Jump to content
Not connected, Your IP: 52.203.18.65

Recommended Posts

@Karmatron

Hello!

You failed to follow the guidelines in your last messages. When you do so you don't help us effectively. Please follow the guidelines before publishing in this thread, thank you in advance.

About asnbank.nl we agree, the situation is probably caused by a block by the bank against VPN, Tor etc. and this event is alien to the topic issue.

Kind regards
 

Share this post


Link to post
4 hours ago, Staff said:
@Karmatron

Hello!

You failed to follow the guidelines in your last messages. When you do so you don't help us effectively. Please follow the guidelines before publishing in this thread, thank you in advance.

About asnbank.nl we agree, the situation is probably caused by a block by the bank against VPN, Tor etc. and this event is alien to the topic issue.

Kind regards
 

That last port was a flollow up on the post before and te infor provided there was applicable. I should have made that clear.

Funny enough, on Alphirk I am able to connect to the ASNbank.nl right now. On Laraweg I am not. Both connected with Wireguard  DNS blocking list all off.

On Laraweg I get the following error fater a while.
 
Secure Connection Failed

An error occurred during a connection to www.asnbank.nl. PR_CONNECT_RESET_ERROR

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the web site owners to inform them of this problem.


NSlookup on Laraweg: nslookup asnbank.nl
Server:  UnKnown
Address:  10.128.0.1

Non-authoritative answer:
Name:    asnbank.nl
Address:  194.53.208.80

NSlookup on Alphirk: nslookup asnbank.nl
Server:  UnKnown
Address:  10.128.0.1

Non-authoritative answer:
Name:    asnbank.nl
Address:  194.53.208.80

No difference there, so no DNS problem imho.

Share this post


Link to post
Posted ... (edited)

Also: 14 Jan 2022 12:50-13:00 (uncertain on exact time
(Following failure, switched VPN off, reverting to ISP's DNS and it immediately worked, switched VPN back on and it continued to work (IP address now cached?, reconnect reconnected to same AirVPN server)
 

  • the fully qualified domain name you could not resolve: wildaboutthebritishisles.uk
  • the server you were connected to: chow
  • the connection mode and protocol (some OpenVPN mode or WireGuard): OpenVPN
  • the DNS block lists you had active, if any: No lists a few custom domains
  • the complete output of the command dig or nslookup pertaining to the "problematic" domain name:

    ; <<>> DiG 9.10.6 <<>> wildaboutthebritishisles.uk

    ;; global options: +cmd

    ;; Got answer:

    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59754

    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

     

    ;; OPT PSEUDOSECTION:

    ; EDNS: version: 0, flags:; udp: 4096

    ;; QUESTION SECTION:

    ;wildaboutthebritishisles.uk. IN A

     

    ;; Query time: 3767 msec

    ;; SERVER: 10.14.80.1#53(10.14.80.1)

    ;; WHEN: Fri Jan 14 12:57:40 GMT 2022

    ;; MSG SIZE  rcvd: 56

     

Edited ... by Psamathe
Additional info

Share this post


Link to post

Another: 

As with previous reports, switch VPN off and thus DNS to ISPs DNS and it immediately works. Switch VPN back on (to same server) and it continues to work (IP addressed cached). Was working fine over last few days (but I have no idea when the name was last resolved nor it's TTL so last few days may have been on a chached IP?

  • the fully qualified domain name you could not resolve: cycle.travel
  • the server you were connected to: Carinae
  • the connection mode and protocol (some OpenVPN mode or WireGuard): OpenVPN (UDP)
  • the DNS block lists you had active, if any: No lists, couple of marketing domains
  • the complete output of the command dig or nslookup pertaining to the "problematic" domain name

; <<>> DiG 9.10.6 <<>> cycle.travel

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47552

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;cycle.travel. IN A

 

;; Query time: 3951 msec

;; SERVER: 10.12.208.1#53(10.12.208.1)

;; WHEN: Sun Jan 16 17:26:36 GMT 2022

;; MSG SIZE  rcvd: 41


Switching to Mirach (Netherlands, UDP) dig gives

; <<>> DiG 9.10.6 <<>> cycle.travel

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62942

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;cycle.travel. IN A

 

;; Query time: 6437 msec

;; SERVER: 10.24.48.1#53(10.24.48.1)

;; WHEN: Sun Jan 16 17:41:15 GMT 2022

;; MSG SIZE  rcvd: 41

 

After switching VPN off, using ISP's DNS which resolved name, reconnect to VPN (same server Carinae UDP), site working fine (IP cached) but dig (through VPN Carinae UDP still gives):

; <<>> DiG 9.10.6 <<>> cycle.travel

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22491

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;cycle.travel. IN A

 

;; Query time: 2072 msec

;; SERVER: 10.12.208.1#53(10.12.208.1)

;; WHEN: Sun Jan 16 17:33:20 GMT 2022

;; MSG SIZE  rcvd: 41


Trying again a bit later still using Mirach (Netherlands, OpenVPN UDP and not looks like it resolves OK

; <<>> DiG 9.10.6 <<>> cycle.travel

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44589

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;cycle.travel. IN A

 

;; ANSWER SECTION:

cycle.travel. 7200 IN A 95.216.24.90

 

;; Query time: 930 msec

;; SERVER: 10.24.48.1#53(10.24.48.1)

;; WHEN: Sun Jan 16 18:22:32 GMT 2022

;; MSG SIZE  rcvd: 57

 

Share this post


Link to post
4 hours ago, Psamathe said:

;; Query time: 3951 msec

4 hours ago, Psamathe said:

;; Query time: 6437 msec

4 hours ago, Psamathe said:

;; Query time: 2072 msec 

4 hours ago, Psamathe said:

;; Query time: 930 msec


Those query times are absolutely insane.

Hey, if you do a +trace for any of those domains, does the resolution of the intermediate names take as long as this? Like so:

$ dig a in cycle.travel +trace

.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Unofficial Eddie for Android F-Droid repository: repo.opensourcery.eu

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
11 minutes ago, OpenSourcerer said:

Those query times are absolutely insane.

Hey, if you do a +trace for any of those domains, does the resolution of the intermediate names take as long as this? Like so:

$ dig a in cycle.travel +trace


I'll try next time.
When connected to VPN and the issue happens I generally browse to a web site I use a lot before anything else and that invariably responds quickly and immediately; domain name almost certainly previously resolved and cached as I try on a site I use all the time (e.g. UK MetOffice). Moment I switch to ISP (disconnect from VPN) it immediately works (i.e. onto ISP's DNS.

Share this post


Link to post

Use your router IP and serve DNS over the connected server on your flashed router. Internal DNS vs. External/Global DNS.
Reference(Internal root DNS and other facts):
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/ee649129(v=ws.10)

Share this post


Link to post
8 hours ago, Flx said:

Use your router IP and serve DNS over the connected server on your flashed router. Internal DNS vs. External/Global DNS.
Reference(Internal root DNS and other facts):
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/ee649129(v=ws.10)

Afraid that means nothing to me. I don't have a flashed router, I use a Mac, I don't have a lot of what that document is talking about. In English? None of the linked document seems to apply so I'm lost.

Share this post


Link to post

Hello everybody,

can you please re-perform all of your tests and report back? We have found a bug which potentially might have caused the reported names resolution failures and we have fixed the code. Please let us know whether the problems keeps occurring or not, as our automated DNS testing sentinels deployed on several flag servers have stopped reporting resolution failures since when the fix was applied. A couple of hours ago the fix has been deployed on all the VPN servers.

We are looking forward to hearing from you.

Kind regards
 

Share this post


Link to post

Hello!

Since no reports came in here or in tickets in the last 6 days we consider the problem as resolved, thank you very much!

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...