DNS Resolver not resolving one specific host

maverickws

Hi there,

I am having an issue where I cannot get DNS Resolver to resolve.

The host I am after is socks.hide.me
If I go on Diagnostics > DNS Lookup
I get

Host "socks.hide.me" could not be resolved.

If I try from the terminal I get an empty answer (from the pfSense box)
However if I query another public resolver like cloudflare, it works fine.

% dig @192.168.150.254 socks.hide.me A +all

; <<>> DiG 9.10.6 <<>> @192.168.150.254 socks.hide.me A +all
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47316
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;socks.hide.me.			IN	A

;; AUTHORITY SECTION:
hide.me.		86205	IN	NS	ns3.hide.me.
hide.me.		86205	IN	NS	ns1.hide.me.
hide.me.		86205	IN	NS	ns4.hide.me.
hide.me.		86205	IN	NS	ns0.hide.me.
hide.me.		86205	IN	NS	ns2.hide.me.

;; ADDITIONAL SECTION:
ns0.hide.me.		7005	IN	A	208.94.148.2
ns1.hide.me.		1605	IN	A	208.80.124.2
ns2.hide.me.		7005	IN	A	208.80.126.2
ns3.hide.me.		7005	IN	A	208.80.125.2
ns4.hide.me.		1605	IN	A	208.80.127.2

;; Query time: 56 msec
;; SERVER: 192.168.150.254#53(192.168.150.254)
;; WHEN: Thu Dec 12 16:55:17 WET 2019
;; MSG SIZE  rcvd: 212

% dig @1.1.1.1 socks.hide.me A +all

; <<>> DiG 9.10.6 <<>> @1.1.1.1 socks.hide.me A +all
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22798
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;socks.hide.me.			IN	A

;; ANSWER SECTION:
socks.hide.me.		10792	IN	A	10.255.255.250

;; Query time: 56 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Dec 12 16:56:47 WET 2019
;; MSG SIZE  rcvd: 58

I don't know if there are any other domains, but so far it looks like all is working fine but this. the www for the domain works perfectly fine.

Thanks

johnpoz

Its resolving to 10.x.x.x address - that is rfc1918 and should not be in public dns in the first place... But no unbound would not resolve that because of rebind protection

https://docs.netgate.com/pfsense/en/latest/dns/dns-rebinding-protections.html

maverickws

Amazing, thanks John.

Actually I did think it was inside 10.xxx /8 but I figured if CloudFlare is passing it maybe it's me.
Cause also when I do +trace to the root-servers directly I end up with an Answer.
I was thinking of adding a simple host override?

Cheers

johnpoz

where is is suppose to point.. is that your host and you set that and you want it to resolve internally?

Using rfc1918 space in public dns is borked! There is zero reason where it would be the correct thing to do..

maverickws

Well, I will open a ticket, I have a paid service with that provider and I do use the socks5 proxy, recently I came across this, there's a couple of applications that are supposed to use it, and I noticed that the machine where the apps were sitting had cloudflare's DNS on the fixed DHCP lease (because of a previous issue a few months back that got sorted but that config went forgotten) and since we removed the CF's DNS from the lease.... and logs started firing it couldn't be resolved.

I completely agree with you regarding rfc1918's use in public space. Let's see what they say about it. Cheers