Jump to content
Not connected, Your IP: 3.231.229.89
marc_canaranya

AirVPN DNS server not resolving domain

Recommended Posts

When trying to access the site at ibsalut.es, the AirVPN server doesn't find the IP while other DNS servers do:
 

Quote

~
❯ host ibsalut.es 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases: 

ibsalut.es has address 195.76.89.47
ibsalut.es mail is handled by 10 smtp.ibsalut.es.

~
❯ host ibsalut.es 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases: 

ibsalut.es has address 195.76.89.47
ibsalut.es mail is handled by 10 smtp.ibsalut.es.

~
❯ host ibsalut.es 10.4.0.1
Using domain server:
Name: 10.4.0.1
Address: 10.4.0.1#53
Aliases: 

Host ibsalut.es not found: 2(SERVFAIL)


Is there any way of fixing this while continuing to use AirVPN's DNS servers?

Share this post


Link to post

Can seemingly confirm with Kitalpha.
 

$ dig a in ibsalut.es

; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> a in ibsalut.es
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 11105
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ibsalut.es.                    IN      A

;; Query time: 3524 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fr Okt 11 18:35:23 CEST 2019
;; MSG SIZE  rcvd: 39

$ dig a in ibsalut.es @192.168.110.1

; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> a in ibsalut.es @192.168.110.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28857
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ibsalut.es.                    IN      A

;; ANSWER SECTION:
ibsalut.es.             86400   IN      A       195.76.89.47

;; Query time: 101 msec
;; SERVER: 192.168.110.1#53(192.168.110.1)
;; WHEN: Fr Okt 11 18:35:37 CEST 2019
;; MSG SIZE  rcvd: 55


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

I keep on finding domains that can't be resolved with AirVPN's servers:
 

Quote

❯ host pirates.cat
Host pirates.cat not found: 2(SERVFAIL)

❯ host pirates.cat 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases: 

pirates.cat has address 51.15.15.212
pirates.cat mail is handled by 1 correu.pirates.cat.
pirates.cat mail is handled by 10 capita.pirates.cat.

Share this post


Link to post

ibsalut.es works now, it returns an IP for me.

$ dig a in ibsalut.es +trace

; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> a in ibsalut.es +trace
;; global options: +cmd
.                       84953   IN      NS      c.root-servers.net.
.                       84953   IN      NS      a.root-servers.net.
.                       84953   IN      NS      e.root-servers.net.
.                       84953   IN      NS      b.root-servers.net.
.                       84953   IN      NS      f.root-servers.net.
.                       84953   IN      NS      m.root-servers.net.
.                       84953   IN      NS      d.root-servers.net.
.                       84953   IN      NS      l.root-servers.net.
.                       84953   IN      NS      h.root-servers.net.
.                       84953   IN      NS      j.root-servers.net.
.                       84953   IN      NS      i.root-servers.net.
.                       84953   IN      NS      g.root-servers.net.
.                       84953   IN      NS      k.root-servers.net.
.                       84953   IN      RRSIG   NS 8 0 518400 20191118170000 20191105160000 22545 . kickrXaLRvHuQB6I6m99GuNsQNDwh5SIGJFb21YdeXD/cUMRJEHYTUzb JtdOA1iUa5IbQZluyZJS31CrV6JGhOFXbrf8dIjsbgUGHTsbjPbjjTo6 pR69w2DHCW6ig1PkL8KMW4eN8JQj0BSf+BrShlmAQnbvl8Kyj7ihRx4V BozLJ2Dwct5nL8QdJnyUhRqQaW2kqOj86OCOvlh1k/gayIKwPSID0cy2 ZXW7nNCCrX4xPLBp9bl3CSukpBtzQJWHQOLfEeUOw7PGyRP/DorWkgJ1 viwC+QCikyYoPYK4cj79sGpIBYdv+ptl5/PTAadyRBgAcRuruIlR0btw eEyv0g==
;; Received 525 bytes from 192.168.110.22#53(192.168.110.22) in 44 ms

es.                     172800  IN      NS      ns1.cesca.es.
es.                     172800  IN      NS      ns-es.nic.fr.
es.                     172800  IN      NS      ns-ext.nic.cl.
es.                     172800  IN      NS      h.nic.es.
es.                     172800  IN      NS      f.nic.es.
es.                     172800  IN      NS      a.nic.es.
es.                     172800  IN      NS      g.nic.es.
es.                     172800  IN      NS      sns-pb.isc.org.
es.                     86400   IN      DS      29450 8 1 417BEAFB46ABF3430B75C5C29AEF785D476B60E1
es.                     86400   IN      DS      29450 8 2 8BEC32A2C9CFE42E393BAF81FFE71B521D3E940612A4590B4763ADC5 39E4B563
es.                     86400   IN      RRSIG   DS 8 1 86400 20191118170000 20191105160000 22545 . iGlKUvJtOXaRRmH/K4yc9J2/GRgrKWMZrKj3ONXRjNs7owLcosKdgIP1 dtP47nb65rUPIoxIuGybAZog3uYt8aL4QGdgEn/zzbQcofJnPwZSerHK nYqnZ83K6i2MX1uz2KCt2Lg/5j6Bu+Wvc77deLXLl77jz28xYzaqM41C jTDlwvHNm28MHhFiZeXv9u5A6AG/qz3tFE9cYCnNTsKjG9jiB7UFFE34 eijXtcKHPeqKK7ghp7HAg54RbrBEiS9qfGhnrPmv7xRdWHNUUr/0TQ4z u7rT1nCfZ9/q0UUI/XJ3XnRIetAGITVcD57kHizl7Cu6NvJ+sAxCFV7v W0Z1ZA==
;; Received 935 bytes from 202.12.27.33#53(m.root-servers.net) in 24 ms

ibsalut.es.             86400   IN      NS      ns1.ssib.es.
ibsalut.es.             86400   IN      NS      ns2.ssib.es.
ouos11a8str8ujfj43d8lnkjvsg5tn80.es. 86400 IN NSEC3 1 1 5 80B353D46FBB5584 OUSJRFUFLHV7BCSINCL2MU7V9QVVLRBQ NS SOA RRSIG DNSKEY NSEC3PARAM
ouos11a8str8ujfj43d8lnkjvsg5tn80.es. 86400 IN RRSIG NSEC3 8 2 86400 20191117075707 20191103000814 2109 es. dDyc9DHqmA5qhbtIHsJpVDy6/saK1IKcttRjiIXrMpGSubVMVq1vsL51 LYmylCYnxIZtE/W7yjsusXaMExWgFkfhxJObHz0BOnYIOiF1dNc2OP9a UJ+WvHhLaeJwhCFk+UMmcdvduAIoXAxzmjhzMFg2YHkAtaB9k3Jb7lTx bm4=
gbtnakf83b5leabqr50sp7jr8909mbf9.es. 86400 IN NSEC3 1 1 5 80B353D46FBB5584 GC1RR1FFC7CPVGATL08G8F2EL4N1L1I9 NS DS RRSIG
gbtnakf83b5leabqr50sp7jr8909mbf9.es. 86400 IN RRSIG NSEC3 8 2 86400 20191117060930 20191103000814 2109 es. KpxtJzLV51gusRxqpz8HOk8PYXm89Jv5kpQMGOqhwNK1ks4i9PbiY0xT Xa7ut/fyf+CEHNEOGP3hGyRlIrcWlJXunlfjSOdV8env7Mh3eHC4Byhb OTIDD9Bz69GNTYU66Mk9U3dVFNFxlwidJIXyRgo1zB9iZAEH/ZljaFNN hSU=
;; Received 611 bytes from 2001:67c:21cc:2000::64:41#53(a.nic.es) in 45 ms

ibsalut.es.             259200  IN      A       195.76.89.47
ibsalut.es.             259200  IN      NS      ns2.ssib.es.
ibsalut.es.             259200  IN      NS      dns1.ibsalut.es.
ibsalut.es.             259200  IN      NS      ns1.ssib.es.
ibsalut.es.             259200  IN      NS      dns2.ibsalut.es.
ibsalut.es.             259200  IN      NS      ns2.ibsalut.es.
ibsalut.es.             259200  IN      NS      ns1.ibsalut.es.
;; Received 266 bytes from 195.76.89.38#53(ns1.ssib.es) in 56 ms

 


According to ViewDNS, pirates.cat has some serious issues with its DNS configuration. The only way I found to resolve this correctly is to use a recursive query, after which the IP was cached for me.

$ dig a in pirates.cat  

; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> a in pirates.cat
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 28689
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pirates.cat.                   IN      A

;; Query time: 2870 msec
;; SERVER: 192.168.110.22#53(192.168.110.22)
;; WHEN: Di Nov 05 18:24:13 CET 2019
;; MSG SIZE  rcvd: 40

$ dig a in pirates.cat +recurse

; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> a in pirates.cat +recurse
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40642
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pirates.cat.                   IN      A

;; ANSWER SECTION:
pirates.cat.            7200    IN      A       51.15.15.212

;; Query time: 243 msec
;; SERVER: 192.168.110.22#53(192.168.110.22)
;; WHEN: Di Nov 05 18:24:55 CET 2019
;; MSG SIZE  rcvd: 56


It suggests that the other DNS servers are only able to resolve this because they might use recursive lookups as a fallback, or because the nameserver addresses are already cached for them. Right now pirates.cat domain seems unresolvable iteratively.

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...