Jump to content
Not connected, Your IP: 3.236.13.53
AirVPN
abang

ipleak.net DNS zone is broken

By abang, ... in IP Leak

Recommended Posts

abang    2

abang
Posted ...

ipleak.net DNS zone is broken!! Thats why it can't resolved from many DNS resolvers world wide. Main reason: AA bit not set in the answers. See
https://dnsviz.net/d/ipleak.net/dnssec/

Share this post

Link to post

OpenSourcerer    1032

OpenSourcerer
Posted ...

I can confirm that the resolver of my ISP does not resolve ipleak.net currently. dig prints a SERVFAIL there.
ViewDNS remarks that the local nameservers don't answer authoritatively for ipleak.net which is what you wrote about the Authoritative Answer flag not being set.

» I am not an AirVPN team member. All opinions are my own and are not official. Refer to Staff postings for the official word.

» These are the community forums, not the support portal. You're writing with other users here.

» New here? LZ1's New User Guide to AirVPN. Use the search function, Luke!

» Tor exits behind a VPN connection are discouraged. Using Tor on the other hand is not.

 

» Privacy is like alcohol: Drink a little and it can help you stay unnoticed. Drink a lot and everyone will notice you.

» I cannot give you the solution to all your issues. But I can guide you to it. The rest is up to you.

Share this post

Link to post

Clodo    144

Clodo
Posted ...

This occurs because we use PowerDNS software.

https://doc.powerdns.com/authoritative/appendices/FAQ.html

Quote

PowerDNS does not give authoritative answers, how come?

This is almost always not the case. An authoritative answer is recognized by the ‘AA’ bit being set. Many tools prominently print the number of Authority records included in an answer, leading users to conclude that the absence or presence of these records indicates the authority of an answer. This is not the case.

Verily, many misguided country code domain operators have fallen into this trap and demand authority records, even though these are fluff and quite often misleading. Invite such operators to look at section 6.2.1 of RFC 1034, which shows a correct authoritative answer without authority records. In fact, none of the non-deprecated authoritative answers shown have authority records!


IpLeak has this configuration since almost TEN years ago, it's very very difficult for us to think the issue is not yet resolved.
Anyway, this is still under investigation, but currently we can't fix, we can't replace PowerDNS.
Staff reacted to this

Share this post

Link to post

abang    2

abang
Posted ...
2 hours ago, Clodo said:

This occur because we use PowerDNS software.

https://doc.powerdns.com/authoritative/appendices/FAQ.html


IpLeak have this configuration for almost TEN years, it's very very difficult for us to think it's not resolved for this.
Anyway, this is still under investigation, but currently we can't fix, we can't replace PowerDNS.

This conclusion is wrong. I did not talk about the "Authority records". I wrote, the AA-bit in the DNS Flags is not set. And this violates the DNS protocol! Actually a "PowerDNS Recursor" can not resolve your domain name because the AA-bit was not set. And this is not a PowerDNS fault! It must be a configuration fault.
OpenSourcerer and Staff reacted to this

Share this post

Link to post

OpenSourcerer    1032

OpenSourcerer
Posted ...

IPLeak resolves with my ISP's DNS servers now.

Clodo reacted to this

» I am not an AirVPN team member. All opinions are my own and are not official. Refer to Staff postings for the official word.

» These are the community forums, not the support portal. You're writing with other users here.

» New here? LZ1's New User Guide to AirVPN. Use the search function, Luke!

» Tor exits behind a VPN connection are discouraged. Using Tor on the other hand is not.

 

» Privacy is like alcohol: Drink a little and it can help you stay unnoticed. Drink a lot and everyone will notice you.

» I cannot give you the solution to all your issues. But I can guide you to it. The rest is up to you.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...