Jump to content
Not connected, Your IP: 3.15.12.95
abang

ipleak.net DNS zone is broken

Recommended Posts

ipleak.net DNS zone is broken!! Thats why it can't resolved from many DNS resolvers world wide. Main reason: AA bit not set in the answers. See
https://dnsviz.net/d/ipleak.net/dnssec/

Share this post


Link to post

I can confirm that the resolver of my ISP does not resolve ipleak.net currently. dig prints a SERVFAIL there.
ViewDNS remarks that the local nameservers don't answer authoritatively for ipleak.net which is what you wrote about the Authoritative Answer flag not being set.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

This occurs because we use PowerDNS software.

https://doc.powerdns.com/authoritative/appendices/FAQ.html

Quote

PowerDNS does not give authoritative answers, how come?

This is almost always not the case. An authoritative answer is recognized by the ‘AA’ bit being set. Many tools prominently print the number of Authority records included in an answer, leading users to conclude that the absence or presence of these records indicates the authority of an answer. This is not the case.

Verily, many misguided country code domain operators have fallen into this trap and demand authority records, even though these are fluff and quite often misleading. Invite such operators to look at section 6.2.1 of RFC 1034, which shows a correct authoritative answer without authority records. In fact, none of the non-deprecated authoritative answers shown have authority records!


IpLeak has this configuration since almost TEN years ago, it's very very difficult for us to think the issue is not yet resolved.
Anyway, this is still under investigation, but currently we can't fix, we can't replace PowerDNS.

Share this post


Link to post
2 hours ago, Clodo said:

This occur because we use PowerDNS software.

https://doc.powerdns.com/authoritative/appendices/FAQ.html


IpLeak have this configuration for almost TEN years, it's very very difficult for us to think it's not resolved for this.
Anyway, this is still under investigation, but currently we can't fix, we can't replace PowerDNS.

This conclusion is wrong. I did not talk about the "Authority records". I wrote, the AA-bit in the DNS Flags is not set. And this violates the DNS protocol! Actually a "PowerDNS Recursor" can not resolve your domain name because the AA-bit was not set. And this is not a PowerDNS fault! It must be a configuration fault.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...