abang 2 Posted ... ipleak.net DNS zone is broken!! Thats why it can't resolved from many DNS resolvers world wide. Main reason: AA bit not set in the answers. See https://dnsviz.net/d/ipleak.net/dnssec/ Quote Share this post Link to post
OpenSourcerer 954 Posted ... I can confirm that the resolver of my ISP does not resolve ipleak.net currently. dig prints a SERVFAIL there.ViewDNS remarks that the local nameservers don't answer authoritatively for ipleak.net which is what you wrote about the Authoritative Answer flag not being set. Quote Hide OpenSourcerer's signature Hide all signatures » I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such. » The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets. » If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead. » If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon). » The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers. » Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again. Share this post Link to post
Clodo 137 Posted ... This occurs because we use PowerDNS software.https://doc.powerdns.com/authoritative/appendices/FAQ.html Quote PowerDNS does not give authoritative answers, how come?¶ This is almost always not the case. An authoritative answer is recognized by the ‘AA’ bit being set. Many tools prominently print the number of Authority records included in an answer, leading users to conclude that the absence or presence of these records indicates the authority of an answer. This is not the case. Verily, many misguided country code domain operators have fallen into this trap and demand authority records, even though these are fluff and quite often misleading. Invite such operators to look at section 6.2.1 of RFC 1034, which shows a correct authoritative answer without authority records. In fact, none of the non-deprecated authoritative answers shown have authority records! IpLeak has this configuration since almost TEN years ago, it's very very difficult for us to think the issue is not yet resolved. Anyway, this is still under investigation, but currently we can't fix, we can't replace PowerDNS. 1 Staff reacted to this Quote Share this post Link to post
abang 2 Posted ... 2 hours ago, Clodo said: This occur because we use PowerDNS software.https://doc.powerdns.com/authoritative/appendices/FAQ.html IpLeak have this configuration for almost TEN years, it's very very difficult for us to think it's not resolved for this. Anyway, this is still under investigation, but currently we can't fix, we can't replace PowerDNS. This conclusion is wrong. I did not talk about the "Authority records". I wrote, the AA-bit in the DNS Flags is not set. And this violates the DNS protocol! Actually a "PowerDNS Recursor" can not resolve your domain name because the AA-bit was not set. And this is not a PowerDNS fault! It must be a configuration fault. 1 1 Staff and OpenSourcerer reacted to this Quote Share this post Link to post
Clodo 137 Posted ... Hi, AA bit issue fixed, https://dnsviz.net/d/ipleak.net/dnssec/ . You can tell me if the issue is resolved? Thanks. Quote Share this post Link to post
OpenSourcerer 954 Posted ... IPLeak resolves with my ISP's DNS servers now. 1 Clodo reacted to this Quote Hide OpenSourcerer's signature Hide all signatures » I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such. » The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets. » If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead. » If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon). » The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers. » Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again. Share this post Link to post
abang 2 Posted ... 3 hours ago, Clodo said: Hi, AA bit issue fixed, https://dnsviz.net/d/ipleak.net/dnssec/ . You can tell me if the issue is resolved? Thanks. Good job! I can confirm it works now. Thanks!! Quote Share this post Link to post