Blocking certain websites

kendalja

; <<>> DiG 9.12.2-P1 <<>> @g.root-servers.net ns1.fmlh.edu
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2123
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 27
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: bddfbfb9ca229c158e6871bc5d27ff2a4a8399b0a89aa88f (good)
;; QUESTION SECTION:
;ns1.fmlh.edu.			IN	A

;; AUTHORITY SECTION:
edu.			172800	IN	NS	f.edu-servers.net.
edu.			172800	IN	NS	g.edu-servers.net.
edu.			172800	IN	NS	j.edu-servers.net.
edu.			172800	IN	NS	l.edu-servers.net.
edu.			172800	IN	NS	a.edu-servers.net.
edu.			172800	IN	NS	b.edu-servers.net.
edu.			172800	IN	NS	k.edu-servers.net.
edu.			172800	IN	NS	h.edu-servers.net.
edu.			172800	IN	NS	i.edu-servers.net.
edu.			172800	IN	NS	e.edu-servers.net.
edu.			172800	IN	NS	c.edu-servers.net.
edu.			172800	IN	NS	d.edu-servers.net.
edu.			172800	IN	NS	m.edu-servers.net.

;; ADDITIONAL SECTION:
a.edu-servers.net.	172800	IN	A	192.5.6.30
b.edu-servers.net.	172800	IN	A	192.33.14.30
c.edu-servers.net.	172800	IN	A	192.26.92.30
d.edu-servers.net.	172800	IN	A	192.31.80.30
e.edu-servers.net.	172800	IN	A	192.12.94.30
f.edu-servers.net.	172800	IN	A	192.35.51.30
g.edu-servers.net.	172800	IN	A	192.42.93.30
h.edu-servers.net.	172800	IN	A	192.54.112.30
i.edu-servers.net.	172800	IN	A	192.43.172.30
j.edu-servers.net.	172800	IN	A	192.48.79.30
k.edu-servers.net.	172800	IN	A	192.52.178.30
l.edu-servers.net.	172800	IN	A	192.41.162.30
m.edu-servers.net.	172800	IN	A	192.55.83.30
a.edu-servers.net.	172800	IN	AAAA	2001:503:a83e::2:30
b.edu-servers.net.	172800	IN	AAAA	2001:503:231d::2:30
c.edu-servers.net.	172800	IN	AAAA	2001:503:83eb::30
d.edu-servers.net.	172800	IN	AAAA	2001:500:856e::30
e.edu-servers.net.	172800	IN	AAAA	2001:502:1ca1::30
f.edu-servers.net.	172800	IN	AAAA	2001:503:d414::30
g.edu-servers.net.	172800	IN	AAAA	2001:503:eea3::30
h.edu-servers.net.	172800	IN	AAAA	2001:502:8cc::30
i.edu-servers.net.	172800	IN	AAAA	2001:503:39c1::30
j.edu-servers.net.	172800	IN	AAAA	2001:502:7094::30
k.edu-servers.net.	172800	IN	AAAA	2001:503:d2d::30
l.edu-servers.net.	172800	IN	AAAA	2001:500:d937::30
m.edu-servers.net.	172800	IN	AAAA	2001:501:b1f9::30

;; Query time: 63 msec
;; SERVER: 192.112.36.4#53(192.112.36.4)
;; WHEN: Thu Jul 11 22:31:54 CDT 2019
;; MSG SIZE  rcvd: 8

Gertjan

A simple thing to test : when you shut down your VPN (client) : does the problem persists ?

kendalja

@Gertjan I shutoff the vpn and it works! I set the dns resolver to wan, bring back up the vpn connection and it still works....wth?

kendalja

)

Now I’m trying to post and seeing this lmfao

johnpoz

Well once you have the correct ns cached for the domain, you don't have to go ask again.. Which is why I mentioned poisoning..

Also how did you set resolver to only use wan?

Also are you pulling routes from your vpn? This makes your vpn default, even if not policy routed. Did you actually change the resolver to only use wan, or did you set it to all? etc..

Posting a lot of text can sometimes be seen as spam.

kendalja

@johnpoz

I went to services, DNS resolver, network interface was already set to ALL. I changed outgoing network interface from PIA_VPN to WAN.

johnpoz

@kendalja said in Blocking certain websites:

network interface was already set to ALL

No it wasn't - from your screenshot.

See here

Not talking about the inbound to unbound, only outbound.

I would restart unbound, set it back to the way you had it.. do the trace again - are you seeing those tonic.to in the trace again?

It could of been a red herring with your vpn - and just that you had cache poisoned already.. You need to make sure you flush your unbound cache.. A restart of unbound will do that for you - just need to make sure it actually restarts, etc.

kendalja

@johnpoz

Right there is also a section above that and it’s set to all. I now have the outgoing to WAN.

johnpoz

Well if everything is working that way - set it back to your vpn path for outgoing, and flush - are you seeing the problem with the tonic.to in the trace? If so something really wrong if your vpn connection!! And they are manipulating your dns queries.

kendalja

@johnpoz

Read above on my post about the “to” in my logs lmfao. User error.

johnpoz

huh?

Here is where the to has been coming from. I've been executing the command "dig +trace to ns1.fmlh.edu"

tonic.to should be no where in a trace to that..

Nor to your original fqdn..

kendalja

@johnpoz

While executing the command I actually typed in “dig +trace to ns1.fmlh.edu” instead of “dig +trace ns1.fmlh.edu”