Jump to content
Not connected, Your IP: 34.239.150.57
jollyroger

Bug? Eddie 2.18.9 macOS client restores DNS servers in wrong order

Recommended Posts

Posted ... (edited)

Eddie 2.18.9 for macOS 10.15.7 (19H2) running on a Mac Pro (2019)

I have these DNS servers set in System Preferences > Network > Advanced > DNS > DNS Servers:

10.0.0.5 - primary DNS server (my own local BIND daemon) is always the first in the list
10.0.0.1 - secondary DNS server (my router) - second in the list

When I disconnect from VPN, Eddie restores my DNS servers in the opposite order:

10.0.0.1 - since it is now listed first, my router becomes primary
10.0.0.5 - my own local BIND daemon should be primary, but is now secondary

For me this becomes a real problem because I run my own DNS server on my LAN at 10.0.0.5. When Eddie swaps the order of the DNS servers, 10.0.0.1 becomes the primary server, and since 10.0.0.1 is my router, my internal hostnames won't be found.

Eddie should never change the order of user's DNS entries!

Where do I go to submit this as a bug report? 

Edited ... by jollyroger

Share this post


Link to post

Curious. We should test this on Windows and macOS. Anyone willing to contribute, please do!
This cannot happen on Linux as a file is simply renamed and later named back there with the contents intact. But on Windows for example you'd need to issue certain commands right, maybe on macOS, too. So, yes:
 

50 minutes ago, jollyroger said:
Eddie should never change the order of user's DNS entries!

I agree. But before framing this as a bug, it must be verified.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Thanks for the reply, giganerd.

Another data point: I have noticed this happens on two different Macs, each running the latest versions of macOS & Eddie:

  • a 2019 Mac Pro
  • a 2019 16-inch MacBook Pro
I'll try to find time to test it in Windows 10, which I have installed as well. But I suspect it's done differently on Windows so may not be reproducible there.

Share this post


Link to post

Windows 10 2004 and Eddie 2.18.9 here, I couldn't produce this issue on my side. It remain the exact order during and after VPN.

I believes it is Mac issue, I remember reading several articles about Apple recently changed of how DNS operated via recent update. It is possible it is something to do with this.

Share this post


Link to post
3 hours ago, NoiselessOwl said:

I believes it is Mac issue, I remember reading several articles about Apple recently changed of how DNS operated via recent update. It is possible it is something to do with this.


Can you please make the effort of digging them up? Could be crucial info for the developers.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
15 minutes ago, giganerd said:

Can you please make the effort of digging them up? Could be crucial info for the developers.

Sure. I found some information about it. They are not easy to find for some reason, Google are not revealing much information about it. I remembered reading it last week. I am not expert regarding with this, hopefully it is the right information of what you need.
  • Cisco DNS Resolver - Even through it is for Cisco product, but they provides the information about the DNS changes in recent MacOS 11 update which hopefully would lead your team the right direction.
  • YCombinator - This article didn't discuss about the DNS but it is about Apple recent update changes with their app bypassing the firewall which I believe it correlated with the DNS issue (again, I'm not an expert, this is based on my guess). And there are an several discussion in the comment section about DNS which I believe would provide the clue about it. 

Share this post


Link to post
Posted ... (edited)

This is of course good info, but I wouldn't jump to any conclusion that this isn't a bug in Eddie just yet.

Also note: I am not running macOS 11. I am running 10.15.7.

Personally, I'm betting the bug is in Eddie code, probably in the command == "dns-switch-do" and/or command == "dns-switch-restore" cases of the Impl::Do method in the Mac client:

https://github.com/AirVPN/Eddie/blob/master/src/App.CLI.MacOS.Elevated/src/impl.cpp

You can see in command == "dns-switch-do", it runs a couple shell commands to get the list of DNS servers:

networksetup -listallnetworkservices - to get the list of network interface names such as "Ethernet 1" from the system:
 

# networksetup -listallnetworkservices 

An asterisk (*) denotes that a network service is disabled.
Ethernet 2
Ethernet 1
Thunderbolt FireWire
Wi-Fi
Bluetooth PAN 2
Thunderbolt Bridge
Thunderbolt Bridge 2
networksetup -getdnsservers interface_name - to get a list of DNS servers that are set for an interface
 
# networksetup -getdnsservers "Ethernet 1"

10.0.0.5
10.0.0.1

I can run these commands manually in a terminal and get the expected results.

In the command == "dns-switch-restore" case of the Impl::Do method, they restore the DNS servers using the same networksetup command-line tool with the -setdnsservers switch and a list of DNS servers obtained through an argument, params["dns"].

I haven't bothered looking into how that params["dns"] argument is stored internally by the client or what order the servers are in - but if they happen to store these servers in the wrong order, or retrieve them in the wrong order, that's all it would take to make this bug happen.
  Edited ... by jollyroger

Share this post


Link to post
2 hours ago, NoiselessOwl said:

YCombinator - This article didn't discuss about the DNS but it is about Apple recent update changes with their app bypassing the firewall which I believe it correlated with the DNS issue (again, I'm not an expert, this is based on my guess). And there are an several discussion in the comment section about DNS which I believe would provide the clue about it. 


Possible, but I doubt it. Someone around here already posted this a few days past and as I understood it it's a modification of a filter implementation, not a DNS change in any way.
 
2 hours ago, jollyroger said:

I haven't bothered looking into how that params["dns"] argument is stored internally by the client or what order the servers are in - but if they happen to store these servers in the wrong order, or retrieve them in the wrong order, that's all it would take to make this bug happen.


If you switch the servers, does Eddie restore the servers the other way around as well?

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Hi, don't need to fill a bugreport, i will check this.
Edit: confirmed, will be fixed in the next release

Share this post


Link to post
20 hours ago, giganerd said:
If you switch the servers, does Eddie restore the servers the other way around as well?

Interestingly, if the order is 10.0.0.1 first and 10.0.0.5 second, the order is restored correctly. 
Eddie seemingly only swaps them when the order is 10.0.0.5 first and 10.0.0.1 second.
It's almost as if the list gets sorted before/during restore.

Share this post


Link to post
6 hours ago, Clodo said:

Hi, don't need to fill a bugreport, i will check this.
Edit: confirmed, will be fixed in the next release


Excellent!  

Where can I view the code changes?  Is there a branch/clone/PR yet?

Share this post


Link to post
2 hours ago, jollyroger said:

Where can I view the code changes?  Is there a branch/clone/PR yet? 


If you look closely into that repository, you will see the commits are actually the releases. So the code changes will be seen when 2.19.5 is pushed, along with all the other bug fixes and feature additions. :)

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
21 hours ago, giganerd said:

If you look closely into that repository, you will see the commits are actually the releases. So the code changes will be seen when 2.19.5 is pushed, along with all the other bug fixes and feature additions. :)

Thanks, but I was hoping to view the code changes now, before release. 

Share this post


Link to post

I know, and in a perfect world there would be a bleeding-edge branch with such changes. But that's not AirVPN's style.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
1 hour ago, giganerd said:

I know, and in a perfect world there would be a bleeding-edge branch with such changes. But that's not AirVPN's style.

It appears, according to the linked thread, that the developers on these projects are keeping all pre-release code private until after release. I'm not sure I fully grok the supposed benefits of keeping code changes private until release though, or what exactly is being protected by this methodology...

When 2.19.5 does get pushed, will I see a particular commit in the repo related to this particular issue/change? Or will I have to dig through all changes in the entire release, hoping to figure out where the related code is? I'm really just interested to know what the bug was and how it was fixed - simple details really!

Also, is there some sort of schedule for releases that will tell mw when to expect 2.19.5 to be released?

Share this post


Link to post
5 hours ago, jollyroger said:

When 2.19.5 does get pushed, will I see a particular commit in the repo related to this particular issue/change? Or will I have to dig through all changes in the entire release, hoping to figure out where the related code is? I'm really just interested to know what the bug was and how it was fixed - simple details really!


That's what my intervention was also about over there – you will not be seeing any individual commits, ever. You can't test patches, you can't test individual commits, you can't reasonably fork the project and keep it synced with upstream without resolving a thousand merge conflicts every time a release is pushed. And yes, you will most likely have a difficult time understanding some changes. It is a very, very toxic practice.
 
5 hours ago, jollyroger said:
Also, is there some sort of schedule for releases that will tell mw when to expect 2.19.5 to be released?

There never is a roadmap, only rough timeframes given (if at all). And they are rarely met as of late. So if the developer says "will be released in the coming days", "will be released in the coming weeks" is closer to the truth, it pains me to write. ¯\_ (ツ)_/¯

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
On 10/30/2020 at 8:20 PM, jollyroger said:
When 2.19.5 does get pushed, will I see a particular commit in the repo related to this particular issue/change? Or will I have to dig through all changes in the entire release, hoping to figure out where the related code is? I'm really just interested to know what the bug was and how it was fixed - simple details really!
 

About the DNS issue, we have a class called IpAddresses (where previous DNS are stored in ram), that wrongly performs a sort that causes the issue, sort removed.
Sorry but in our current workflow, our team works on code-base on a private repo, and when a release (not necessarily a stable one, also a beta one) is ready, it's flushed in public GitHub.

Share this post


Link to post
2 hours ago, Clodo said:

About the DNS issue, we have a class called IpAddresses (where previous DNS are stored in ram), that wrongly performs a sort that causes the issue, sort removed.
Sorry but in our current workflow, our team works on code-base on a private repo, and when a release (not necessarily a stable one, also a beta one) is ready, it's flushed in public GitHub.
Excellent, thank you for the details.

I had suspected that a sort was somehow involved, and you have confirmed it. I appreciate the transparency. Thank you for the closure! 🙂👍🏼

I also understand there can be business reasons behind keeping pre-release code private, as I have worked in the corporate software development field for a long time, where this is common. 🙂

Have a good one!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...