Vercel.app websites

azee · November 19, 2021, 12:47am

I can’t access any websites under vercel.app domain when using my router as the DNS server.

Example:

$ dig @192.168.1.1 static-tweet.vercel.app

; <<>> DiG 9.10.6 <<>> @192.168.1.1 static-tweet.vercel.app
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16475
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;static-tweet.vercel.app.	IN	A

;; AUTHORITY SECTION:
static-tweet.vercel.app. 10800	IN	SOA	static-tweet.vercel.app. nobody.invalid. 1 3600 1200 604800 10800

;; Query time: 72 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Nov 19 01:44:48 CET 2021
;; MSG SIZE  rcvd: 91

If I query another DNS server (my AdGuard Home) it works:

$ dig @192.168.1.40 static-tweet.vercel.app 

; <<>> DiG 9.10.6 <<>> @192.168.1.40 static-tweet.vercel.app
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11423
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;static-tweet.vercel.app.	IN	A

;; ANSWER SECTION:
static-tweet.vercel.app. 60	IN	A	76.76.21.21

;; Query time: 32 msec
;; SERVER: 192.168.1.40#53(192.168.1.40)
;; WHEN: Fri Nov 19 01:45:32 CET 2021
;; MSG SIZE  rcvd: 68

My DNS settings in reForis are simply forwarding them to my AdGuard Home running in the IP above. I have no idea why Turris still tries to do some DNS before sending it to my AdGuard Home (that’s for me totally unexpected).

I also tried disabling Sentinel, without any changes. I found the following thread that mentions Turris Greylist, not sure if they’re connected: https://github.com/vercel/vercel/discussions/6182.

How to fix this?

vcunat · November 19, 2021, 8:10am

This certainly looks like blocked on DNS level. (The SOA record is a fake one.) Perhaps you use the adblock package?

azee · November 19, 2021, 2:49pm

I had, but I have uninstalled it.

In reForis → Package Management → Packages, here’s what I have installed:

Everything under Advanced security & analytics - Turris Sentinel
Hardening → Common passwords filter
LuCi Extensions: None
LXC Utilities
Network monitoring and parental control → Internet connection speed measurement
OpenVPN

And that’s all.

vcunat · November 19, 2021, 4:31pm

I wonder if the uninstallation could have left some remains. If you can, log in by ssh and edit file /etc/config/resolver. In section config resolver 'kresd' remove line list rpz_file '/etc/kresd/adb_list.overall'.

Then you’ll need to reload the resolver, e.g. command /etc/init.d/resolver restart or any UI action touching its configuration, etc.

vcunat · November 19, 2021, 4:38pm

My quick test confirmed that the RPZ configuration remained after opkg remove adblock. @dibdot maintains the package in openwrt; maybe it’s not hard to fix?

azee · November 19, 2021, 5:19pm

Thanks! That worked

Do you want me to open a separate bug, or us this here enough?

vcunat · November 19, 2021, 5:32pm

I’d probably first wait for reaction from the maintainer. Then the bug would most likely go to https://github.com/openwrt/packages/issues

dibdot · December 4, 2021, 10:09pm

Just disable adblock before you remove the package - that removes any adblock related config entries, too.

system · January 18, 2022, 12:48am

This topic was automatically closed after 60 days. New replies are no longer allowed.