DNS not being set correctly

Home Forums Discussions Support DNS not being set correctly

Tagged: ,

Viewing 15 posts - 1 through 15 (of 21 total)
  • Author
    Posts
  • #13648
    AlexDicy
    Participant

      Hello, I have an issue with DNS using the latest version of WireSock (1.2.37.1):

      DNS requests are incredibly slow, and nslookup fails.

      Without VPN:

      PS C:\Users\Alex> nslookup google.com
      Server: fritz.box
      Address: fd00::###
      
      Non-authoritative answer:
      Name: google.com
      Addresses: 2a00:1450:4002:403::200e
      142.250.180.174
      

      With WireGuard official client:

      PS C:\Users\Alex> nslookup google.com
      Server: dns9.quad9.net
      Address: 9.9.9.9
      
      Non-authoritative answer:
      Name: google.com
      Addresses: 2a00:1450:4002:416::200e
      142.251.209.46
      

      With WireSock:

      PS C:\Users\Alex> nslookup google.com
      DNS request timed out.
      timeout was 2 seconds.
      Server: UnKnown
      Address: fd00::####
      
      DNS request timed out.
      timeout was 2 seconds.
      DNS request timed out.
      timeout was 2 seconds.
      DNS request timed out.
      timeout was 2 seconds.
      DNS request timed out.
      timeout was 2 seconds.
      *** Request to UnKnown timed-out
      

      Configuration:

      [Interface]
      PrivateKey = ###
      Address = 10.128.0.7/32
      DNS = 9.9.9.9, 1.1.1.1, 1.0.0.1
      
      [Peer]
      PublicKey = ###
      Endpoint = 1xx.xxx.xxx.xxx:443
      PersistentKeepalive = 15
      AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/0
      
      DisallowedApps = C:\Program Files\Google\Chrome\Application\chrome.exe
      

      Hope you can help with this issue, thanks!

      • This topic was modified 5 months, 3 weeks ago by AlexDicy. Reason: removed whitespace
      #13650
      AlexDicy
      Participant

        Log level: all

        Cannot submit because of CleanTalk anti-spam. Link: https://pastebin.com/QcXg2jsw

        #13651
        Vadim Smirnov
        Keymaster

          In your nslookup output, you have an IPv6 address for the DNS server. In transparent mode, WireSock translates addresses in DNS requests, but it can only replace IPv6 with IPv6 and IPv4 with IPv4. Since your configuration lacks an IPv6 DNS server, nslookup requests to fd00::#### fail. Please consider using WireSock in virtual adapter mode. In this mode, WireSock adds DNS addresses to the virtual network adapter, similar to the standard WireGuard for Windows.

          In the log DNS queries from Chrome do not seem to have any problems:

          2024-05-15 15:56:48 [FILTER]: C:\Program Files\Google\Chrome\Application\chrome.exe : DNS : 10.0.8.71:61254 -> 9.9.9.9[10.0.0.1]:53
          2024-05-15 15:56:48 [TUN]: DNS request to 10.0.0.1 forwarded to 1.0.0.1
          2024-05-15 15:56:48 [TUN]: DNS response from 1.0.0.1 translated as from 10.0.0.1
          2024-05-15 15:56:48 [TUN]: DNS response from 1.0.0.1 translated as from 10.0.0.1
          2024-05-15 15:56:48 [TUN]: DNS response from 1.0.0.1 translated as from 10.0.0.1
          #13652
          Vadim Smirnov
          Keymaster
            #13653
            AlexDicy
            Participant

              Thanks for your answer. What’s new/different on the version you’ve linked? I tried it without changing anything and the issue persists. I will try the adapter mode later

              #13654
              AlexDicy
              Participant

                Please disregard the “DisallowedApps […] chrome.exe” because the config used for the logs did not include that line.

                #13655
                AlexDicy
                Participant

                  The option -lac is working fine, is there any way to run it without admin privileges?

                  #13656
                  Vadim Smirnov
                  Keymaster

                    Configuring a virtual network interface requires elevated privileges; therefore, the answer is no. Transparent mode can be used without these privileges, but as you’ve observed, it may cause some issues. If you can replicate the problem and capture the traffic (log and pcap files) using the “log-level all” option, I can try to diagnose and fix the issue.

                    #13657
                    AlexDicy
                    Participant

                      These are the pcap and other files linked with the log posted in this thread: https://drive.google.com/drive/folders/1JIGSdrMuNDUMadzJEA9gyKxo21iAUIcx?usp=sharing Thank you

                      #13658
                      Vadim Smirnov
                      Keymaster

                        Thank you for sharing the logs. While I don’t see any obvious problems in the DNS traffic, could you please remove the alternative DNS servers from the configuration, leaving only a single one, such as DNS = 1.1.1.1, and check if the problem persists? The issue might be that DNS queries are being redirected to alternative DNS servers using a round-robin algorithm. For example, three DNS queries originally destined for 10.0.0.1 are redirected as follows:

                        10.128.0.7 9.9.9.9 DNS 78 Standard query 0x1cc5 AAAA gateway.discord.gg
                        10.128.0.7 1.1.1.1 DNS 78 Standard query 0x94d7 A gateway.discord.gg
                        10.128.0.7 1.0.0.1 DNS 78 Standard query 0x5ceb HTTPS gateway.discord.gg

                        While all requests are properly responded to by the requested DNS servers, I suspect there might be some sort of collision with CDN-based services.

                        #13669
                        AlexDicy
                        Participant

                          Hello Vadim, I think the anti-spam is deleting hiding all my new posts

                          #13672
                          Vadim Smirnov
                          Keymaster

                            Hello Alex,

                            I have added an exception to CleanTalk anti-spam, hopefully you won’t run into this again.

                            #13674
                            AlexDicy
                            Participant

                              Thank you, unfortunately, if I post my messages are still hidden. Use the previous google drive link to find the new logs and related files. Apparently, I cannot link anything else or it gets deleted/hidden.

                              #13694
                              AlexDicy
                              Participant

                                Hello Vadim, do you have any update on this?

                                #13695
                                Vadim Smirnov
                                Keymaster

                                  I apologize for the delay; I’ve been quite overloaded these past few weeks. Could you please provide a detailed description of the issue? In the logs I previously reviewed, I did not notice any problems. However, I suspect that sending DNS queries to different DNS servers could cause issues with CDN-based services. I need a detailed description, preferably with screenshots or a video recording of the problem, as well as the WireSock textual log and PCAP files. This will allow me to conduct a thorough analysis.

                                Viewing 15 posts - 1 through 15 (of 21 total)
                                • You must be logged in to reply to this topic.