After updating to TurrisOS 5.0.1, the remote URL of the VPN provider I use no longer resolves. In OpenVpn.log, i see RESOLVE: Cannot resolve host address. If i replace the host address with the ip address, I am able to connect with no issue.
I can ping the address from outside of turris with no issue, but get an unknown host error if I try a ping on the Network Utilities page of LuCI. I am able to dig the hostname with no issue.
Iβm at a loss where to start debugging. Any ideas would be appreciated.
I donβt know. In /etc/config/resolver, part config resolver 'common', you can flip option verbose '0' to 1. That way the logs should contain information on any DNS request.
1 Like
thanks @vcunat
here are the logs after turning it on. anything stick out? I compare it to when I pinged from my os and they looked exactly the same.
Jun 18 18:18:26 turris kresd[7346]: [00000.00][plan] plan βvpnloc.vpnurl.me.β type βAβ uid [32054.00]
Jun 18 18:18:26 turris kresd[7346]: [32054.00][iter] βvpnloc.vpnurl.me.β type βAβ new uid was assigned .01, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [32054.01][cach] => skipping exact RR: rank 030 (min. 030), new TTL -101
Jun 18 18:18:26 turris kresd[7346]: [32054.01][cach] => no NSEC* cached for zone: vpnurl.me.
Jun 18 18:18:26 turris kresd[7346]: [32054.01][cach] => skipping zone: vpnurl.me., NSEC, hash 0;new TTL -123456789, ret -2
Jun 18 18:18:26 turris kresd[7346]: [32054.01][cach] => skipping zone: vpnurl.me., NSEC, hash 0;new TTL -123456789, ret -2
Jun 18 18:18:26 turris kresd[7346]: [32054.01][plan] plan β.β type βDNSKEYβ uid [32054.02]
Jun 18 18:18:26 turris kresd[7346]: [32054.02][iter] β.β type βDNSKEYβ new uid was assigned .03, parent uid .01
Jun 18 18:18:26 turris kresd[7346]: [32054.03][cach] => satisfied by exact RRset: rank 060, new TTL 3698
Jun 18 18:18:26 turris kresd[7346]: [32054.03][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [32054.03][vldr] <= parent: updating DNSKEY
Jun 18 18:18:26 turris kresd[7346]: [32054.03][vldr] <= answer valid, OK
Jun 18 18:18:26 turris kresd[7346]: [32054.01][iter] βvpnloc.vpnurl.me.β type βAβ new uid was assigned .04, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [32054.04][plan] plan βme.β type βDSβ uid [32054.05]
Jun 18 18:18:26 turris kresd[7346]: [32054.05][iter] βme.β type βDSβ new uid was assigned .06, parent uid .04
Jun 18 18:18:26 turris kresd[7346]: [32054.06][cach] => satisfied by exact RRset: rank 060, new TTL 63990
Jun 18 18:18:26 turris kresd[7346]: [32054.06][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [32054.06][vldr] <= DS: OK
Jun 18 18:18:26 turris kresd[7346]: [32054.06][vldr] <= parent: updating DS
Jun 18 18:18:26 turris kresd[7346]: [32054.06][vldr] <= answer valid, OK
Jun 18 18:18:26 turris kresd[7346]: [32054.04][iter] βvpnloc.vpnurl.me.β type βAβ new uid was assigned .07, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [32054.07][plan] plan βme.β type βDNSKEYβ uid [32054.08]
Jun 18 18:18:26 turris kresd[7346]: [32054.08][iter] βme.β type βDNSKEYβ new uid was assigned .09, parent uid .07
Jun 18 18:18:26 turris kresd[7346]: [32054.09][cach] => satisfied by exact RRset: rank 060, new TTL 367
Jun 18 18:18:26 turris kresd[7346]: [32054.09][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [32054.09][vldr] <= parent: updating DNSKEY
Jun 18 18:18:26 turris kresd[7346]: [32054.09][vldr] <= answer valid, OK
Jun 18 18:18:26 turris kresd[7346]: [32054.07][iter] βvpnloc.vpnurl.me.β type βAβ new uid was assigned .10, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [32054.10][plan] plan βvpnurl.me.β type βDSβ uid [32054.11]
Jun 18 18:18:26 turris kresd[7346]: [32054.11][iter] βvpnurl.me.β type βDSβ new uid was assigned .12, parent uid .10
Jun 18 18:18:26 turris kresd[7346]: [32054.12][cach] => skipping exact packet: rank 060 (min. 030), new TTL -116
Jun 18 18:18:26 turris kresd[7346]: [32054.12][cach] => no NSEC* cached for zone: me.
Jun 18 18:18:26 turris kresd[7346]: [32054.12][cach] => skipping zone: me., NSEC, hash 0;new TTL -123456789, ret -2
Jun 18 18:18:26 turris kresd[7346]: [32054.12][cach] => skipping zone: me., NSEC, hash 0;new TTL -123456789, ret -2
Jun 18 18:18:26 turris kresd[7346]: [ ][nsre] score 21 for 1.1.1.1#00053; cached RTT: 12
Jun 18 18:18:26 turris kresd[7346]: [ ][nsre] score 21 for 8.8.4.4#00053; cached RTT: 31
Jun 18 18:18:26 turris kresd[7346]: [ ][nsre] score 21 for 8.8.8.8#00053; cached RTT: 11
Jun 18 18:18:26 turris kresd[7346]: [32054.12][resl] => id: β43350β querying: β1.1.1.1#00053β score: 21 zone cut: βme.β qname: βvpnurl.mE.β qtype: βDSβ proto: βudpβ
Jun 18 18:18:26 turris kresd[7346]: [00000.00][plan] plan βvpnloc.vpnurl.me.β type βAAAAβ uid [33564.00]
Jun 18 18:18:26 turris kresd[7346]: [33564.00][iter] βvpnloc.vpnurl.me.β type βAAAAβ new uid was assigned .01, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [33564.01][cach] => satisfied by exact packet: rank 030, new TTL 674
Jun 18 18:18:26 turris kresd[7346]: [33564.01][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [33564.01][resl] AD: request NOT classified as SECURE
Jun 18 18:18:26 turris kresd[7346]: [33564.01][resl] finished: 4, queries: 1, mempool: 65568 B
Jun 18 18:18:26 turris kresd[7346]: [32054.12][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [32054.12][vldr] <= canβt prove NODATA due to optout, going insecure
Jun 18 18:18:26 turris kresd[7346]: [32054.12][vldr] <= DS doesnβt exist, going insecure
Jun 18 18:18:26 turris kresd[7346]: [32054.12][vldr] <= parent: updating DS
Jun 18 18:18:26 turris kresd[7346]: [32054.12][vldr] <= answer valid, OK
Jun 18 18:18:26 turris kresd[7346]: [32054.12][cach] => stashed me. SOA, rank 060, 222 B total, incl. 1 RRSIGs
Jun 18 18:18:26 turris kresd[7346]: [32054.12][cach] => stashed packet: rank 060, TTL 900, DS vpnurl.me. (775 B)
Jun 18 18:18:26 turris kresd[7346]: [32054.12][resl] <= server: β1.1.1.1β rtt: 28 ms
Jun 18 18:18:26 turris kresd[7346]: [32054.10][iter] βvpnloc.vpnurl.me.β type βAβ new uid was assigned .13, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [32054.13][plan] plan βvpnurl.me.β type βNSβ uid [32054.14]
Jun 18 18:18:26 turris kresd[7346]: [32054.14][iter] βvpnurl.me.β type βNSβ new uid was assigned .15, parent uid .13
Jun 18 18:18:26 turris kresd[7346]: [32054.15][cach] => satisfied by exact RRset: rank 030, new TTL 153345
Jun 18 18:18:26 turris kresd[7346]: [32054.15][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [32054.15][vldr] <= cached insecure response, going insecure
Jun 18 18:18:26 turris kresd[7346]: [32054.13][iter] βvpnloc.vpnurl.me.β type βAβ new uid was assigned .16, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [ ][nsre] score 21 for 1.1.1.1#00053; cached RTT: 20
Jun 18 18:18:26 turris kresd[7346]: [ ][nsre] score 21 for 8.8.4.4#00053; cached RTT: 31
Jun 18 18:18:26 turris kresd[7346]: [ ][nsre] score 21 for 8.8.8.8#00053; cached RTT: 11
Jun 18 18:18:26 turris kresd[7346]: [32054.16][resl] => id: β59685β querying: β1.1.1.1#00053β score: 21 zone cut: βme.β qname: βvpnloc.vpnurl.me.β qtype: βAβ proto: βudpβ
Jun 18 18:18:26 turris kresd[7346]: [32054.16][resl] => id: β59685β querying: β8.8.4.4#00053β score: 21 zone cut: βme.β qname: βvpnloc.vpnurl.me.β qtype: βAβ proto: βudpβ
Jun 18 18:18:26 turris kresd[7346]: [32054.16][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [32054.16][cach] => stashed vpnloc.vpnurl.me. A, rank 030, 380 B total, incl. 0 RRSIGs
Jun 18 18:18:26 turris kresd[7346]: [32054.16][resl] <= server: β1.1.1.1β rtt: 33 ms
Jun 18 18:18:26 turris kresd[7346]: [32054.16][resl] AD: request NOT classified as SECURE
Jun 18 18:18:26 turris kresd[7346]: [32054.16][resl] finished: 4, queries: 6, mempool: 81960 B
Jun 18 18:18:26 turris kresd[7346]: [00000.00][plan] plan βvpnloc.vpnurl.me.β type βAβ uid [29977.00]
Jun 18 18:18:26 turris kresd[7346]: [29977.00][iter] βvpnloc.vpnurl.me.β type βAβ new uid was assigned .01, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [29977.01][cach] => satisfied by exact RRset: rank 030, new TTL 60
Jun 18 18:18:26 turris kresd[7346]: [29977.01][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [29977.01][resl] AD: request NOT classified as SECURE
Jun 18 18:18:26 turris kresd[7346]: [29977.01][resl] finished: 4, queries: 1, mempool: 81960 B
Jun 18 18:18:26 turris kresd[7346]: [00000.00][plan] plan βvpnloc.vpnurl.me.β type βAAAAβ uid [30978.00]
Jun 18 18:18:26 turris kresd[7346]: [30978.00][iter] βvpnloc.vpnurl.me.β type βAAAAβ new uid was assigned .01, parent uid .00
Jun 18 18:18:26 turris kresd[7346]: [30978.01][cach] => satisfied by exact packet: rank 030, new TTL 674
Jun 18 18:18:26 turris kresd[7346]: [30978.01][iter] <= rcode: NOERROR
Jun 18 18:18:26 turris kresd[7346]: [30978.01][resl] AD: request NOT classified as SECURE
Jun 18 18:18:26 turris kresd[7346]: [30978.01][resl] finished: 4, queries: 1, mempool: 65568 B
Iβm not sure how you could get the log, but at this moment all servers are telling me that vpnurl.me does not exist (and anything under it thus canβt).
EDIT: to increase the fun, 1.1.1.1 in particular is currently giving me this NXDOMAIN with an incorrect DNSSEC proof.
OK, that explains the difference. The log for that openvpn-triggered request looks correct, returning answer with addresses, so I expect the problem is somewhere else than in DNS.
now its getting remote_list_error: current remote server endpoint is undefined had to edit the conf and add tcp at the end of remote def