.

It appears then that I'm connecting through the VPN OK. However, when the AirVPN client connects, I don't see any UDP info above the connected message on the lower right of the dialog box (unlike the example on your setup page).

As a test, I generated and downloaded a config file for the German server and connect using OpenVPN directly. When I typed an invalid IP address is the web browser, I still got the RoadRunner invalid DNS page. So it may be a config issue on my end, just not sure why.

The ipconfig data looked OK, but I didn't want to paste it all here. Anything in particular you want me to check in the output?

Here is the connection log from AirVPN:

AirVPN client version: 1.5

OpenVPN bundle version: OpenVPN 2.2.1

OpenVPN current version: OpenVPN 2.2.1

Ready.

Login...

Login success.

Contacting service...

Connecting...

OpenVPN 2.2.1 Win32-MSVC++ [sSL] [LZO2] built on Jul 1 2011

NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

LZO compression initialized

Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

Socket Buffers: R=[8192->8192] S=[8192->8192]

Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

Local Options hash (VER=V4): '22188c5b'

Expected Remote Options hash (VER=V4): 'a8f55717'

UDPv4 link local: [undef]

UDPv4 link remote: 108.59.8.147:443

TLS: Initial packet from 108.59.8.147:443, sid=5c493d1e a2faac64

VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

VERIFY OK: nsCertType=SERVER

VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

[server] Peer Connection Initiated with 108.59.8.147:443

SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.4.0.46 10.4.0.45'

OPTIONS IMPORT: timers and/or timeouts modified

OPTIONS IMPORT: LZO parms modified

OPTIONS IMPORT: --ifconfig/up options modified

OPTIONS IMPORT: route options modified

OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

ROUTE default_gateway=192.168.1.1

TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{BC40E4F0-2358-4824-AC4D-6EBADC5E4FA9}.tap

TAP-Win32 Driver Version 9.8

TAP-Win32 MTU=1500

Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.4.0.46/255.255.255.252 on interface {BC40E4F0-2358-4824-AC4D-6EBADC5E4FA9} [DHCP-serv: 10.4.0.45, lease-time: 31536000]

Successful ARP Flush on interface [20] {BC40E4F0-2358-4824-AC4D-6EBADC5E4FA9}

TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up

C:\WINDOWS\system32\route.exe ADD 108.59.8.147 MASK 255.255.255.255 192.168.1.1

ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4

Route addition via IPAPI succeeded [adaptive]

C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.4.0.45

ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4

Route addition via IPAPI succeeded [adaptive]

C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.4.0.45

ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4

Route addition via IPAPI succeeded [adaptive]

C:\WINDOWS\system32\route.exe ADD 10.4.0.1 MASK 255.255.255.255 10.4.0.45

ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4

Route addition via IPAPI succeeded [adaptive]

Initialization Sequence Completed

Starting Management Interface...

Checking...

Retrieve statistics...

Connected.

Share this post


Link to post

stevevarney wrote:

When I connect to the rojadirecta.com website, I see the real site and not the ICE seizure page. Interestingly, I see the real site even when not connected through the VPN.

Hello!

Probably it's just DNS caching. Try to flush the cache and see if you can get rid of that RoadRunner webpage. There is another chance, though, i.e. when you type in an url which can't be resolved by Air, your system falls back to your default DNS server (check them and change them if it's the case) and sends a DNS query which is unencrypted outside the tunnel. This should be investigated deeply because can weaken significantly the "anonymity layer". Just monitor your connections to discover if it's the case (it can be fixed, it's called "DNS leakage").

The ipconfig data looked OK, but I didn't want to paste it all here. Anything in particular you want me to check in the output?

Only the TUN interface (there are no privacy compromising info there) to see if the DNS server is correctly pushed in the connection (check yourself, it must be in the IP range of AirVPN net, for example 10.4.0.1 for connections on the 443 UDP).

Here is the connection log from AirVPN:

The logs are just fine.

Kind regards

Share this post


Link to post

It looks like it is a DNS issue. I changed my IP settings to use a public DNS server (rather than my ISP's) and the problem went away. Any invalid IP addresses resolve as not found. Looks like that was the issue. Thanks for all your help!

Share this post


Link to post

I found a good DNS leak test site for those who are interested: www.dnsleaktest.com. If you suspect you have a DNS leak, this site will help you diagnose and resolve. The site is slow, but it gets the job done.

Share this post


Link to post

I found out I had a DNS leak.

One fix I found is to use Google's Public DNS instead of your ISPs. This will get rid of the DNS server that your own ISP provides in your network connection.

It takes literally 1-2 more seconds for sites to load, so it's not really noticeable but it's a shame your speed is slightly reduced.

Share this post


Link to post

blakvoid wrote:

I found out I had a DNS leak.

One fix I found is to use Google's Public DNS instead of your ISPs. This will get rid of the DNS server that your own ISP provides in your network connection.

It takes literally 1-2 more seconds for sites to load, so it's not really noticeable but it's a shame your speed is slightly reduced.

Hello!

We realize it's not uncommon to find DNS leaks under various Windows OS, including Windows 7.

DNS leakage means that a DNS query is sent unencrypted outside the tunnel. It is not OpenVPN responsability, it is due to the OS. A DNS leak may happen when the system falls back to the standard DNS for the main interface adapter and does not use the DNS pushed to the TUN/TAP adapter. Therefore your ISP or any "Man In The Middle" could intercept and read the query.

"Fallback" may be caused for example by inability of AirVPN to resolve an address (for example if a non-existent url is typed into a browser). In this case there is no particular risk to compromise anonymity, since the ISP or the MITM can see requests to non-existing domain names. Unfortunately, DNS leaks may happen even when a valid name is resolved.

Under Windows, DNS queries are sent out by svchost.exe. When you connect to AirVPN, your TUN/TAP adapter will have an address of the type 10.x.*.*, where 4https://airvpn.org/index.php?option=com_content&view=article&id=74&Itemid=141 for more details).

With the above information, it's easy to prevent DNS leaks. Use a firewall to block, when connected to an AirVPN server, any outgoing connection by svchost.exe not originating from the TUN/TAP address.

The same method may be use to secure any other application (to make sure, for example, that they don't send out data if the connection drops) or to secure all your network so that no data get out when you are not connected to the VPN.

According to the firewall you use details may vary, but the principle is the same.

In the screenshot you can see an example of DNS leak fix under Windows with the Comodo Firewall using "Network Security Policy" for svchost.exe.

Just remember that if you set this firewall rule as general, you will need to drop it when you are not connected to the VPN, otherwise you will not be able to resolve domain names anymore.

Please do not hesitate to contact us for any further information.

Kind regards Posted Image

DNS_Leak_Fix_Comodo_Example.png

Share this post


Link to post

Posted Image

Does this warning message affect the outcome?

Posted Image

And then, is it as simple as this? Or do I need to customise ports etc? through the custom option?

** Also, if I were to use Comodo firewall, could I use the same Start IP and End IP that are shown in your screenshot? I am quite confused if I need to do anything else.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...