DNS Issues after v1.9 Update

Got a problem with Viscosity or need help? Ask here!

dkaczmark

Posts: 2
Joined: Tue Mar 29, 2011 11:04 am

Post by dkaczmark » Wed Dec 16, 2020 3:39 am
Hi All,

I've been a long-time user of Viscosity and have thankfully experienced a minimal number of issues.

However, I recently upgraded to v1.9 (1695) and encountered a slew of issues; primarily relating to DNS.

Until v1.9 I was using the OpenVPN TAP Legacy adapter. After upgrading and experiencing connection issues, I moved to the Viscosity Virtual Adapter and was successfully able to connect, but face some lingering DNS issues.

The OpenVPN-based server I connect to pushes a number of DNS search domains. Most appear to function normally, but am unable to resolve second-level subdomains - e.g. test.foo.bar.com. However, foo.bar.com domains resolve correctly. I can manually fix this by adding a DNS suffix for test.foo.bar.com within the network adapter itself. Previously, this worked without issue prior to v1.9.

The server profile is set to DNS Mode: "Automatic".

The other DNS issue appears to be extremely slow DNS lookups. Running a standard nslookup seems to timeout twice, then finally respond via the Viscosity DNS Server.
Code: Select all
C:\Users\Daniel>nslookup youtube.com
Server:  Viscosity
Address: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
Name:    youtube.com
Addresses:  2607:f8b0:4009:80c::200e
          216.58.192.142
-----------------------
Microsoft Windows 10 Pro
Version 2004 (OS Build: 19041.630)

Any assistance to help fix these issues would be sincerely appreciated.

Eric

User avatar
Posts: 1073
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Wed Dec 16, 2020 10:44 am
Hi dkaczmark,

Our first suggestion is upgrade to 20H2 if you can, this fixes a slew of weird networking issues including some that might be effecting DNS compared to running 2004.

In regards to the slow lookups, please try comparing a direct lookup against your DNS server. To do this, run:

nslookup youtube.com. 1.1.1.1

Replacing 1.1.1.1 with your VPN DNS server. Please note the . after youtube.com. It is very important you use this with nslookup after anything you resolve or nslookup will try resolving every single DNS suffix you have set which can make it appear as if DNS is extremely slow.
This will give us an idea if slowness in your VPN connection or remote DNS server is causing any issues. You can check what DNS servers Viscosity is using in the log - https://sparklabs.com/support/kb/articl ... envpn-log/

In regards to multiple octets not matching to a domain, we'll investigate this and make sure there hasn't been a regression, however this is the first report we've had of this and it may be simply related to the speed issues you are encountering.

Finally, a cold boot may resolve all these issues if your PC has been powered up and just sleeping for a while. A cold boot involves shutting down your PC then booting it up again instead of just restarting.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

MorpheusX

Posts: 11
Joined: Sat Mar 02, 2013 2:04 am

Post by MorpheusX » Thu Dec 17, 2020 10:19 pm
Hi,

I've been seeing a similar issue over the last few weeks, although I unfortunately cannot pinpoint exactly when they started happening anymore - I did however update Viscosity to 1.9 (and as of a few days ago, to the latest beta) recently, so the timing might coincide.

Same as dkaczmark, I'm seeing intermittent DNS resolution issues while using Viscosity, although mine strangely enough seem to be limited to anything related to Microsoft domains (I've been working quite a bit with Azure/Microsoft Logins, so that's where I mostly noticed it).
Usually, Chrome would complain about not being able to resolve e.g. login.microsoftonline.com, refresh 2 times, then suddenly succeed in resolving the domain and load the page. During login, Microsoft redirects to a different domain, which again would fail to resolve twice, then suddenly load.
After these domains resolve, I can usually used them for a minute or two (have not actually timed, just what it feels like) before they fail to resolve again, although that part seems a bit part to reproduce - sometimes I can navigate websites using the "troublesome" domains for minutes, sometimes for hours.

My current setup:

OS
Microsoft Windows 10 Pro Version 20H2 (OS Build 19042.685)
.NET Framework Version 4.8.04084.528372
IPv4 DNS server (pihole): 192.168.178.2:53
IPv6 DNS server (pihole): [<PIHOLE_IPV6_ADDRESS>]:53
Dual stack setup, both IPv4 and IPv6 connectivity available

Viscosity
Viscosity Windows 1.9.1 (1698) Beta3
Adapter Type: Viscosity Virtual Adapter
OpenVPN 2.4.10 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [AEAD] built on Dec 10 2020
OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10

VPN server
IPv4 connection only, no IPv6 IP assigned
Several routes pushed, although none are related to Microsoft domains/IPs or conflict with local IP ranges
Split DNS config with single search domain pushed by server
Code: Select all
Dec 17 11:31:57 AM: DNS set to Split, report follows:
Server - [<PIHOLE_IPV6_ADDRESS>]:53; Lookup Type - Any; Domains - fritz.box.
Server - 192.168.178.2:53; Lookup Type - Any; Domains - fritz.box.
Server - 9.9.9.9:53; Lookup Type - Split; Domains - <companydomain.at>.; Server is not reachable and will not be used.
Server - 1.1.1.1:53; Lookup Type - Split; Domains - <companydomain.at>.; Server is not reachable and will not be used.

Dec 17 11:31:57 AM: State changed to Connected
Dec 17 11:31:58 AM: DNS has been updated:
Server - [<PIHOLE_IPV6_ADDRESS>]:53; Lookup Type - Any; Domains - fritz.box.
Server - 192.168.178.2:53; Lookup Type - Any; Domains - fritz.box.
Server - 9.9.9.9:53; Lookup Type - Split; Domains - <companydomain.at>.
Server - 1.1.1.1:53; Lookup Type - Split; Domains - <companydomain.at>.
Up until around last week, I was using the stable version of Viscosity, although I do not have the exact version number anymore. As I originally noticed my DNS issues there, I updated to the latest beta in the hopes a fix might've been in testing already.
Until this morning, my adapter type was set to "OpenVPN TAP Adapter (Legacy)", after finding this thread, I changed the setting and re-created the connection to test whether that might fix my issues - unfortunately they still persist.
My computer has been cold booted multiple times - last of this morning - since these issues have been occurring.

I've tried reproducing the issue with nslookup with similar results as dkaczmark.
I am sometimes seeing nslookup run into two DNS request timeouts before being able to resolve the domain, although as of lately, nslookup often just seems to "hang" indefinitely or return an "Unspecified" error. Re-trying the query afterwards either results in another hangup/error or successfully resolves the domain.
Code: Select all
C:\Users\nickm>nslookup login.microsoftonline.com.
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e53

*** Viscosity can't find login.microsoftonline.com.: Unspecified error

C:\Users\nickm>nslookup login.microsoftonline.com.
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e53

Non-authoritative answer:
Name:    www.tm.a.prd.aadg.akadns.net
Addresses:  40.126.1.144
          40.126.1.143
          20.190.129.16
          40.126.1.139
          40.126.1.135
          20.190.129.18
          40.126.1.165
          20.190.129.134
Aliases:  login.microsoftonline.com
          a.privatelink.msidentity.com
          prda.aadg.msidentity.com


C:\Users\nickm>nslookup login.microsoftonline.com.
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e53

Non-authoritative answer:
Name:    www.tm.a.prd.aadg.akadns.net
Addresses:  20.190.129.134
          40.126.1.144
          40.126.1.143
          20.190.129.16
          40.126.1.139
          40.126.1.135
          20.190.129.18
          40.126.1.165
Aliases:  login.microsoftonline.com
          a.privatelink.msidentity.com
          prda.aadg.msidentity.com
I've also tried supplying the -debug flag to nslookup in the hope of gaining some additional information, but all that showed (at least to me :D ) was it receiving a truncated answer:
Code: Select all
C:\Users\nickm>nslookup -debug login.microsoftonline.com.
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        3.5.e.4.4.4.3.7.9.6.6.5.3.7.2.6.1.6.c.4.b.6.2.7.1.6.0.7.3.5.d.f.ip6.arpa, type = PTR, class = IN
    ANSWERS:
    ->  3.5.e.4.4.4.3.7.9.6.6.5.3.7.2.6.1.6.c.4.b.6.2.7.1.6.0.7.3.5.d.f.ip6.arpa
        name = Viscosity
        ttl = 32000000 (370 days 8 hours 53 mins 20 secs)

------------
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e53

truncated answer
^C
C:\Users\nickm>nslookup -debug login.microsoftonline.com.
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        3.5.e.4.4.4.3.7.9.6.6.5.3.7.2.6.1.6.c.4.b.6.2.7.1.6.0.7.3.5.d.f.ip6.arpa, type = PTR, class = IN
    ANSWERS:
    ->  3.5.e.4.4.4.3.7.9.6.6.5.3.7.2.6.1.6.c.4.b.6.2.7.1.6.0.7.3.5.d.f.ip6.arpa
        name = Viscosity
        ttl = 32000000 (370 days 8 hours 53 mins 20 secs)

------------
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e53

truncated answer
^C
C:\Users\nickm>nslookup -debug login.microsoftonline.com. <PIHOLE_IPV6_ADDRESS>
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        3.6.6.9.d.b.2.d.1.7.8.f.6.2.e.f.e.5.5.3.a.5.2.0.1.7.8.0.1.0.0.2.ip6.arpa, type = PTR, class = IN
    ANSWERS:
    ->  3.6.6.9.d.b.2.d.1.7.8.f.6.2.e.f.e.5.5.3.a.5.2.0.1.7.8.0.1.0.0.2.ip6.arpa
        name = rpi4
        ttl = 2 (2 secs)

------------
Server:  rpi4
Address:  <PIHOLE_IPV6_ADDRESS>
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 11,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com, type = A, class = IN
    ANSWERS:
    ->  login.microsoftonline.com
        canonical name = a.privatelink.msidentity.com
        ttl = 12 (12 secs)
    ->  a.privatelink.msidentity.com
        canonical name = prda.aadg.msidentity.com
        ttl = 12 (12 secs)
    ->  prda.aadg.msidentity.com
        canonical name = www.tm.a.prd.aadg.akadns.net
        ttl = 12 (12 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 20.190.129.1
        ttl = 12 (12 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.1.143
        ttl = 12 (12 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.1.135
        ttl = 12 (12 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 20.190.129.129
        ttl = 12 (12 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.1.167
        ttl = 12 (12 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.1.165
        ttl = 12 (12 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.1.144
        ttl = 12 (12 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.1.129
        ttl = 12 (12 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com, type = AAAA, class = IN

------------
Name:    www.tm.a.prd.aadg.akadns.net
Addresses:  20.190.129.1
          40.126.1.143
          40.126.1.135
          20.190.129.129
          40.126.1.167
          40.126.1.165
          40.126.1.144
          40.126.1.129
Aliases:  login.microsoftonline.com
          a.privatelink.msidentity.com
          prda.aadg.msidentity.com


C:\Users\nickm>nslookup -debug login.microsoftonline.com.
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        3.5.e.4.4.4.3.7.9.6.6.5.3.7.2.6.1.6.c.4.b.6.2.7.1.6.0.7.3.5.d.f.ip6.arpa, type = PTR, class = IN
    ANSWERS:
    ->  3.5.e.4.4.4.3.7.9.6.6.5.3.7.2.6.1.6.c.4.b.6.2.7.1.6.0.7.3.5.d.f.ip6.arpa
        name = Viscosity
        ttl = 32000000 (370 days 8 hours 53 mins 20 secs)

------------
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e53

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 11,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com, type = A, class = IN
    ANSWERS:
    ->  login.microsoftonline.com
        canonical name = a.privatelink.msidentity.com
        ttl = 4 (4 secs)
    ->  a.privatelink.msidentity.com
        canonical name = prda.aadg.msidentity.com
        ttl = 4 (4 secs)
    ->  prda.aadg.msidentity.com
        canonical name = www.tm.a.prd.aadg.akadns.net
        ttl = 4 (4 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.1.129
        ttl = 4 (4 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 20.190.129.1
        ttl = 4 (4 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.1.143
        ttl = 4 (4 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.1.135
        ttl = 4 (4 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 20.190.129.129
        ttl = 4 (4 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.1.167
        ttl = 4 (4 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.1.165
        ttl = 4 (4 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.1.144
        ttl = 4 (4 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com, type = AAAA, class = IN

------------
Name:    www.tm.a.prd.aadg.akadns.net
Addresses:  40.126.1.129
          20.190.129.1
          40.126.1.143
          40.126.1.135
          20.190.129.129
          40.126.1.167
          40.126.1.165
          40.126.1.144
Aliases:  login.microsoftonline.com
          a.privatelink.msidentity.com
          prda.aadg.msidentity.com
I waited around 30s after each of the two first requests before cancelling them. After I queried my pihole server directly (or any other external server, 1.1.1.1 works just fine as well for that), attempting another query without a DNS server specified completes immediately, although I assume might just be retrieved from cache.

I have also attempted the same omitting the "." after the TLD, thus including search domains with similar results, as expected.
Code: Select all
C:\Users\nickm>nslookup -debug login.microsoftonline.com
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        3.5.e.4.4.4.3.7.9.6.6.5.3.7.2.6.1.6.c.4.b.6.2.7.1.6.0.7.3.5.d.f.ip6.arpa, type = PTR, class = IN
    ANSWERS:
    ->  3.5.e.4.4.4.3.7.9.6.6.5.3.7.2.6.1.6.c.4.b.6.2.7.1.6.0.7.3.5.d.f.ip6.arpa
        name = Viscosity
        ttl = 32000000 (370 days 8 hours 53 mins 20 secs)

------------
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e53

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com.fritz.box, type = A, class = IN

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com.fritz.box, type = AAAA, class = IN

------------
truncated answer
read failed: No error
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com, type = AAAA, class = IN

------------
*** Viscosity can't find login.microsoftonline.com: Unspecified error

C:\Users\nickm>nslookup -debug login.microsoftonline.com
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        3.5.e.4.4.4.3.7.9.6.6.5.3.7.2.6.1.6.c.4.b.6.2.7.1.6.0.7.3.5.d.f.ip6.arpa, type = PTR, class = IN
    ANSWERS:
    ->  3.5.e.4.4.4.3.7.9.6.6.5.3.7.2.6.1.6.c.4.b.6.2.7.1.6.0.7.3.5.d.f.ip6.arpa
        name = Viscosity
        ttl = 32000000 (370 days 8 hours 53 mins 20 secs)

------------
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e53

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com.fritz.box, type = A, class = IN

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com.fritz.box, type = AAAA, class = IN

------------
truncated answer
^C
C:\Users\nickm>nslookup -debug login.microsoftonline.com <PIHOLE_IPV6_ADDRESS>
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        3.6.6.9.d.b.2.d.1.7.8.f.6.2.e.f.e.5.5.3.a.5.2.0.1.7.8.0.1.0.0.2.ip6.arpa, type = PTR, class = IN
    ANSWERS:
    ->  3.6.6.9.d.b.2.d.1.7.8.f.6.2.e.f.e.5.5.3.a.5.2.0.1.7.8.0.1.0.0.2.ip6.arpa
        name = rpi4
        ttl = 2 (2 secs)

------------
Server:  rpi4
Address:  <PIHOLE_IPV6_ADDRESS>

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com.fritz.box, type = A, class = IN

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com.fritz.box, type = AAAA, class = IN

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 11,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com, type = A, class = IN
    ANSWERS:
    ->  login.microsoftonline.com
        canonical name = a.privatelink.msidentity.com
        ttl = 13 (13 secs)
    ->  a.privatelink.msidentity.com
        canonical name = prda.aadg.msidentity.com
        ttl = 13 (13 secs)
    ->  prda.aadg.msidentity.com
        canonical name = www.tm.a.prd.aadg.akadns.net
        ttl = 13 (13 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 20.190.137.72
        ttl = 13 (13 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 20.190.137.97
        ttl = 13 (13 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 20.190.137.76
        ttl = 13 (13 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 20.190.137.7
        ttl = 13 (13 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.9.5
        ttl = 13 (13 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.9.72
        ttl = 13 (13 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.9.76
        ttl = 13 (13 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.9.65
        ttl = 13 (13 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com, type = AAAA, class = IN

------------
Name:    www.tm.a.prd.aadg.akadns.net
Addresses:  20.190.137.72
          20.190.137.97
          20.190.137.76
          20.190.137.7
          40.126.9.5
          40.126.9.72
          40.126.9.76
          40.126.9.65
Aliases:  login.microsoftonline.com
          a.privatelink.msidentity.com
          prda.aadg.msidentity.com


C:\Users\nickm>nslookup -debug login.microsoftonline.com
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        3.5.e.4.4.4.3.7.9.6.6.5.3.7.2.6.1.6.c.4.b.6.2.7.1.6.0.7.3.5.d.f.ip6.arpa, type = PTR, class = IN
    ANSWERS:
    ->  3.5.e.4.4.4.3.7.9.6.6.5.3.7.2.6.1.6.c.4.b.6.2.7.1.6.0.7.3.5.d.f.ip6.arpa
        name = Viscosity
        ttl = 32000000 (370 days 8 hours 53 mins 20 secs)

------------
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e53

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com.fritz.box, type = A, class = IN

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com.fritz.box, type = AAAA, class = IN

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 11,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com, type = A, class = IN
    ANSWERS:
    ->  login.microsoftonline.com
        canonical name = a.privatelink.msidentity.com
        ttl = 11 (11 secs)
    ->  a.privatelink.msidentity.com
        canonical name = prda.aadg.msidentity.com
        ttl = 11 (11 secs)
    ->  prda.aadg.msidentity.com
        canonical name = www.tm.a.prd.aadg.akadns.net
        ttl = 11 (11 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.9.65
        ttl = 11 (11 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 20.190.137.72
        ttl = 11 (11 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 20.190.137.97
        ttl = 11 (11 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 20.190.137.76
        ttl = 11 (11 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 20.190.137.7
        ttl = 11 (11 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.9.5
        ttl = 11 (11 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.9.72
        ttl = 11 (11 secs)
    ->  www.tm.a.prd.aadg.akadns.net
        internet address = 40.126.9.76
        ttl = 11 (11 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        login.microsoftonline.com, type = AAAA, class = IN

------------
Name:    www.tm.a.prd.aadg.akadns.net
Addresses:  40.126.9.65
          20.190.137.72
          20.190.137.97
          20.190.137.76
          20.190.137.7
          40.126.9.5
          40.126.9.72
          40.126.9.76
Aliases:  login.microsoftonline.com
          a.privatelink.msidentity.com
          prda.aadg.msidentity.com
Once Viscosity is disabled/the adapter is disconnected, I'm no longer seeing issues with the mentioned domains, so I'm fairly certain there should be nothing interfering from my regular DNS/pihole setup, although I'm happy to run any other tests that might prove helpful to try and track this issue.

Eric

User avatar
Posts: 1073
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Fri Dec 18, 2020 11:10 am
Hi MorpheusX,

Thank you very very much for your detailed post, it lead us straight to the problem. We really do appreciate your time compiling this reply.

Viscosity 1.9.1 Beta 5 is now available with a fix, please give it a go and let us know how you get on - https://sparklabs.com/support/kb/articl ... -versions/

Long story short, there was a bug in the TCP side of our DNS resolver that was causing very large DNS responses (i.e. truncated responses) to fail. If the resolver knew ahead of time the response was going to be large, the responses would come through fine, which is why it was a bit unreliable with the failure. In regards to Chrome, most likely what is happening is after a couple of failures, Chrome is directly querying Google's DNS servers itself for a response and bypassing Windows (and thus Viscosity), a "feature" of that browser.

Thank you again for your reply!

@dkaczmark - We are not sure if you are facing the same issue or not, it looks like you may be facing a configuration issue. Please give this beta a go, if you are still having issues, please follow through our instructions from the original reply.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

MorpheusX

Posts: 11
Joined: Sat Mar 02, 2013 2:04 am

Post by MorpheusX » Fri Dec 18, 2020 7:51 pm
Hi Eric,

thanks for the quick reply, I'm glad I was able to help find you the underlying issue.
I've been trying my hardest to make it fail for the last 15 minutes, however it seems like everything's working fine now :D

Awesome, thank you very much for the great support (and also technical insight about what was going wrong), highly appreciated! :)

Kind regards,
MorpheusX

sepp.huber

Posts: 5
Joined: Mon Feb 08, 2021 7:53 pm

Post by sepp.huber » Mon Feb 08, 2021 8:03 pm
Hey Eric,

since the release of 1.9.1 (1701) I have the same problem again. With the beta version before, everything seemed to
be fine. But after updating to 1.9.1 nslookup tells me, that resolving a domain leads to a timeout:
Code: Select all
C:\Users\sepp.huber>nslookup bing.com
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e55

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Zeitüberschreitung bei Anforderung an Viscosity.
My system:
- Windows 20H2 (Build 19042.789)
- Complete up-to-date
- Latest .Net Framework
- AMD 3950X Processor
- Latest AMD chipset drivers

Can I help you to investigate the problem by sending further information?

Greats

Eric

User avatar
Posts: 1073
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Tue Feb 09, 2021 9:31 am
Hi sepp,

Could you please post a copy of your log after connecting?

Also, please try doing an nslookup against one of your VPN servers directly. You can do this by adding the IP address of the DNS server after the address in your nslookup, e.g.:

nslookup bing.com 1.1.1.1

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

sepp.huber

Posts: 5
Joined: Mon Feb 08, 2021 7:53 pm

Post by sepp.huber » Tue Feb 09, 2021 9:11 pm
Hey Eric,

Thanks for your answer!

One of the servers seem to work fine, the second not. The third and fourth DNS servers are my FritzBox:
Code: Select all
C:\Users\sepp-huber>nslookup bing.com 172.16.30.10
Server:  ******
Address:  172.16.30.10

Nicht autorisierende Antwort:
Name:    bing.com
Addresses:  2620:1ec:c11::200
          204.79.197.200
          13.107.21.200


C:\Users\sepp.huber>nslookup bing.com 192.168.1.80
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.80

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Zeitüberschreitung bei Anforderung an UnKnown.


C:\Users\sepp.huber>nslookup bing.com 192.168.10.1
Server:  fritz.box
Address:  192.168.10.1

Nicht autorisierende Antwort:
Name:    bing.com
Addresses:  2620:1ec:c11::200
          13.107.21.200
          204.79.197.200
Here the log -- I had to hide some information:
Code: Select all
Feb 09 10:30:40 AM: Status auf Verbinde geändert
Feb 09 10:30:40 AM: Viscosity Windows 1.9.1 (1707)
Feb 09 10:30:40 AM: Betriebsystem ist Windows 10 2009 (19042) 64 bit
Feb 09 10:30:40 AM: Betriebsystem ist .NET Framework Version 4.8.04084.528372
Feb 09 10:30:40 AM: Checking reachability status of connection...
Feb 09 10:30:40 AM: Connection is reachable. Starting connection attempt.
Feb 09 10:30:40 AM: Aktivieren des Netzwerkadapters...
Feb 09 10:30:40 AM: OpenVPN 2.4.10 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [AEAD] built on Feb  2 2021
Feb 09 10:30:40 AM: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
Feb 09 10:30:40 AM: Resolving address: "******"
Feb 09 10:30:41 AM: Valid endpoint found: "******:1198:udp
Feb 09 10:30:41 AM: TCP/UDP: Preserving recently used remote address: [AF_INET]*****:1198
Feb 09 10:30:41 AM: UDP link local: (not bound)
Feb 09 10:30:41 AM: UDP link remote: [AF_INET]*****:1198
Feb 09 10:30:41 AM: Status auf Authenticating geändert
Feb 09 10:30:41 AM: [server_ICQVwhxIVgY3WMCY] Peer Connection Initiated with [AF_INET]*****:1198
Feb 09 10:30:41 AM: Status auf Verbinde geändert
Feb 09 10:30:41 AM: Awaiting adapter to come up...
Feb 09 10:30:42 AM: TAP-WIN32 device [*****_vpn-ras11] opened: \\.\Global\{C0DB401C-2E2B-4D0E-A4BE-4CF2D7312C48}.tap, index: 28
Feb 09 10:30:42 AM: Set TAP-Windows TUN subnet mode network/local/netmask = 172.22.0.0/172.22.6.8/255.255.0.0 [SUCCEEDED]
Feb 09 10:30:42 AM: Waiting for DNS Setup to complete...
Feb 09 10:30:42 AM: Successful ARP Flush on interface [28] {C0DB401C-2E2B-4D0E-A4BE-4CF2D7312C48}
Feb 09 10:30:44 AM: Initialization Sequence Completed
Feb 09 10:30:44 AM: DNS ist auf 'Splitten' eingestellt und meldet:
Server - 172.16.30.10:53; Lookup Type - Split; Domains - *****<domain list>*****
Server - 192.168.1.80:53; Lookup Type - Split; Domains - *****<domain list>*****
Server - [fd00::9a9b:cbff:fe97:b3d6]:53; Lookup Type - Any; Domains - fritz.box.
Server - 192.168.10.1:53; Lookup Type - Any; Domains - fritz.box.

Feb 09 10:30:44 AM: Status auf Verbunden geändert
Greats
Sepp

Eric

User avatar
Posts: 1073
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Fri Feb 12, 2021 9:36 am
Hi Sepp,

Can you resolve against the IPv6 DNS server you have listed? If you have a DNS server not responding, this can lead to nslookup timing out, however should not lead to much more than a short delay when using other applications.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

sepp.huber

Posts: 5
Joined: Mon Feb 08, 2021 7:53 pm

Post by sepp.huber » Fri Feb 12, 2021 6:31 pm
Hey Eric,

this request works perfect. I got an instant response:
Code: Select all
nslookup bing.com fd00::9a9b:cbff:fe97:b3d6
Server:  fritz.box
Address:  fd00::9a9b:cbff:fe97:b3d6

Nicht autorisierende Antwort:
Name:    bing.com
Addresses:  2620:1ec:c11::200
          13.107.21.200
          204.79.197.200
But today, everything seems to be a lot faster, like it should be. Yesterday and the days before, I always had to wait for about 2 seconds until a website has loaded in the browser. But I have not changed anything. That is strange...

Greats
Sepp
15 posts Page 1 of 2