Hi there, Just found that my new Turris Omnia could not resolve t.co links created by Twitter shortener. Everything works fine at work or when connected via mobile network on the same PC. What might be a problem? Almost default system on the latest Omnia device and OS with Sentinel and PaKon activated. Thank you in advance for your help.
Does the t.co name resolve in DNS well? The ideal way to confirm that is to run dig t.co or kdig t.co somewhere in the network (or on Omnia itself where one of those commands will probably be preinstalled). Or at least nslookup t.co on Windows.
Here we are:
root@turris:~# dig t.co
; <<>> DiG 9.18.11 <<>> t.co
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41466
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 15 (Blocked): (CR36)
;; QUESTION SECTION:
;t.co. IN A
;; AUTHORITY SECTION:
t.co. 10800 IN SOA t.co. nobody.invalid. 1 3600 1200 604800 10800
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu Mar 09 21:16:12 EET 2023
;; MSG SIZE rcvd: 93
Some of the policies configured on the resolver decided to block the name. Default certainly doesn’t do that, it’s something in your configuration.
Perhaps some source pulled through adblock package or something.
2 Likes
Thanks a lot, vcunat! I forgot completly about adblock. Just stopped it and everything works fine. Now I have to find the rule that blocks it.
Btw I don’t see flag “ad”. So dnssec not working.
It’s an answer that’s generated locally and thus not validated. DNSSEC works the other way – checks that noone has changed the answer’s data.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.