Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Ipleakerror

Getting attached error after adding Verisign DNS to both router and PC on single Adsl line.
$ dnstracer -q soa -o dig +trace www.ipleak.net
Tracing to dig[soa] via 127.0.0.53, maximum of 3 retries
127.0.0.53 (127.0.0.53)

~$ sudo dig +trace www.example.com >> trace
; <<>> DiG 9.10.3-P4-Ubuntu <<>> +trace www.example.com
;; global options: +cmd
. 509481 IN NS l.root-servers.net.
. 509481 IN NS h.root-servers.net.
. 509481 IN NS a.root-servers.net.
. 509481 IN NS b.root-servers.net.
. 509481 IN NS c.root-servers.net.
. 509481 IN NS j.root-servers.net.
. 509481 IN NS m.root-servers.net.
. 509481 IN NS k.root-servers.net.
. 509481 IN NS g.root-servers.net.
. 509481 IN NS i.root-servers.net.
. 509481 IN NS d.root-servers.net.
. 509481 IN NS f.root-servers.net.
. 509481 IN NS e.root-servers.net.
. 509481 IN RRSIG NS 8 0 518400 20171202050000 20171119040000 46809 . Uu1BhEUFLaER5Yr9aEIgQ1pKaeS6WC25YhXo9T2kWbz3PiIkQxTIRQnZ Yxb1izySWG7W2xXqXIh9SzM2U3eiHr+t7EzOAQZXo5Em+nkcaZuzyM40 n9C1Vke5TkGofEPvb0jej5k1G3YP2XbT+Pgt7rr8ZmnBUX4Xy24LnRf3 cSP10bKB1b2qfo4p5wuRh+eh434WU2g6Qru/r7SUjcK0lyJL+dLHtCWq +xWIML6EPPt2XD0Tv0i9fnabdiv7ySn5LBcjcG7sxrUW3jtFv3ZM6tWu SAjFoVdlYx3MIaB0q9xFUnqIEf7zbX29vBnG37+4BZJ11Hrb0spyO68C CX4RJA==
;; Received 525 bytes from 64.6.64.6#53(64.6.64.6) in 91 ms

com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20171202050000 20171119040000 46809 . eOVmRT5FBl7UxbLZOS93GgcVFInIo9+9OpC/M1sY9VINhiHBBYrPgbba f9E/yorPZ2g1WbzJrsyb9OAwSrCEQZT6dLXjAc5EBExoKozTI4N1KgrP OKEre0t0OjqmUh+PVb5duiLb260d+GMBKWB+sMNW51neybAcH5HKIL5a +Jgg6T9pSd9NLUoM1wj0oxfn9ADFmR3+8HTbqKAXPlQEb3DBMi7a6M8s 1sNEKwl/b5pZt5NZx68Mb4B0a/tLZqsxwzTOIeH507lRbBqF4IkleL9r SDOaN/2clJyhrpG1+UqMTksrQ9gvvSa48ujmRbZf6PwOK9Hh4PAwNjxZ Ee1pSw==
;; Received 1175 bytes from 199.9.14.201#53(b.root-servers.net) in 251 ms

example.com. 172800 IN NS a.iana-servers.net.
example.com. 172800 IN NS b.iana-servers.net.
example.com. 86400 IN DS 31589 8 1 3490A6806D47F17A34C29E2CE80E8A999FFBE4BE
example.com. 86400 IN DS 31589 8 2 CDE0D742D6998AA554A92D890F8184C698CFAC8A26FA59875A990C03 E576343C
example.com. 86400 IN DS 43547 8 1 B6225AB2CC613E0DCA7962BDC2342EA4F1B56083
example.com. 86400 IN DS 43547 8 2 615A64233543F66F44D68933625B17497C89A70E858ED76A2145997E DF96A918
example.com. 86400 IN DS 31406 8 1 189968811E6EBA862DD6C209F75623D8D9ED9142
example.com. 86400 IN DS 31406 8 2 F78CF3344F72137235098ECBBD08947C2C9001C7F6A085A17F518B5D 8F6B916D
example.com. 86400 IN RRSIG DS 8 2 86400 20171124052544 20171117041544 11324 com. tEWJ4zE3VMQ7cT5Mpm70yta+1iLXYs28XfxWKfxjmM88R1j/TIoXpU78 wsWcjElrCXIIT47xadNfjEq5mnAibtBdwDSYkSfEhFjdDpvDnOvMYrOf EMahoU1AzzqL3xAmQjQqUAxdFJQtLi/RJGRGO1LftRLrz0ny3gdxKIHx AK8=
;; Received 595 bytes from 192.41.162.30#53(l.gtld-servers.net) in 94 ms

www.example.com. 86400 IN A 93.184.216.34
www.example.com. 86400 IN RRSIG A 8 3 86400 20171129194243 20171109004736 30381 example.com. iNF822SyTQOZdEoAHn1I2YsK2y+0RybbkmiK7HL7X4uwSuiqldalQKyA Q0qauV+T4z49RuYUAEWCCS1UVdeZTDAfAXhh/WkLd5oQcO/pP2RsagUK x8JooX/ZaIqZqPVb3AT7Xv5cEOiqicPzjaypevGgLIAPUa5uYRaeuI8e YHY=
example.com. 86400 IN NS a.iana-servers.net.
example.com. 86400 IN NS b.iana-servers.net.
example.com. 86400 IN RRSIG NS 8 2 86400 20171129081257 20171108104736 30381 example.com. UpAW0hxg3GJvr7fbiT/jQBis1HoFWqAwRO8ttQmCz/BsviQqpVlYrnwt eR+JexdFIXNJYqcikcLxPg+CBBNiE6oxWcmrXeuXHsLQdlEfJz4GcQmu kNbU7FCGVraPuLu4Wh/yDT9LT0VRD7dHjJ05jibQ21MoJYDnofwzJbge 2TU=
;; Received 450 bytes from 199.43.135.53#53(a.iana-servers.net) in 244 ms





Comments

  • Hello aasalem10, thank you for providing the details above. I too have been able to replicate the issue and will escalate a request to our Engineering Team for further assistance. Thank you for your patience and we will provide an update once we receive their feedback.
  • edited November 19
    Please find attached Google-namebench results using these nameservers: 64.6.64.6, 64.6.65.6, 127.0.0.53
    With:
    1- Include global DNS providers
    2- Include best available regional DNS
    Thanks,
  • Hello aasalem10, thank you for the additional information. Again, we will provide you with an update as soon as our Engineering Team provides us with their feedback.
  • Hello aasalem10, thank you again for your patience while we reviewed the issue you reported in additional detail. We have determined there are multiple issues associated with ipleak.net that need to be corrected before our recursive servers can provide the requested answer.

    Reference: http://dnsviz.net/d/ipleak.net/WgEwrg/dnssec/

    Reasons for resolution issues:

    1) Both name servers for ipleak.net, dns1.dnsleak.net & dns2.dnsleak.net, are not answering with the authoritative answer bit set.
    2) Our recursive servers for Public DNS are not providing an answer for ipleak.net because there is no authoritative answer to obtain.

    For ipleak.net to properly resolve:

    1) Both dns1.dnsleak.net & dns2.dnsleak.net need to answer authoritatively for ipleak.net.
    2) The Registrar that manages ipleak.net, eNom, only shows that the servers name are “glued” to the IPv4 addresses, not the IPv6 addresses.

    Server Name: DNS1.DNSLEAK.NET
    IP Address: 95.85.16.212
    Registrar: eNom, Inc.
    Registrar WHOIS Server: whois.enom.com
    Registrar URL: http://www.enom.com

    >>> Last update of whois database: 2017-11-21T16:21:45Z <<<

    Server Name: DNS2.DNSLEAK.NET
    IP Address: 95.85.16.212
    Registrar: eNom, Inc.
    Registrar WHOIS Server: whois.enom.com
    Registrar URL: http://www.enom.com

    >>> Last update of whois database: 2017-11-21T16:23:47Z <<<

    Note: The IPv6 record in the dnsleak.net zone is lame anyway. For example, performing this DIG request shows the server couldn’t be reached, so possibly that’s why the IP wasn’t “glued” through the Registrar.

    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> @2a03:b0c0:0:1010::509:d001 ipleak.net any
    ; (1 server found)
    ;; global options: +cmd
    ;; connection timed out; no servers could be reached

    3) Both dns1.dnsleak.net & dns2.dnsleak.net have the same IP address for each name server, which is also the same for the IPv6 addresses referenced too (see details above).

    Final analysis:

    There are systematic DNS issues with ipleak.net that cause the delegation to be lame. Our recursive platform is unable to follow the broken DNS delegation. Once the steps above are taken to remedy the issue, then you should then be able to resolve to ipleak.net using our Public DNS.
  • edited December 5
    Thanks, it may take me sometime to digest your answer, in the mean time, wonder if ipv6 route may cause an issue.


  • Hello Aasalem10! We are taking a look and should have an update for you soon.
  • Thank you for your patience, aasalem10! If you can resolve to other domain names using our Public DNS service via IPv6 route, then that confirms the source of the problem is with the issues identified in my previous post specifically with dnsleak.net. If you feel I have misunderstood your request though, please elaborate and we are happy to further assist/explain.
Sign In or Register to comment.