Jump to content
Not connected, Your IP: 3.145.16.81
AirVPN
Sign in to follow this  
Followers 0
nva

Can't resolve *.mil domains when using AirVPN DNS server

By nva, ... in Troubleshooting and Problems

Recommended Posts

nva    0

nva
Posted ...

I recently noticed that i can't visit any *.mil websites when I'm using AirVPN with Wireguard client for MacOS. Config file downloaded from Client page looks like this:
  

[Interface]
PrivateKey = ...
Address = ...
DNS = 10.128.0.1
MTU = 1320

[Peer]
...

dig command returned with SERVFAIL:
  
~ > dig @10.128.0.1 www.navy.mil

; <<>> DiG 9.10.6 <<>> @10.128.0.1 www.navy.mil
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51388
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.navy.mil.			IN	A

;; Query time: 2554 msec
;; SERVER: 10.128.0.1#53(10.128.0.1)
;; WHEN:
;; MSG SIZE  rcvd: 41

But it works fine with if i choose Mullvad (also wireguard): 
~ > dig www.navy.mil

; <<>> DiG 9.10.6 <<>> www.navy.mil
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17697
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.navy.mil.			IN	A

;; ANSWER SECTION:
www.navy.mil.		7138	IN	CNAME	www.navy.mil.edgekey.net.
www.navy.mil.edgekey.net. 300	IN	CNAME	e16312.dscb.akamaiedge.net.
e16312.dscb.akamaiedge.net. 20	IN	A	23.15.145.170

;; Query time: 597 msec
;; SERVER: 100.64.0.7#53(100.64.0.7)
;; WHEN:
;; MSG SIZE  rcvd: 132

On a semi-related note: my Opnsense router running Unbound in DNS-over-TLS forwarding mode to upstream DNS servers also got exactly same error: SERVFAIL or straight up timeout with dig command for *.mil domains. Upstream queries go through WAN and not any VPN tunnel. Turning DNSSEC on and off didn't change anything on my opnsense router. If i don't use DNS-over-TLS and just plain forwarding to UDP 53, no issue.

I don't know how relevant these two issues are, perhaps AirVPN also use Unbound? 

Once you find out what's wrong, can you drop some info so i can also fix my Opnsense settings?

Thank you!

Share this post

Link to post

Staff    9968

Staff
Posted ...
@nva

Hello!

Each VPN server runs its own DNS server. The authoritative server for the mentioned domain names either blocks a lot of DNS IP addresses (not only AirVPN ones, as you noticed) or is malfunctioning. In both cases you would get a SERVFAIL error message.

Kind regards
 

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...