Jump to content
Not connected, Your IP: 34.200.252.156
abang

ipleak.net DNS zone is broken

Recommended Posts

ipleak.net DNS zone is broken!! Thats why it can't resolved from many DNS resolvers world wide. Main reason: AA bit not set in the answers. See
https://dnsviz.net/d/ipleak.net/dnssec/

Share this post


Link to post

I can confirm that the resolver of my ISP does not resolve ipleak.net currently. dig prints a SERVFAIL there.
ViewDNS remarks that the local nameservers don't answer authoritatively for ipleak.net which is what you wrote about the Authoritative Answer flag not being set.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

This occurs because we use PowerDNS software.

https://doc.powerdns.com/authoritative/appendices/FAQ.html

Quote

PowerDNS does not give authoritative answers, how come?

This is almost always not the case. An authoritative answer is recognized by the ‘AA’ bit being set. Many tools prominently print the number of Authority records included in an answer, leading users to conclude that the absence or presence of these records indicates the authority of an answer. This is not the case.

Verily, many misguided country code domain operators have fallen into this trap and demand authority records, even though these are fluff and quite often misleading. Invite such operators to look at section 6.2.1 of RFC 1034, which shows a correct authoritative answer without authority records. In fact, none of the non-deprecated authoritative answers shown have authority records!


IpLeak has this configuration since almost TEN years ago, it's very very difficult for us to think the issue is not yet resolved.
Anyway, this is still under investigation, but currently we can't fix, we can't replace PowerDNS.

Share this post


Link to post
2 hours ago, Clodo said:

This occur because we use PowerDNS software.

https://doc.powerdns.com/authoritative/appendices/FAQ.html


IpLeak have this configuration for almost TEN years, it's very very difficult for us to think it's not resolved for this.
Anyway, this is still under investigation, but currently we can't fix, we can't replace PowerDNS.

This conclusion is wrong. I did not talk about the "Authority records". I wrote, the AA-bit in the DNS Flags is not set. And this violates the DNS protocol! Actually a "PowerDNS Recursor" can not resolve your domain name because the AA-bit was not set. And this is not a PowerDNS fault! It must be a configuration fault.

Share this post


Link to post

IPLeak resolves with my ISP's DNS servers now.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...