abang 2 Posted ... ipleak.net DNS zone is broken!! Thats why it can't resolved from many DNS resolvers world wide. Main reason: AA bit not set in the answers. See https://dnsviz.net/d/ipleak.net/dnssec/ Quote Share this post Link to post
OpenSourcerer 1435 Posted ... I can confirm that the resolver of my ISP does not resolve ipleak.net currently. dig prints a SERVFAIL there.ViewDNS remarks that the local nameservers don't answer authoritatively for ipleak.net which is what you wrote about the Authoritative Answer flag not being set. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Clodo 176 Posted ... This occurs because we use PowerDNS software.https://doc.powerdns.com/authoritative/appendices/FAQ.html Quote PowerDNS does not give authoritative answers, how come?¶ This is almost always not the case. An authoritative answer is recognized by the ‘AA’ bit being set. Many tools prominently print the number of Authority records included in an answer, leading users to conclude that the absence or presence of these records indicates the authority of an answer. This is not the case. Verily, many misguided country code domain operators have fallen into this trap and demand authority records, even though these are fluff and quite often misleading. Invite such operators to look at section 6.2.1 of RFC 1034, which shows a correct authoritative answer without authority records. In fact, none of the non-deprecated authoritative answers shown have authority records! IpLeak has this configuration since almost TEN years ago, it's very very difficult for us to think the issue is not yet resolved. Anyway, this is still under investigation, but currently we can't fix, we can't replace PowerDNS. 1 Staff reacted to this Quote Share this post Link to post
abang 2 Posted ... 2 hours ago, Clodo said: This occur because we use PowerDNS software.https://doc.powerdns.com/authoritative/appendices/FAQ.html IpLeak have this configuration for almost TEN years, it's very very difficult for us to think it's not resolved for this. Anyway, this is still under investigation, but currently we can't fix, we can't replace PowerDNS. This conclusion is wrong. I did not talk about the "Authority records". I wrote, the AA-bit in the DNS Flags is not set. And this violates the DNS protocol! Actually a "PowerDNS Recursor" can not resolve your domain name because the AA-bit was not set. And this is not a PowerDNS fault! It must be a configuration fault. 1 1 Staff and OpenSourcerer reacted to this Quote Share this post Link to post
Clodo 176 Posted ... Hi, AA bit issue fixed, https://dnsviz.net/d/ipleak.net/dnssec/ . You can tell me if the issue is resolved? Thanks. Quote Share this post Link to post
OpenSourcerer 1435 Posted ... IPLeak resolves with my ISP's DNS servers now. 1 Clodo reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
abang 2 Posted ... 3 hours ago, Clodo said: Hi, AA bit issue fixed, https://dnsviz.net/d/ipleak.net/dnssec/ . You can tell me if the issue is resolved? Thanks. Good job! I can confirm it works now. Thanks!! Quote Share this post Link to post