membrane 0 Posted ... Not sure if I'm just doing something wrong but: connected to AirVPN via Eddie everything works as expected, except some domains can not be resolved through AirVPN dns, for example "parabox.game". Without AirVPN: ; <<>> DiG 9.18.5 <<>> parabox.game ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 563 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;parabox.game. IN A ;; ANSWER SECTION: parabox.game. 14400 IN A 109.232.216.113 ;; Query time: 79 msec ;; SERVER: 9.9.9.10#53(9.9.9.10) (UDP) ;; WHEN: Thu Sep 01 xx:xx:xx CEST 2022 ;; MSG SIZE rcvd: 57 With AirVPN: ; <<>> DiG 9.18.5 <<>> parabox.game ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 14200 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;parabox.game. IN A ;; Query time: 4733 msec ;; SERVER: 10.13.194.1#53(10.13.194.1) (UDP) ;; WHEN: Thu Sep 01 xx:xx:xx CEST 2022 ;; MSG SIZE rcvd: 41 Quote Share this post Link to post
OpenSourcerer 1442 Posted ... That's odd, their DNS servers are configured properly. Usually, when something like this happened it was the website's DNS having some errors, like parent nameservers not containing the name you're trying to resolve. Can you to a +trace? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
membrane 0 Posted ... ; <<>> DiG 9.18.5 <<>> parabox.game +trace ;; global options: +cmd . 80001 IN NS g.root-servers.net. . 80001 IN NS c.root-servers.net. . 80001 IN NS d.root-servers.net. . 80001 IN NS f.root-servers.net. . 80001 IN NS l.root-servers.net. . 80001 IN NS a.root-servers.net. . 80001 IN NS b.root-servers.net. . 80001 IN NS j.root-servers.net. . 80001 IN NS i.root-servers.net. . 80001 IN NS h.root-servers.net. . 80001 IN NS e.root-servers.net. . 80001 IN NS k.root-servers.net. . 80001 IN NS m.root-servers.net. . 80001 IN RRSIG NS 8 0 518400 20220913210000 20220831200000 20826 . HCE+lqUS3Vgf+DDA3U+SZzcjVUdGUYWl7pOt4ujuQWFZHusDoYiIkewU fBGrCdQNIH2TVTakJbUtW1qSM8u3mVTg90/AH/5Rv5JIxOoNkXl3giKC XS3vmxnV0ht2J5zMCOYIbeHs95LnoLFwGu1N0CjadPFg/yNdZxmPriod haXmIXcw8gJ T0VtOB4E92UImItwh11JBZsz8H8ntJbf7opdEqhGsG/Mq cemaNayj4HEr5bodBMSrxPtuelbnFL1JJtlkz+9oQQZqZAPgCZ5SEcXw ixXO96drPlCdG6yR2pdIoSgyp4T5h44r3bTeWRz9qwJJb0Q4nELLebkm m6WPFg== ;; Received 525 bytes from 10.13.194.1#53(10.13.194.1) in 43 ms game. 172800 IN NS a.nic.game. game. 172800 IN NS c.nic.game. game. 172800 IN NS b.nic.game. game. 172800 IN NS d.nic.game. game. 86400 IN DS 39133 5 1 FB1F7E5D4D62AA9F930B77A9494BB3B04D84340A game. 86400 IN DS 32929 5 1 AC35DD8C5C6E00427FCE4432F9F817D54C5DBB9F game. 86400 IN DS 4126 5 2 F69BE762D422754930EE00176F377AB6A7FF074A48B2076A6F0CEE71 1D97001D game. 86400 IN DS 4126 5 1 0BFD20235875E18EE7D8B0FAD0A9F566D296CB09 game. 86400 IN DS 32929 5 2 C7602F661849EF5422CB5E5D7CCC91E7EA8344C7FD20F0E43A198CC6 99EC895C game. 86400 IN DS 39133 5 2 ECA12999E650C648FEABAB0AA1870D10D6E9F6316FA609B126C98477 F964C6A4 game. 86400 IN RRSIG DS 8 1 86400 20220913210000 20220831200000 20826 . LFk49B/zOSD5SXno+1bGVTcKFCh8o4kk0ZeNvWzN4ZFdUwnTUzWJlAZJ YYZLCOM1hBjIiMCKLimA9DT3lj4FSVx98WqPgVuSO/Uyglodq+r7FTql JzFod8kDYAyaDYO3ipqZ6oisy1dx985EIdZxrEyPB0mYmf21EyNK8c1F 7E1NCLF24KkT gP9llBQw5J2RV8RFzMggJESeDraVlGcQ6ruyJx8DnX01 V6Kn9qJ8aS16A6uITlpGdeoP+30dQw+anaoVTJHy8dOCImY3EPKDimt8 JNQhsv9NjQJI8Jy9fF8x00Z4c0yzEd9OkE3gwxlVZi1Jnkk5LiK/ipSe K8W+8w== ;; Received 828 bytes from 202.12.27.33#53(m.root-servers.net) in 56 ms parabox.game. 3600 IN NS cpns1.turhost.com. parabox.game. 3600 IN NS cpns2.turhost.com. parabox.game. 3600 IN NSEC parade.game. NS RRSIG NSEC parabox.game. 3600 IN RRSIG NSEC 5 2 3600 20220908153637 20220809042014 11877 game. dkDJZsjlmMzWgrPcJGKJ6JbmjcbcNkL/eGbaOrPhkfVKWSTERpl+dhqa ptinN6LhNfRAZzljKRVFwfXMFZR046YCPHMi+8xkFE0LRXoo+Eu2bvyG wtlmJsCdyTUSJ8hZdwCEn+XbVEL7m/IdQMT9SxZItOGU7cUXSRMaYu4R 3A4= couldn't get address for 'cpns1.turhost.com': failure couldn't get address for 'cpns2.turhost.com': failure dig: couldn't get address for 'cpns1.turhost.com': no more Quote Share this post Link to post
OpenSourcerer 1442 Posted ... 21 hours ago, membrane said: couldn't get address for 'cpns1.turhost.com': failure couldn't get address for 'cpns2.turhost.com': failure dig: couldn't get address for 'cpns1.turhost.com': no more I can confirm this on multiple German servers. AirDNS doesn't seem to be able to resolve either of parabox.game's nameservers (ns1/2.turhost.com), which is of course a necessity since they answer authoritatively for that domain. But I don't see why that wouldn't be possible. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Staff 10017 Posted ... Hello! Perhaps their DNS servers block our VPN servers (each VPN server runs its own DNS server). Such blatant NN and end-to-end connectivity principle infringement practice is unfortunately more and more common and one of the bad practices which are dismantling the original Internet concept. A couple of years ago GoDaddy authoritative servers blocked all Leaseweb DNS queries, for example, causing worldwide chaos for several days. We will look into the issue and if confirmed we will try to find a way to circumvent the absurd block. Kind regards Quote Share this post Link to post
OpenSourcerer 1442 Posted ... Maybe the concept of running separate DNS servers has run its course. It could be more worthwhile to forward DNS requests from all servers to some sort of DNS infrastructure of AirVPN which is hosted with companies you wouldn't associate VPN activities with, and in a way similar to a CDN, ergo, worldwide. To expand on this, one can even think about offering some sort of DoT/DoH in the future building on this "DNS CDN", helping people who cannot connect to AirVPN against DNS poisoning and other things. Just a thought, though. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Staff 10017 Posted ... 4 hours ago, OpenSourcerer said: Maybe the concept of running separate DNS servers has run its course. It could be more worthwhile to forward DNS requests from all servers to some sort of DNS infrastructure of AirVPN which is hosted with companies you wouldn't associate VPN activities with Hello! Yes, probably that's a good solution. We should maintain the VPN DNS address matching the VPN gateway address (to neutralize as usual the infamous and dangerous route hijack attack) and then internally perform the routing which is necessary. In this way we would save one of the most exclusive AirVPN features and at the same time achieve the purpose to untie the DNS servers from VPN servers. Kind regards 1 OpenSourcerer reacted to this Quote Share this post Link to post
OpenSourcerer 1442 Posted ... Looking forward to what you can cook up there. And even more to test that out at some point Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post