Page 1 of 1

DNS lookups to unreachable servers

Posted: Sun Apr 18, 2021 3:26 am
by dsm
I am having a problem with long DNS lookups when connected to VPN and using the Viscosity DNS system.

It appears that the problem is that Viscosity is trying to first lookup to the DNS server for the connection which the default route is not pointing to, and that server being unreachable since it is a private address.

The machine is running Windows 10 version 20H2 (on Arm) with Viscosity 1.9.3 beta 4.

This is what the two NIC configurations look like:
Code: Select all
Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm(R) Wi-Fi B/G/N/AC (2x2) Svc
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6c1f:c7e3:a6c6:6955%23(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.231.236(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.192
   Lease Obtained. . . . . . . . . . : Saturday, April 17, 2021 12:48:14 PM
   Lease Expires . . . . . . . . . . : Saturday, April 17, 2021 3:49:42 PM
   Default Gateway . . . . . . . . . : 192.168.231.193
   DHCP Server . . . . . . . . . . . : 192.168.231.193
   DHCPv6 IAID . . . . . . . . . . . : 164893091
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-A3-30-6F-D4-11-A3-A7-28-2D
   DNS Servers . . . . . . . . . . . : 192.168.231.193
   NetBIOS over Tcpip. . . . . . . . : Enabled

Mobile Broadband adapter Cellular:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Mobile Broadband Device
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2600:380:bc33:628e:2493:e55d:c635:3695(Preferred)
   Temporary IPv6 Address. . . . . . : 2600:380:bc33:628e:b974:36a9:1e89:7365(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2493:e55d:c635:3695%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.23.190.157(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . : fe80::3516:81c1:7ade:4bf%12
                                       10.23.190.158
   DHCP Server . . . . . . . . . . . : 10.23.190.158
   DNS Servers . . . . . . . . . . . : fc00:a:a::300
                                       172.26.38.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
While both adapters are up, the second one is not actually used because of the default route preference (it is a cellular adapter that is not preferred since there is an active WiFi connection):
Code: Select all
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    10.23.190.158    10.23.190.157    311
          0.0.0.0          0.0.0.0  192.168.231.193  192.168.231.236     35
The 172.26.38.1 DNS server configured by DHCP on this adapter is therefore not reachable, since routing is through WiFi and it's a private address not reachable through the WiFi connection. But it seems like Viscosity is trying this server first as DNS lookups are slow and need to be retried multiple times:
Code: Select all
C:\Users\david>nslookup viscosity.com
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e56

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
Name:    viscosity.com
Addresses:  2606:4700:3032::ac43:b7d6
          2606:4700:3030::6815:2415
          172.67.183.214
          104.21.36.21
The workaround I am using is to disable the cellular adapter when not needed, but this doesn't take advantage of the machine's ability to switch back and forth between connections automatically as needed.

Is it possible to cause Viscosity to not query DNS servers whose routes are not pointing through the adapter they are configured on? Or to order the DNS servers it tries based on weights of the corresponding routes in the routing table? I am guessing they are currently queried sorted by IP (since 172.26.38.1 is less than 192.168.231.193)?

David

Re: DNS lookups to unreachable servers

Posted: Mon Apr 19, 2021 11:18 am
by Eric
Hi David,

This is a tricky one. In the vast majority of situations, users with a private DNS server would have a matching route setup for them. You're in an even more rare situation as you effectively have an active network that can route traffic, but you don't want to use it. Your DNS servers should be used in order of adapter metric, however this isn't faultless.

Could you also post a copy of the DNS output from your log? We'd be interested to know how your DNS is setup for testing - https://sparklabs.com/support/kb/articl ... envpn-log/

We'll run up a network similar to yours in our lab and see if there's anything we can do to improve the way Viscosity is selecting DNS servers.

Regards,
Eric

Re: DNS lookups to unreachable servers

Posted: Mon Apr 19, 2021 6:12 pm
by Eric
Hi David,

Just to follow up, we've found a method to hopefully more reliably pull the DNS servers in their interface metric order. We were previously doing this, however the method we were using has been marked unreliable in Windows 10 and Microsoft hasn't provided a direct replacement.

Please give 1.9.3 Beta 5 a go and let us know how you get on.

Regards,
Eric

Re: DNS lookups to unreachable servers

Posted: Fri Apr 23, 2021 2:35 am
by dsm
Hi Eric,

Thank you. The client offered to install beta 7 today so I tried that and I am still seeing the same effect.

Here is the DNS info from the log that you requested:
Code: Select all
Apr 22 12:16:38 PM: DNS set to Split, report follows:
Server - 192.168.1.13:53; Lookup Type - Split; Domains - zzz.local.
Server - 192.168.1.14:53; Lookup Type - Split; Domains - zzz.local.
Server - 192.168.231.193:53; Lookup Type - Any; Domains - None
Server - [fc00:a:a::300]:53; Lookup Type - Any; Domains - None
Server - 172.26.38.1:53; Lookup Type - Any; Domains - None
The 192.168.1.193 DNS server is from Wifi, IPv6 one and 172.26.38.1 are from cellular. When both NICs are connected, 172.26.38.1 is the one that's not reachable and that I suspect Viscosity is trying first. I can reach the IPv6 one since there is no IPv6 on the Wifi interface.

David

Re: DNS lookups to unreachable servers

Posted: Mon Apr 26, 2021 9:37 am
by Eric
Hi David,

Could you please try the following nslookups and post the result. Please note that some have a full stop/period at the end of the name and it's important it's included/excluded where shown.

nslookup www.sparklabs.com
nslookup www.sparklabs.com.
nslookup www.sparklabs.com 192.168.231.193
nslookup www.sparklabs.com. 192.168.231.193
nslookup www.sparklabs.com 172.26.38.1
nslookup www.sparklabs.com. 172.26.38.1

Regards,
Eric

Re: DNS lookups to unreachable servers

Posted: Wed Apr 28, 2021 2:14 am
by dsm
Hi Eric,

Sure, here you go.
Code: Select all
C:\Users\david>nslookup www.sparklabs.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e56

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
Name:    www.sparklabs.com
Addresses:  2606:4700:20::681a:1b2
          2606:4700:20::681a:b2
          2606:4700:20::ac43:4885
          172.67.72.133
          104.26.1.178
          104.26.0.178


C:\Users\david>nslookup www.sparklabs.com.
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e56

Non-authoritative answer:
Name:    www.sparklabs.com
Addresses:  2606:4700:20::ac43:4885
          2606:4700:20::681a:1b2
          2606:4700:20::681a:b2
          104.26.0.178
          172.67.72.133
          104.26.1.178


C:\Users\david>nslookup www.sparklabs.com 192.168.231.193
Server:  UnKnown
Address:  192.168.231.193

Non-authoritative answer:
Name:    www.sparklabs.com
Addresses:  2606:4700:20::681a:b2
          2606:4700:20::ac43:4885
          2606:4700:20::681a:1b2
          104.26.1.178
          104.26.0.178
          172.67.72.133


C:\Users\david>nslookup www.sparklabs.com. 192.168.231.193
Server:  UnKnown
Address:  192.168.231.193

Non-authoritative answer:
Name:    www.sparklabs.com
Addresses:  2606:4700:20::681a:1b2
          2606:4700:20::681a:b2
          2606:4700:20::ac43:4885
          172.67.72.133
          104.26.1.178
          104.26.0.178


C:\Users\david>nslookup www.sparklabs.com 172.26.38.1
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  172.26.38.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

C:\Users\david>nslookup www.sparklabs.com. 172.26.38.1
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  172.26.38.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out
Seeing the results of the above, I thought this might also be useful to include:
Code: Select all
C:\Users\david>nslookup
Default Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e56

> set d2
> www.sparklabs.com
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e56

------------
SendRequest(), len 48
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com.madole.local, type = A, class = IN

------------
DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 48
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com.madole.local, type = AAAA, class = IN

------------
DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 35
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = A, class = IN

------------
------------
Got answer (83 bytes):
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = A, class = IN
    ANSWERS:
    ->  www.sparklabs.com
        type = A, class = IN, dlen = 4
        internet address = 104.26.1.178
        ttl = 47 (47 secs)
    ->  www.sparklabs.com
        type = A, class = IN, dlen = 4
        internet address = 104.26.0.178
        ttl = 47 (47 secs)
    ->  www.sparklabs.com
        type = A, class = IN, dlen = 4
        internet address = 172.67.72.133
        ttl = 47 (47 secs)

------------
Non-authoritative answer:
------------
SendRequest(), len 35
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = AAAA, class = IN

------------
------------
Got answer (119 bytes):
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = AAAA, class = IN
    ANSWERS:
    ->  www.sparklabs.com
        type = AAAA, class = IN, dlen = 16
        AAAA IPv6 address = 2606:4700:20::681a:1b2
        ttl = 47 (47 secs)
    ->  www.sparklabs.com
        type = AAAA, class = IN, dlen = 16
        AAAA IPv6 address = 2606:4700:20::681a:b2
        ttl = 47 (47 secs)
    ->  www.sparklabs.com
        type = AAAA, class = IN, dlen = 16
        AAAA IPv6 address = 2606:4700:20::ac43:4885
        ttl = 47 (47 secs)

------------
Name:    www.sparklabs.com
Addresses:  2606:4700:20::681a:1b2
          2606:4700:20::681a:b2
          2606:4700:20::ac43:4885
          104.26.1.178
          104.26.0.178
          172.67.72.133

> www.sparklabs.com.
Server:  Viscosity
Address:  fd53:7061:726b:4c61:6273:5669:7344:4e56

------------
SendRequest(), len 35
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = A, class = IN

------------
------------
Got answer (83 bytes):
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = A, class = IN
    ANSWERS:
    ->  www.sparklabs.com
        type = A, class = IN, dlen = 4
        internet address = 172.67.72.133
        ttl = 41 (41 secs)
    ->  www.sparklabs.com
        type = A, class = IN, dlen = 4
        internet address = 104.26.1.178
        ttl = 41 (41 secs)
    ->  www.sparklabs.com
        type = A, class = IN, dlen = 4
        internet address = 104.26.0.178
        ttl = 41 (41 secs)

------------
Non-authoritative answer:
------------
SendRequest(), len 35
    HEADER:
        opcode = QUERY, id = 7, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = AAAA, class = IN

------------
------------
Got answer (119 bytes):
    HEADER:
        opcode = QUERY, id = 7, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = AAAA, class = IN
    ANSWERS:
    ->  www.sparklabs.com
        type = AAAA, class = IN, dlen = 16
        AAAA IPv6 address = 2606:4700:20::ac43:4885
        ttl = 41 (41 secs)
    ->  www.sparklabs.com
        type = AAAA, class = IN, dlen = 16
        AAAA IPv6 address = 2606:4700:20::681a:1b2
        ttl = 41 (41 secs)
    ->  www.sparklabs.com
        type = AAAA, class = IN, dlen = 16
        AAAA IPv6 address = 2606:4700:20::681a:b2
        ttl = 41 (41 secs)

------------
Name:    www.sparklabs.com
Addresses:  2606:4700:20::ac43:4885
          2606:4700:20::681a:1b2
          2606:4700:20::681a:b2
          172.67.72.133
          104.26.1.178
          104.26.0.178
And this:
Code: Select all
C:\Users\david>nslookup - 192.168.231.193
Default Server:  UnKnown
Address:  192.168.231.193

> set d2
> www.sparklabs.com
Server:  UnKnown
Address:  192.168.231.193

------------
SendRequest(), len 48
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com.madole.local, type = A, class = IN

------------
------------
Got answer (48 bytes):
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com.madole.local, type = A, class = IN

------------
------------
SendRequest(), len 48
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com.madole.local, type = AAAA, class = IN

------------
------------
Got answer (48 bytes):
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com.madole.local, type = AAAA, class = IN

------------
------------
SendRequest(), len 35
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = A, class = IN

------------
------------
Got answer (83 bytes):
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = A, class = IN
    ANSWERS:
    ->  www.sparklabs.com
        type = A, class = IN, dlen = 4
        internet address = 104.26.0.178
        ttl = 230 (3 mins 50 secs)
    ->  www.sparklabs.com
        type = A, class = IN, dlen = 4
        internet address = 172.67.72.133
        ttl = 230 (3 mins 50 secs)
    ->  www.sparklabs.com
        type = A, class = IN, dlen = 4
        internet address = 104.26.1.178
        ttl = 230 (3 mins 50 secs)

------------
Non-authoritative answer:
------------
SendRequest(), len 35
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = AAAA, class = IN

------------
------------
Got answer (119 bytes):
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = AAAA, class = IN
    ANSWERS:
    ->  www.sparklabs.com
        type = AAAA, class = IN, dlen = 16
        AAAA IPv6 address = 2606:4700:20::ac43:4885
        ttl = 230 (3 mins 50 secs)
    ->  www.sparklabs.com
        type = AAAA, class = IN, dlen = 16
        AAAA IPv6 address = 2606:4700:20::681a:1b2
        ttl = 230 (3 mins 50 secs)
    ->  www.sparklabs.com
        type = AAAA, class = IN, dlen = 16
        AAAA IPv6 address = 2606:4700:20::681a:b2
        ttl = 230 (3 mins 50 secs)

------------
Name:    www.sparklabs.com
Addresses:  2606:4700:20::ac43:4885
          2606:4700:20::681a:1b2
          2606:4700:20::681a:b2
          104.26.0.178
          172.67.72.133
          104.26.1.178
Thanks,
David

Re: DNS lookups to unreachable servers

Posted: Wed Apr 28, 2021 9:37 am
by Eric
Hi David,

What is happening is when you don't full qualify a domain with nslookup (the . at the end specifies the domain is qualified and not to suffix it), nslookup will try all available suffixes first as you are seeing in your extra outputs. This means the lookup is correctly going to your split DNS server first with the domain www.sparklabs.com.madole.local, which nslookup will eventually give up on and resolve www.sparklabs.com instead.

As you will notice when you do full qualified lookup, the return doesn't timeout. This tells us, with your cellular DNS timing out completely, that Viscosity is correctly not using your cellular DNS. It does tell us though that your VPN DNS server may not be correctly replying with an NXDOMAIN as it does take longer to give up than expected.

While this is nslookup's default behaviour, it is a pretty outdated tool and not good for performance testing. Applications like web browsers should not be doing suffixing first like nslookup, so if you are seeing slowness in these applications it shouldn't be related to DNS.

Regards,
Eric

Re: DNS lookups to unreachable servers

Posted: Wed Apr 28, 2021 3:09 pm
by dsm
Eric,

Thanks for the reply but that explanation doesn't make sense.
This means the lookup is correctly going to your split DNS server first with the domain www.sparklabs.com.madole.local, which nslookup will eventually give up on and resolve www.sparklabs.com instead.
It does tell us though that your VPN DNS server may not be correctly replying with an NXDOMAIN as it does take longer to give up than expected.
Except that madole.local is not the domain configured on the VPN split DNS, it is the domain on my local Wifi interface. So why would Viscosity sent that query to the split DNS server?

Also, the timeouts still happen on VPN connections that don't even have DNS servers and split DNS configured.

And, the timeouts stop when I disable the cellular modem. Why would that change the behavior of a VPN DNS server?

Lastly, on the one I was using that does have split DNS, I can do an nslookup against it without the terminating dot and there are no timeouts, it returns nearly instantly, so even though it shouldn't be getting used by Viscosity, it does return NXDOMAIN and not timeout when given madole.local names, here is an example:
Code: Select all
C:\Users\david>nslookup - 192.168.1.14
Default Server:  sv26.zzzz.local
Address:  192.168.1.14

> set d2
> www.sparklabs.com
Server:  sv26.zzzz.local
Address:  192.168.1.14

------------
SendRequest(), len 48
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com.madole.local, type = A, class = IN

------------
------------
Got answer (123 bytes):
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.sparklabs.com.madole.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  (root)
        type = SOA, class = IN, dlen = 64
        ttl = 803 (13 mins 23 secs)
        primary name server = a.root-servers.net
        responsible mail addr = nstld.verisign-grs.com
        serial  = 2021042702
        refresh = 1800 (30 mins)
        retry   = 900 (15 mins)
        expire  = 604800 (7 days)
        default TTL = 86400 (1 day)

------------
------------
SendRequest(), len 48
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com.madole.local, type = AAAA, class = IN

------------
------------
Got answer (123 bytes):
    HEADER:
        opcode = QUERY, id = 5, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.sparklabs.com.madole.local, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  (root)
        type = SOA, class = IN, dlen = 64
        ttl = 803 (13 mins 23 secs)
        primary name server = a.root-servers.net
        responsible mail addr = nstld.verisign-grs.com
        serial  = 2021042702
        refresh = 1800 (30 mins)
        retry   = 900 (15 mins)
        expire  = 604800 (7 days)
        default TTL = 86400 (1 day)

------------
------------
SendRequest(), len 35
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = A, class = IN

------------
------------
Got answer (83 bytes):
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = A, class = IN
    ANSWERS:
    ->  www.sparklabs.com
        type = A, class = IN, dlen = 4
        internet address = 104.26.1.178
        ttl = 203 (3 mins 23 secs)
    ->  www.sparklabs.com
        type = A, class = IN, dlen = 4
        internet address = 104.26.0.178
        ttl = 203 (3 mins 23 secs)
    ->  www.sparklabs.com
        type = A, class = IN, dlen = 4
        internet address = 172.67.72.133
        ttl = 203 (3 mins 23 secs)

------------
Non-authoritative answer:
------------
SendRequest(), len 35
    HEADER:
        opcode = QUERY, id = 7, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = AAAA, class = IN

------------
------------
Got answer (119 bytes):
    HEADER:
        opcode = QUERY, id = 7, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 3,  authority records = 0,  additional = 0

    QUESTIONS:
        www.sparklabs.com, type = AAAA, class = IN
    ANSWERS:
    ->  www.sparklabs.com
        type = AAAA, class = IN, dlen = 16
        AAAA IPv6 address = 2606:4700:20::681a:1b2
        ttl = 203 (3 mins 23 secs)
    ->  www.sparklabs.com
        type = AAAA, class = IN, dlen = 16
        AAAA IPv6 address = 2606:4700:20::681a:b2
        ttl = 203 (3 mins 23 secs)
    ->  www.sparklabs.com
        type = AAAA, class = IN, dlen = 16
        AAAA IPv6 address = 2606:4700:20::ac43:4885
        ttl = 203 (3 mins 23 secs)

------------
Name:    www.sparklabs.com
Addresses:  2606:4700:20::681a:1b2
          2606:4700:20::681a:b2
          2606:4700:20::ac43:4885
          104.26.1.178
          104.26.0.178
          172.67.72.133
David

Re: DNS lookups to unreachable servers

Posted: Wed Apr 28, 2021 6:44 pm
by Eric
Hi David,

Please note using .local domains is not recommended and could be causing issues - https://www.sparklabs.com/support/kb/ar ... ed-domains

Does the issue persist if you use Full DNS?

Regards,
Eric

Re: DNS lookups to unreachable servers

Posted: Thu Apr 29, 2021 3:15 am
by dsm
Yes, full mode works fine. The DNS lookups go to the VPN server with no timeouts even on non-fully qualified names.

Maybe that's my best solution. It's slightly sub-optimal because sometimes I connect to different VPNs simultaneously that have different split domains but that's more of a convenience thing than a strict necessity.

There are no Apple devices in these environments and the .local names long predate Bonjour.

David