I have a very annoying issue with DNS recently. I'm using the standard
DNS device and servers provided by my internetprovider which runs a full
dual-stack IPv4/6. Other non-qubes devices have no issues. I think this
might be a Qubes bug but I want to ask for help first to rule out an
error on my side.
Selected domainnames (all subdomains, eg www.qubes.org, so not
qubes.org) get a SERVFAIL when trying to resolve them within
applications, and on the commandline with 'host' and 'nslookup'.
Strangely enough, 'dig' has no issues, (querying the same default
resolver ip of course). At times, the domainname will resolve inside
sys-net and certain app-vm's, and not in another app-vm. At other times,
it resolves nowhere. When quering resolvers directly (like my isp's
resolvers or 1.1.1.1) the issue does not occur.
What can be happening here? One of the only consistent hints I found is
that Qubes does not seem to pass the full nslookup response from sys-net
to the appvm (compare nslookup examples below). My router gives a
servfail when quering it via ipv4, nslookup then tries it's ipv6
address, where it does get a reply, but this reply is not passed to the
appvm. The servfail might be an ipv6 issue or an issue with my router,
but I think still Qubes should pass the full response, right?
some affected domainnames:
www.duckduckgo.com
www.startpage.com
textsecure-service.whispersystems.org
user@chat-1:~$ host -v www.startpage.com
Trying "www.startpage.com"
Host www.startpage.com not found: 2(SERVFAIL)
Received 35 bytes from 10.139.1.2#53 in 2 ms
-
user@chat-1:~$ nslookup www.startpage.com
;; Got SERVFAIL reply from 10.139.1.1, trying next server
Server: 10.139.1.2
Address: 10.139.1.2#53
** server can't find www.startpage.com: SERVFAIL
user@sys-net:~$ host -v www.startpage.com
Trying "www.startpage.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22135
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.startpage.com. IN A
;; ANSWER SECTION:
www.startpage.com. 2393 IN CNAME startpage.com.
startpage.com. 10 IN A 145.131.132.72
Received 65 bytes from 192.168.0.1#53 in 4 ms
Trying "startpage.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8508
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;startpage.com. IN AAAA
;; AUTHORITY SECTION:
startpage.com. 2598
IN SOA dns1.p01.nsone.net.
hostmaster.nsone.net. 1619470914 3600 600 1209600 3600
Received 96 bytes from 192.168.0.1#53 in 3 ms
Trying "startpage.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44449
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;startpage.com. IN MX
;; ANSWER SECTION:
startpage.com. 2598
IN MX 10 mx2.startmail.com.
startpage.com. 2598
IN MX 10 mx1.startmail.com.
Received 81 bytes from 192.168.0.1#53 in 1 ms
user@sys-net:~$ nslookup www.startpage.com
;; Got SERVFAIL reply from 192.168.0.1, trying next server
Server: fd00::(redacted):ee5e
Address: fd00::(redacted):ee5e#53
Non-authoritative answer:
www.startpage.com canonical name = startpage.com.
Name: startpage.com
Address: 37.0.87.39
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/cf58fe9c-c3f8-be3c-42be-1e40fd64b135%40disroot.org.