alfabank.ru

[vehlwn]

Platform

Linux

Protocol

DNS-over-TLS

Do you use AdGuard app?

No I don't

Your configuration

No response

Traceroute to AdGuard DNS

$ traceroute -I 2a10:50c0::ad1:ff
traceroute to 2a10:50c0::ad1:ff (2a10:50c0::ad1:ff), 30 hops max, 80 byte packets
 1  _gateway (2a0c:16c0:505::1)  4.672 ms  4.525 ms  4.516 ms
 2  2a0c:16c1::1 (2a0c:16c1::1)  0.359 ms  0.356 ms  0.354 ms
 3  ae15.RT.RTC.RIX.LV.retn.net (2a02:2d8:1:5001:232a::)  0.642 ms  0.639 ms  0.689 ms
 4  * * *
 5  GW-LibertyGlobal.retn.net (2a02:2d8:0:3805:232a::1)  26.575 ms * *
 6  * * *
 7  2001:730:2207:42::d52e:c022 (2001:730:2207:42::d52e:c022)  26.775 ms * *
 8  * * *
 9  * * dns.adguard.com (2a10:50c0::ad1:ff)  26.790 ms

$ traceroute -I 94.140.14.14
traceroute to 94.140.14.14 (94.140.14.14), 30 hops max, 60 byte packets
 1  * * *
 2  172.31.51.1 (172.31.51.1)  0.354 ms  0.880 ms  0.877 ms
 3  ae15.rt.rtc.rix.lv.retn.net (87.245.227.86)  1.584 ms  1.582 ms  1.599 ms
 4  ae18-2.rt.tc2.ams.nl.retn.net (87.245.232.122)  26.256 ms * *
 5  * * *
 6  * * *
 7  nl-ams14a-ri1-ae-5-0.aorta.net (84.116.135.34)  27.130 ms * *
 8  d192034.upc-d.chello.nl (213.46.192.34)  30.369 ms * *
 9  vl224.ams-eq6-dist-2.cdn77.com (185.229.188.215)  29.259 ms * *
10  dns.adguard.com (94.140.14.14)  30.639 ms * *

Issue Details

(Related to https://github.com/AdguardTeam/AdguardFilters/issues/182292)

Adguard DNS server frequently (around 5/10 times) returns SERVFAIL for alfabank.ru and its subdomains (alfa-mobile.alfabank.ru, click.alfabank.ru etc) which are required for the Alfabank mobile app. The issue occurs on IPv4, IPv6, DoT, plain UDP, filtered, unfiltered servers when requesting from my VPS. When I request these domains from my home internet it all works fine.

Expected Behavior

Previously alfabank.ru domains worked fine. They didn't fail that much either from VPS or home network.

Actual Behavior

$ dig @dns.adguard-dns.com +tls alfa-mobile.alfabank.ru

; <<>> DiG 9.20.0 <<>> @dns.adguard-dns.com +tls alfa-mobile.alfabank.ru
; (4 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55564
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 0
;; QUESTION SECTION:
;alfa-mobile.alfabank.ru.       IN      A

;; Query time: 30 msec
;; SERVER: 2a10:50c0::ad2:ff#853(dns.adguard-dns.com) (TLS)
;; WHEN: Wed Sep 04 09:05:49 +04 2024
;; MSG SIZE  rcvd: 52

$ dig @dns.adguard-dns.com alfa-mobile.alfabank.ru

; <<>> DiG 9.20.0 <<>> @dns.adguard-dns.com alfa-mobile.alfabank.ru
; (4 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63332
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 0
;; QUESTION SECTION:
;alfa-mobile.alfabank.ru.       IN      A

;; Query time: 26 msec
;; SERVER: 2a10:50c0::ad1:ff#53(dns.adguard-dns.com) (UDP)
;; WHEN: Wed Sep 04 09:05:43 +04 2024
;; MSG SIZE  rcvd: 52

$ dig @dns.adguard-dns.com +tls -4 alfa-mobile.alfabank.ru

; <<>> DiG 9.20.0 <<>> @dns.adguard-dns.com +tls -4 alfa-mobile.alfabank.ru
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3782
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 0
;; QUESTION SECTION:
;alfa-mobile.alfabank.ru.       IN      A

;; Query time: 33 msec
;; SERVER: 94.140.14.14#853(dns.adguard-dns.com) (TLS)
;; WHEN: Wed Sep 04 09:01:36 +04 2024
;; MSG SIZE  rcvd: 52

Screenshots

No response

Additional Information

No response

[ameshkov]

Their nameservers seem to be preventing DNS queries from outside Russia.

We'll contact them about it. Meanwhile, we'll use a temporary solution to make it work now.