Jump to content
Not connected, Your IP: 3.15.214.185
FlyawayRavage

[RESOLVED] DNS Breaks shortly after VPN connection

Recommended Posts

EDIT: Figured it out. I was under the assumption that systemd-resolved took over all DNS processing and made /etc/resolv.conf obsolete, but apparently that's still where AirVPN pushes the DNS settings too and somehow systemd-resolved overwrites it. Disabling systemd-resolved seems to have fixed this problem for now.


Running AirVPNsuite on my server (Operating System: Debian GNU/Linux 11 (bullseye); Kernel: Linux 5.10.0-20-amd64), DNS breaks randomly 5-60mins after establishing connection. DNS settings, as far as I can tell, aren't being changed. I can still ping the server-pushed DNS server as well, but it just doesn't resolve. Relevant logs below:
Logs immediately after establishing connection:

root@labserver:~# resolvectl
Global
         Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: foreign
Current DNS Server: 10.32.178.1
       DNS Servers: 10.32.178.1

Link 2 (enp0s25)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: 10.32.178.1

Link 3 (docker0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: 10.32.178.1

Link 4 (tun0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
     Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: 10.32.178.1

root@labserver:~# goldcrest --bluetit-status
2023-03-02 22:47:43 Reading run control directives from file /root/.config/goldcrest.rc
Goldcrest 1.2.1 - 9 December 2022

2023-03-02 22:47:43 Bluetit - AirVPN OpenVPN 3 Service 1.2.1 - 9 December 2022
2023-03-02 22:47:43 OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit
2023-03-02 22:47:43 Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
2023-03-02 22:47:43 OpenSSL 1.1.1n  15 Mar 2022
2023-03-02 22:47:43 Bluetit is connected to VPN
2023-03-02 22:47:43 Persistent Network Lock and Filter is enabled. (using nftables)
2023-03-02 22:47:43 ----------------------
2023-03-02 22:47:43 Connected to AirVPN server Yildun (Miami, United States of America)
2023-03-02 22:47:43 Users 50 - Load 8% - Bandwidth 80.08 Mbit/s - Max 1 Gbit/s
2023-03-02 22:47:43 Server IP Address 173.44.55.181 - Port 443 - Protocol UDPv4 - Cipher AES-256-GCM
2023-03-02 22:47:43 Network topology: subnet - Server ping 10 s - Ping restart 60 s
2023-03-02 22:47:43 Pushed DNS: 10.32.178.1 (IPv4)
2023-03-02 22:47:43 Connection time: 00:02:25
2023-03-02 22:47:43 Transferred data: In 34.09 KB, Out 9.15 KB
2023-03-02 22:47:43 Current rate: In 0 bit/s, Out 0 bit/s
2023-03-02 22:47:43 Maximum rate: In 14.78 Kbit/s, Out 1.09 Kbit/s

root@labserver:~# ping google.com
PING google.com (142.250.217.206) 56(84) bytes of data.
64 bytes from mia07s61-in-f14.1e100.net (142.250.217.206): icmp_seq=1 ttl=120 time=72.3 ms
64 bytes from mia07s61-in-f14.1e100.net (142.250.217.206): icmp_seq=2 ttl=120 time=72.3 ms
64 bytes from mia07s61-in-f14.1e100.net (142.250.217.206): icmp_seq=3 ttl=120 time=72.5 ms

Logs ~1 hour later when DNS has failed:

root@labserver:~# resolvectl
Global
         Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: foreign
Current DNS Server: 10.32.178.1
       DNS Servers: 10.32.178.1

Link 2 (enp0s25)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: 10.32.178.1

Link 3 (docker0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: 10.32.178.1

Link 4 (tun0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
     Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: 10.32.178.1

root@labserver:~# goldcrest --bluetit-status
2023-03-02 23:56:38 Reading run control directives from file /root/.config/goldcrest.rc
Goldcrest 1.2.1 - 9 December 2022

2023-03-02 23:56:38 Bluetit - AirVPN OpenVPN 3 Service 1.2.1 - 9 December 2022
2023-03-02 23:56:38 OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit
2023-03-02 23:56:38 Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
2023-03-02 23:56:38 OpenSSL 1.1.1n  15 Mar 2022
2023-03-02 23:56:38 Bluetit is connected to VPN
2023-03-02 23:56:38 Persistent Network Lock and Filter is enabled. (using nftables)
2023-03-02 23:56:39 ----------------------
2023-03-02 23:56:39 Connected to AirVPN server Yildun (Miami, United States of America)
2023-03-02 23:56:39 Users 50 - Load 4% - Bandwidth 48.70 Mbit/s - Max 1 Gbit/s
2023-03-02 23:56:39 Server IP Address 173.44.55.181 - Port 443 - Protocol UDPv4 - Cipher AES-256-GCM
2023-03-02 23:56:39 Network topology: subnet - Server ping 10 s - Ping restart 60 s
2023-03-02 23:56:39 Pushed DNS: 10.32.178.1 (IPv4)
2023-03-02 23:56:39 Connection time: 01:11:19
2023-03-02 23:56:39 Transferred data: In 627.65 KB, Out 107.48 KB
2023-03-02 23:56:39 Current rate: In 20 bit/s, Out 0 bit/s
2023-03-02 23:56:39 Maximum rate: In 65.65 Kbit/s, Out 3.59 Kbit/s

root@labserver:~# ping google.com
ping: google.com: Temporary failure in name resolution
root@labserver:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=120 time=72.3 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=120 time=72.3 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=120 time=72.3 ms

root@labserver:~# dig google.com

; <<>> DiG 9.16.33-Debian <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached

Share this post


Link to post
3 hours ago, FlyawayRavage said:

EDIT: Figured it out. I was under the assumption that systemd-resolved took over all DNS processing and made /etc/resolv.conf obsolete, but apparently that's still where AirVPN pushes the DNS settings too and somehow systemd-resolved overwrites it. Disabling systemd-resolved seems to have fixed this problem for now.


It's not so much an override as it is a symlink to a legacy resolv.conf managed by resolved, and it checks from time to time whether the resolv.conf is still a symlink, of course, hence the "every 5-60 minutes it fails".
But, glad you resolved it. :)

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...