VPN's URL No longer resolves after update to 5.0.1

Software SW help
1

After updating to TurrisOS 5.0.1, the remote URL of the VPN provider I use no longer resolves. In OpenVpn.log, i see RESOLVE: Cannot resolve host address. If i replace the host address with the ip address, I am able to connect with no issue.
I can ping the address from outside of turris with no issue, but get an unknown host error if I try a ping on the Network Utilities page of LuCI. I am able to dig the hostname with no issue.
I’m at a loss where to start debugging. Any ideas would be appreciated.

2

I don’t know. In /etc/config/resolver, part config resolver 'common', you can flip option verbose '0' to 1. That way the logs should contain information on any DNS request.

1 Like
3

thanks @vcunat

here are the logs after turning it on. anything stick out? I compare it to when I pinged from my os and they looked exactly the same.

Jun 18 18:18:26 turris kresd[7346]: [00000.00][plan] plan β€˜vpnloc.vpnurl.me.’ type β€˜A’ uid [32054.00]
Jun 18 18:18:26 turris kresd[7346]: [32054.00][iter] β€˜vpnloc.vpnurl.me.’ type β€˜A’ new uid was assigned .01, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [32054.01][cach] => skipping exact RR: rank 030 (min. 030), new TTL -101
Jun 18 18:18:26 turris kresd[7346]: [32054.01][cach] => no NSEC* cached for zone: vpnurl.me.
Jun 18 18:18:26 turris kresd[7346]: [32054.01][cach] => skipping zone: vpnurl.me., NSEC, hash 0;new TTL -123456789, ret -2
Jun 18 18:18:26 turris kresd[7346]: [32054.01][cach] => skipping zone: vpnurl.me., NSEC, hash 0;new TTL -123456789, ret -2
Jun 18 18:18:26 turris kresd[7346]: [32054.01][plan] plan β€˜.’ type β€˜DNSKEY’ uid [32054.02]
Jun 18 18:18:26 turris kresd[7346]: [32054.02][iter] β€˜.’ type β€˜DNSKEY’ new uid was assigned .03, parent uid .01
Jun 18 18:18:26 turris kresd[7346]: [32054.03][cach] => satisfied by exact RRset: rank 060, new TTL 3698
Jun 18 18:18:26 turris kresd[7346]: [32054.03][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [32054.03][vldr] <= parent: updating DNSKEY
Jun 18 18:18:26 turris kresd[7346]: [32054.03][vldr] <= answer valid, OK
Jun 18 18:18:26 turris kresd[7346]: [32054.01][iter] β€˜vpnloc.vpnurl.me.’ type β€˜A’ new uid was assigned .04, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [32054.04][plan] plan β€˜me.’ type β€˜DS’ uid [32054.05]
Jun 18 18:18:26 turris kresd[7346]: [32054.05][iter] β€˜me.’ type β€˜DS’ new uid was assigned .06, parent uid .04
Jun 18 18:18:26 turris kresd[7346]: [32054.06][cach] => satisfied by exact RRset: rank 060, new TTL 63990
Jun 18 18:18:26 turris kresd[7346]: [32054.06][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [32054.06][vldr] <= DS: OK
Jun 18 18:18:26 turris kresd[7346]: [32054.06][vldr] <= parent: updating DS
Jun 18 18:18:26 turris kresd[7346]: [32054.06][vldr] <= answer valid, OK
Jun 18 18:18:26 turris kresd[7346]: [32054.04][iter] β€˜vpnloc.vpnurl.me.’ type β€˜A’ new uid was assigned .07, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [32054.07][plan] plan β€˜me.’ type β€˜DNSKEY’ uid [32054.08]
Jun 18 18:18:26 turris kresd[7346]: [32054.08][iter] β€˜me.’ type β€˜DNSKEY’ new uid was assigned .09, parent uid .07
Jun 18 18:18:26 turris kresd[7346]: [32054.09][cach] => satisfied by exact RRset: rank 060, new TTL 367
Jun 18 18:18:26 turris kresd[7346]: [32054.09][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [32054.09][vldr] <= parent: updating DNSKEY
Jun 18 18:18:26 turris kresd[7346]: [32054.09][vldr] <= answer valid, OK
Jun 18 18:18:26 turris kresd[7346]: [32054.07][iter] β€˜vpnloc.vpnurl.me.’ type β€˜A’ new uid was assigned .10, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [32054.10][plan] plan β€˜vpnurl.me.’ type β€˜DS’ uid [32054.11]
Jun 18 18:18:26 turris kresd[7346]: [32054.11][iter] β€˜vpnurl.me.’ type β€˜DS’ new uid was assigned .12, parent uid .10
Jun 18 18:18:26 turris kresd[7346]: [32054.12][cach] => skipping exact packet: rank 060 (min. 030), new TTL -116
Jun 18 18:18:26 turris kresd[7346]: [32054.12][cach] => no NSEC* cached for zone: me.
Jun 18 18:18:26 turris kresd[7346]: [32054.12][cach] => skipping zone: me., NSEC, hash 0;new TTL -123456789, ret -2
Jun 18 18:18:26 turris kresd[7346]: [32054.12][cach] => skipping zone: me., NSEC, hash 0;new TTL -123456789, ret -2
Jun 18 18:18:26 turris kresd[7346]: [ ][nsre] score 21 for 1.1.1.1#00053; cached RTT: 12
Jun 18 18:18:26 turris kresd[7346]: [ ][nsre] score 21 for 8.8.4.4#00053; cached RTT: 31
Jun 18 18:18:26 turris kresd[7346]: [ ][nsre] score 21 for 8.8.8.8#00053; cached RTT: 11
Jun 18 18:18:26 turris kresd[7346]: [32054.12][resl] => id: β€˜43350’ querying: β€˜1.1.1.1#00053’ score: 21 zone cut: β€˜me.’ qname: β€˜vpnurl.mE.’ qtype: β€˜DS’ proto: β€˜udp’
Jun 18 18:18:26 turris kresd[7346]: [00000.00][plan] plan β€˜vpnloc.vpnurl.me.’ type β€˜AAAA’ uid [33564.00]
Jun 18 18:18:26 turris kresd[7346]: [33564.00][iter] β€˜vpnloc.vpnurl.me.’ type β€˜AAAA’ new uid was assigned .01, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [33564.01][cach] => satisfied by exact packet: rank 030, new TTL 674
Jun 18 18:18:26 turris kresd[7346]: [33564.01][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [33564.01][resl] AD: request NOT classified as SECURE
Jun 18 18:18:26 turris kresd[7346]: [33564.01][resl] finished: 4, queries: 1, mempool: 65568 B
Jun 18 18:18:26 turris kresd[7346]: [32054.12][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [32054.12][vldr] <= can’t prove NODATA due to optout, going insecure
Jun 18 18:18:26 turris kresd[7346]: [32054.12][vldr] <= DS doesn’t exist, going insecure
Jun 18 18:18:26 turris kresd[7346]: [32054.12][vldr] <= parent: updating DS
Jun 18 18:18:26 turris kresd[7346]: [32054.12][vldr] <= answer valid, OK
Jun 18 18:18:26 turris kresd[7346]: [32054.12][cach] => stashed me. SOA, rank 060, 222 B total, incl. 1 RRSIGs
Jun 18 18:18:26 turris kresd[7346]: [32054.12][cach] => stashed packet: rank 060, TTL 900, DS vpnurl.me. (775 B)
Jun 18 18:18:26 turris kresd[7346]: [32054.12][resl] <= server: β€˜1.1.1.1’ rtt: 28 ms
Jun 18 18:18:26 turris kresd[7346]: [32054.10][iter] β€˜vpnloc.vpnurl.me.’ type β€˜A’ new uid was assigned .13, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [32054.13][plan] plan β€˜vpnurl.me.’ type β€˜NS’ uid [32054.14]
Jun 18 18:18:26 turris kresd[7346]: [32054.14][iter] β€˜vpnurl.me.’ type β€˜NS’ new uid was assigned .15, parent uid .13
Jun 18 18:18:26 turris kresd[7346]: [32054.15][cach] => satisfied by exact RRset: rank 030, new TTL 153345
Jun 18 18:18:26 turris kresd[7346]: [32054.15][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [32054.15][vldr] <= cached insecure response, going insecure
Jun 18 18:18:26 turris kresd[7346]: [32054.13][iter] β€˜vpnloc.vpnurl.me.’ type β€˜A’ new uid was assigned .16, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [ ][nsre] score 21 for 1.1.1.1#00053; cached RTT: 20
Jun 18 18:18:26 turris kresd[7346]: [ ][nsre] score 21 for 8.8.4.4#00053; cached RTT: 31
Jun 18 18:18:26 turris kresd[7346]: [ ][nsre] score 21 for 8.8.8.8#00053; cached RTT: 11
Jun 18 18:18:26 turris kresd[7346]: [32054.16][resl] => id: β€˜59685’ querying: β€˜1.1.1.1#00053’ score: 21 zone cut: β€˜me.’ qname: β€˜vpnloc.vpnurl.me.’ qtype: β€˜A’ proto: β€˜udp’
Jun 18 18:18:26 turris kresd[7346]: [32054.16][resl] => id: β€˜59685’ querying: β€˜8.8.4.4#00053’ score: 21 zone cut: β€˜me.’ qname: β€˜vpnloc.vpnurl.me.’ qtype: β€˜A’ proto: β€˜udp’
Jun 18 18:18:26 turris kresd[7346]: [32054.16][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [32054.16][cach] => stashed vpnloc.vpnurl.me. A, rank 030, 380 B total, incl. 0 RRSIGs
Jun 18 18:18:26 turris kresd[7346]: [32054.16][resl] <= server: β€˜1.1.1.1’ rtt: 33 ms
Jun 18 18:18:26 turris kresd[7346]: [32054.16][resl] AD: request NOT classified as SECURE
Jun 18 18:18:26 turris kresd[7346]: [32054.16][resl] finished: 4, queries: 6, mempool: 81960 B
Jun 18 18:18:26 turris kresd[7346]: [00000.00][plan] plan β€˜vpnloc.vpnurl.me.’ type β€˜A’ uid [29977.00]
Jun 18 18:18:26 turris kresd[7346]: [29977.00][iter] β€˜vpnloc.vpnurl.me.’ type β€˜A’ new uid was assigned .01, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [29977.01][cach] => satisfied by exact RRset: rank 030, new TTL 60
Jun 18 18:18:26 turris kresd[7346]: [29977.01][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [29977.01][resl] AD: request NOT classified as SECURE
Jun 18 18:18:26 turris kresd[7346]: [29977.01][resl] finished: 4, queries: 1, mempool: 81960 B
Jun 18 18:18:26 turris kresd[7346]: [00000.00][plan] plan β€˜vpnloc.vpnurl.me.’ type β€˜AAAA’ uid [30978.00]
Jun 18 18:18:26 turris kresd[7346]: [30978.00][iter] β€˜vpnloc.vpnurl.me.’ type β€˜AAAA’ new uid was assigned .01, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [30978.01][cach] => satisfied by exact packet: rank 030, new TTL 674
Jun 18 18:18:26 turris kresd[7346]: [30978.01][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [30978.01][resl] AD: request NOT classified as SECURE
Jun 18 18:18:26 turris kresd[7346]: [30978.01][resl] finished: 4, queries: 1, mempool: 65568 B

4

I’m not sure how you could get the log, but at this moment all servers are telling me that vpnurl.me does not exist (and anything under it thus can’t).

EDIT: to increase the fun, 1.1.1.1 in particular is currently giving me this NXDOMAIN with an incorrect DNSSEC proof.

7

OK, that explains the difference. The log for that openvpn-triggered request looks correct, returning answer with addresses, so I expect the problem is somewhere else than in DNS.