Blocking certain websites
-
so your still seeing the tonic.to stuff in your trace? Seems like your dns cache has been poisoned maybe?
-
@johnpoz said in Blocking certain websites:
do a dig +trace to ns1.fmlh.edu
LMFAO Here is where the to has been coming from. I've been executing the command "dig +trace to ns1.fmlh.edu"
-
; <<>> DiG 9.12.2-P1 <<>> +trace ns1.fmlh.edu ;; global options: +cmd . 36132 IN NS c.root-servers.net. . 36132 IN NS b.root-servers.net. . 36132 IN NS f.root-servers.net. . 36132 IN NS a.root-servers.net. . 36132 IN NS e.root-servers.net. . 36132 IN NS j.root-servers.net. . 36132 IN NS k.root-servers.net. . 36132 IN NS l.root-servers.net. . 36132 IN NS i.root-servers.net. . 36132 IN NS m.root-servers.net. . 36132 IN NS g.root-servers.net. . 36132 IN NS d.root-servers.net. . 36132 IN NS h.root-servers.net. . 36132 IN RRSIG NS 8 0 518400 20190724170000 20190711160000 59944 . a+EgUadrB/XpFNWGtCe7AO2WtMRJzUg2JYvAQTIDnejIsFidT/1hj5io BfDy7xa9r5JRVUtx5nBpbYs3zuWmOOAc030qR9+zOpB4+Sjb4LSNEQBd E3ejHXys3sUp01qgDsWtRCPYwdeTTzdtCIdxbkKJaZq4xvRLhaKhsCeF UGMTVLGXSMp5r8MIiTSioH6cb4Mz2B0U+nvPLhRmLxHA0ms3HqNKadtc CVqeka4VCWyeXlzr8E/tFN6hC5T7ap5cC33ruD2GHbc5LXzJNFn6qvtF qH8Ijy9VW/CuHxHMaCNP9RyiJi2u9lbeu7yiMqLruCT9QbRMVPvYTfug KdnCgg== ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms edu. 172800 IN NS m.edu-servers.net. edu. 172800 IN NS c.edu-servers.net. edu. 172800 IN NS j.edu-servers.net. edu. 172800 IN NS i.edu-servers.net. edu. 172800 IN NS g.edu-servers.net. edu. 172800 IN NS e.edu-servers.net. edu. 172800 IN NS h.edu-servers.net. edu. 172800 IN NS f.edu-servers.net. edu. 172800 IN NS b.edu-servers.net. edu. 172800 IN NS l.edu-servers.net. edu. 172800 IN NS d.edu-servers.net. edu. 172800 IN NS a.edu-servers.net. edu. 172800 IN NS k.edu-servers.net. edu. 86400 IN DS 28065 8 2 4172496CDE85534E51129040355BD04B1FCFEBAE996DFDDE652006F6 F8B2CE76 edu. 86400 IN RRSIG DS 8 1 86400 20190724170000 20190711160000 59944 . SAAluo+g0osCYJ8tOteLKCYvBLnFsG1VN2wu1bI9mtUCCa7TBNLIwCV+ SheW+ktYulZsHvff6kSLSPX6y3IsiawOToItAOyo6GnokFGPpA99X73u HpXfFSpVDRgTbSRNLH2zneMW3FFvZNHbozfrKjXpa5O3lVaVvUyj5AQ7 AJ1T/LMaiTzwIGXUmZWzT464dU+7g7SQq0oi1Ki1rmk0N6cNPmCnZodF OkoBjyOwEwCfzCJQk+KsNVR+0y/o2xJ1rk/ScpRhAkzUMbK0OkE9reMP JzluFtl0nDIpaex1m8xANnVbiPHiEBl4V6d4yu2Rn2oQgQQ4Wvdk8qWC jT3Awg== ;; Received 1199 bytes from 192.112.36.4#53(g.root-servers.net) in 63 ms fmlh.edu. 172800 IN NS ns1.fmlh.edu. fmlh.edu. 172800 IN NS ns2.fmlh.edu. 9DHS4EP5G85PF9NUFK06HEK0O48QGK77.edu. 86400 IN NSEC3 1 1 0 - 9V5L4LUB1VNJ9EQQLIHEQCBREACL25O0 NS SOA RRSIG DNSKEY NSEC3PARAM 9DHS4EP5G85PF9NUFK06HEK0O48QGK77.edu. 86400 IN RRSIG NSEC3 8 2 86400 20190719013733 20190712002733 1457 edu. VjRMrqqilqb0fOIA/8Yt/0nQ1TRjmli+fbdWMHa10WjUdN48/R/Qigfp 0F5lnGhzWNL4MaWnWSTt3k0Lyv2aRdi25XEwBCzEK0WR1eQ2oL9lbtk5 cH0VUJtvbuj0DPREAd84kFujun/Te6lYRKx0svos0Hjfhv/02iLfWRnB QjY/EZc5BbLUDYcc11/722lQ8OP7ufyHhKi1+kGWR42SXg== LK0ACNHV51OEKKNI23QG9MIREOTG7JT2.edu. 86400 IN NSEC3 1 1 0 - LNS26L2SEVK54IL98C1GQ7SI2TBNTQOK NS DS RRSIG LK0ACNHV51OEKKNI23QG9MIREOTG7JT2.edu. 86400 IN RRSIG NSEC3 8 2 86400 20190719020905 20190712005905 1457 edu. q+hL9XLpzc93v5heZoi0xFdzlz63dsPX3E8ifxitY9A/0tFih1+z6V8D dCh5bNJl/vCTYbHFL3u2x+p1bowanxcY8irOpih5FGTTplJGjfFSM7di cvtp3jF1vg3bPeX+wE1ouNWfX7Ttml6w7xLsU57DGgqLKwNUqsABNHfG gd0PIxqK9XEP+0jO9u92pslWhLjbnjIATxb1T7eD/21ahA== ;; Received 654 bytes from 192.43.172.30#53(i.edu-servers.net) in 60 ms ;; connection timed out; no servers could be reached -
; <<>> DiG 9.12.2-P1 <<>> @g.root-servers.net ns1.fmlh.edu ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2123 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 27 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: bddfbfb9ca229c158e6871bc5d27ff2a4a8399b0a89aa88f (good) ;; QUESTION SECTION: ;ns1.fmlh.edu. IN A ;; AUTHORITY SECTION: edu. 172800 IN NS f.edu-servers.net. edu. 172800 IN NS g.edu-servers.net. edu. 172800 IN NS j.edu-servers.net. edu. 172800 IN NS l.edu-servers.net. edu. 172800 IN NS a.edu-servers.net. edu. 172800 IN NS b.edu-servers.net. edu. 172800 IN NS k.edu-servers.net. edu. 172800 IN NS h.edu-servers.net. edu. 172800 IN NS i.edu-servers.net. edu. 172800 IN NS e.edu-servers.net. edu. 172800 IN NS c.edu-servers.net. edu. 172800 IN NS d.edu-servers.net. edu. 172800 IN NS m.edu-servers.net. ;; ADDITIONAL SECTION: a.edu-servers.net. 172800 IN A 192.5.6.30 b.edu-servers.net. 172800 IN A 192.33.14.30 c.edu-servers.net. 172800 IN A 192.26.92.30 d.edu-servers.net. 172800 IN A 192.31.80.30 e.edu-servers.net. 172800 IN A 192.12.94.30 f.edu-servers.net. 172800 IN A 192.35.51.30 g.edu-servers.net. 172800 IN A 192.42.93.30 h.edu-servers.net. 172800 IN A 192.54.112.30 i.edu-servers.net. 172800 IN A 192.43.172.30 j.edu-servers.net. 172800 IN A 192.48.79.30 k.edu-servers.net. 172800 IN A 192.52.178.30 l.edu-servers.net. 172800 IN A 192.41.162.30 m.edu-servers.net. 172800 IN A 192.55.83.30 a.edu-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 b.edu-servers.net. 172800 IN AAAA 2001:503:231d::2:30 c.edu-servers.net. 172800 IN AAAA 2001:503:83eb::30 d.edu-servers.net. 172800 IN AAAA 2001:500:856e::30 e.edu-servers.net. 172800 IN AAAA 2001:502:1ca1::30 f.edu-servers.net. 172800 IN AAAA 2001:503:d414::30 g.edu-servers.net. 172800 IN AAAA 2001:503:eea3::30 h.edu-servers.net. 172800 IN AAAA 2001:502:8cc::30 i.edu-servers.net. 172800 IN AAAA 2001:503:39c1::30 j.edu-servers.net. 172800 IN AAAA 2001:502:7094::30 k.edu-servers.net. 172800 IN AAAA 2001:503:d2d::30 l.edu-servers.net. 172800 IN AAAA 2001:500:d937::30 m.edu-servers.net. 172800 IN AAAA 2001:501:b1f9::30 ;; Query time: 63 msec ;; SERVER: 192.112.36.4#53(192.112.36.4) ;; WHEN: Thu Jul 11 22:31:54 CDT 2019 ;; MSG SIZE rcvd: 8 -
A simple thing to test : when you shut down your VPN (client) : does the problem persists ?
-
@Gertjan I shutoff the vpn and it works! I set the dns resolver to wan, bring back up the vpn connection and it still works....wth?
-
)
Now I’m trying to post and seeing this lmfao
-
Well once you have the correct ns cached for the domain, you don't have to go ask again.. Which is why I mentioned poisoning..
Also how did you set resolver to only use wan?
Also are you pulling routes from your vpn? This makes your vpn default, even if not policy routed. Did you actually change the resolver to only use wan, or did you set it to all? etc..
Posting a lot of text can sometimes be seen as spam.
-
I went to services, DNS resolver, network interface was already set to ALL. I changed outgoing network interface from PIA_VPN to WAN.
-
@kendalja said in Blocking certain websites:
network interface was already set to ALL
No it wasn't - from your screenshot.
See here
Not talking about the inbound to unbound, only outbound.
I would restart unbound, set it back to the way you had it.. do the trace again - are you seeing those tonic.to in the trace again?
It could of been a red herring with your vpn - and just that you had cache poisoned already.. You need to make sure you flush your unbound cache.. A restart of unbound will do that for you - just need to make sure it actually restarts, etc.
-
Right there is also a section above that and it’s set to all. I now have the outgoing to WAN.
-
Well if everything is working that way - set it back to your vpn path for outgoing, and flush - are you seeing the problem with the tonic.to in the trace? If so something really wrong if your vpn connection!! And they are manipulating your dns queries.
-
Read above on my post about the “to” in my logs lmfao. User error.
-
huh?
Here is where the to has been coming from. I've been executing the command "dig +trace to ns1.fmlh.edu"
tonic.to should be no where in a trace to that..
Nor to your original fqdn..
-
While executing the command I actually typed in “dig +trace to ns1.fmlh.edu” instead of “dig +trace ns1.fmlh.edu”
