Closed onlineapps-cloud closed 5 months ago
Thanks for the post. The App Store is working well as expected. Its just a local issue that the domain name is not resolving.
Use the DNS Client tab on the admin web panel to check go.technitium.com
domain and see if it resolves or are there any extended DNS errors reported. Post any error you see in there.
The website go.technitium.com
is a redirection service and it will give 404 when you visit it without any parameters. It works on both HTTP & HTTPS.
hi, DNS client results:
{
"Metadata": {
"NameServer": "technitiumdns (127.0.0.1)",
"Protocol": "Udp",
"DatagramSize": "109 bytes",
"RoundTripTime": "23.44 ms"
},
"EDNS": {
"UdpPayloadSize": 1232,
"ExtendedRCODE": "ServerFailure",
"Version": 0,
"Flags": "None",
"Options": [
{
"Code": "EXTENDED_DNS_ERROR",
"Length": "53 bytes",
"Data": {
"InfoCode": "NSECMissing",
"ExtraText": "Missing non-existence proof (No Data) for com. A IN"
}
},
{
"Code": "EXTENDED_DNS_ERROR",
"Length": "2 bytes",
"Data": {
"InfoCode": "CachedError",
"ExtraText": null
}
}
]
},
"DnsClientExtendedErrors": [
{
"InfoCode": "NetworkError",
"ExtraText": "technitiumdns (127.0.0.1) returned RCODE=ServerFailure for go.technitium.com. A IN"
}
],
"Identifier": 10967,
"IsResponse": true,
"OPCODE": "StandardQuery",
"AuthoritativeAnswer": false,
"Truncation": false,
"RecursionDesired": true,
"RecursionAvailable": true,
"Z": 0,
"AuthenticData": false,
"CheckingDisabled": true,
"RCODE": "ServerFailure",
"QDCOUNT": 1,
"ANCOUNT": 0,
"NSCOUNT": 0,
"ARCOUNT": 1,
"Question": [
{
"Name": "go.technitium.com",
"Type": "A",
"Class": "IN"
}
],
"Answer": [],
"Authority": [],
"Additional": [
{
"Name": "",
"Type": "OPT",
"Class": "1232",
"TTL": "0 (0 sec)",
"RDLENGTH": "63 bytes",
"RDATA": {
"Options": [
{
"Code": "EXTENDED_DNS_ERROR",
"Length": "53 bytes",
"Data": {
"InfoCode": "NSECMissing",
"ExtraText": "Missing non-existence proof (No Data) for com. A IN"
}
},
{
"Code": "EXTENDED_DNS_ERROR",
"Length": "2 bytes",
"Data": {
"InfoCode": "CachedError",
"ExtraText": null
}
}
]
},
"DnssecStatus": "Disabled"
}
]
}
i intstaled Technitium using this script: https://github.com/tteck/Proxmox/raw/main/ct/technitiumdns.sh
problem is in LXC container, i tried from console to ping any server, but no results, most like that this issue is not caused by your software.
Thanks for the details. The domain name is failing to resolve due to DNSSEC validation failures.
"Data": {
"InfoCode": "NSECMissing",
"ExtraText": "Missing non-existence proof (No Data) for com. A IN"
}
The above error message means that the DNS server is receiving a response claiming that com
zone does not have any records and its failing to prove that with DNSSEC validation being done.
You need to change your forwarder (upstream) or switch to using encrypted DNS protocol. If you are not using any forwarders then you need to switch to one that supports encrypted DNS protocol.
i disabled this checkbox, and DNS apps started working
This Server
i.e. the local DNS server does DNSSEC validation by default which is why you see that NSECMissing
error.
When you test with cloudflare, check the "Enable DNSSEC Validation" option and try again. If that fails then it means that something in your network is hijacking DNS requests, most likely your ISP.
i disabled this checkbox, and DNS apps started working
If you disable DNSSEC validation then it will obviously work but you are removing the security check which was detecting that someone is hijacking your DNS requests. Which is why its not recommended to disable DNSSEC validation.
i think that this option in my router can cause this problems:
If enabling that option hijacks all DNS requests then yes, it will interfere with all outbound requests. Also another thing is that the router does not know how to respond to DNSSEC requests which is creating this issue.
i think that this option in my router can cause this problems:
hi again, i tried to understand about hijacking, and if the router does not know how to respond to DNSSEC, i executed these commands in technitium lxc container and i get:
root@technitiumdns:~#delv go.technitium.com
; fully validated
go.technitium.com. 86400 IN CNAME technitium.com.
go.technitium.com. 86400 IN RRSIG CNAME 13 3 86400 20240110151000 20231231141000 58323 technitium.com. n8DQbkMeeF7jp33drhA2kcuETC2USCKArRV2bFnHeaZ9LKoZa0iM0UeK rH26VTYjTjM1pOr7/0wJwof7KV0Pcg==
technitium.com. 14305 IN A 139.59.3.235
technitium.com. 14305 IN RRSIG A 13 2 14400 20240110151000 20231231141000 58323 technitium.com. b5uBUlQ7EvVsncI/5yPCw/qzSm4TnU1vBolAvgo0UCkFWmkx71UZYRLV cfKbCURMQQHMGdJQFnpDgVLv/PcmJg==
root@technitiumdns:~# dig DNSKEY go.technitium.com
; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> DNSKEY go.technitium.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37668
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;go.technitium.com. IN DNSKEY
;; ANSWER SECTION:
go.technitium.com. 86128 IN CNAME technitium.com.
technitium.com. 3328 IN DNSKEY 257 3 13 kQKG+ben13CmaKJKYGHtrhfXZt8VT34ZVIC4o1wIS0SwhHllP+7by+/J 6Z1UKQoGF64xbPTySK/BrDJHGf5/3w==
technitium.com. 3328 IN DNSKEY 256 3 13 XQmqaQ/yUDB8TFseG56aHBhNyTuRXZ1b10mnJcxL2kLR+OdxQsQ4TINt dgkfThKaAoaoO4doQYLZ4n3Sc/sWlA==
;; Query time: 180 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Thu Jan 04 16:41:06 EET 2024
;; MSG SIZE rcvd: 220
root@technitiumdns:~# dig go.technitium.com +dnssec +multi
; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> go.technitium.com +dnssec +multi
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62077
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
;; QUESTION SECTION:
;go.technitium.com. IN A
;; ANSWER SECTION:
go.technitium.com. 85526 IN CNAME technitium.com.
go.technitium.com. 85526 IN RRSIG CNAME 13 3 86400 (
20240110151000 20231231141000 58323 technitium.com.
n8DQbkMeeF7jp33drhA2kcuETC2USCKArRV2bFnHeaZ9
LKoZa0iM0UeKrH26VTYjTjM1pOr7/0wJwof7KV0Pcg== )
technitium.com. 13527 IN A 139.59.3.235
technitium.com. 13527 IN RRSIG A 13 2 14400 (
20240110151000 20231231141000 58323 technitium.com.
b5uBUlQ7EvVsncI/5yPCw/qzSm4TnU1vBolAvgo0UCkF
Wmkx71UZYRLVcfKbCURMQQHMGdJQFnpDgVLv/PcmJg== )
;; Query time: 344 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Thu Jan 04 16:49:32 EET 2024
;; MSG SIZE rcvd: 296
question is: DNSSEC query work as expected on this machine? if yes, why i get error Error! HttpClient could not resolve IP address for host: go.technitium.com, but with disabling DNSSEC all work as expected?
dig DS go.technitium.com +trace
; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> DS go.technitium.com +trace
;; global options: +cmd
. 61978 IN NS l.root-servers.net.
. 61978 IN NS m.root-servers.net.
. 61978 IN NS a.root-servers.net.
. 61978 IN NS j.root-servers.net.
. 61978 IN NS d.root-servers.net.
. 61978 IN NS h.root-servers.net.
. 61978 IN NS e.root-servers.net.
. 61978 IN NS b.root-servers.net.
. 61978 IN NS g.root-servers.net.
. 61978 IN NS c.root-servers.net.
. 61978 IN NS i.root-servers.net.
. 61978 IN NS f.root-servers.net.
. 61978 IN NS k.root-servers.net.
. 61978 IN RRSIG NS 8 0 518400 20240117050000 20240104040000 30903 . NG0lAPqTSOmSW02oV6+f62WF6tTlnlVozhdRPo40JBED0AViqQL348xX q5gTWrejUE0Dp0x0Pp8H5/NZMCVeYtyBBUxcmwLRs7IhltMNQjkOXH2y DYyXi+bup7KMSthEHDiVdE3e2B58mFHEumemZxPfnKOEMrpAdnb15LvF ZkfqSE4Ld4CzpXXWO/fAWtD3NnmPlAc9LX7+woKsPquK40CLQQg3sY9/ wcoIa3Z3VTr32o9R4iBFZD5eAhCBl3gPabR7KQF1XR9Fnu9l0kREXt5g u8SN/a26KuhTb51bN9xiqivTJnZZ3YIQEts/aJehRbDDzpMh5U+eAEje 8KRjYw==
;; Received 525 bytes from 192.168.1.1#53(192.168.1.1) in 68 ms
;; UDP setup with 2001:500:2f::f#53(2001:500:2f::f) for go.technitium.com failed: network unreachable.
;; UDP setup with 2001:500:2f::f#53(2001:500:2f::f) for go.technitium.com failed: network unreachable.
;; UDP setup with 2001:500:2f::f#53(2001:500:2f::f) for go.technitium.com failed: network unreachable.
;; UDP setup with 2001:500:a8::e#53(2001:500:a8::e) for go.technitium.com failed: network unreachable.
;; Received 35 bytes from 192.5.5.241#53(f.root-servers.net) in 144 ms
dig DS go.technitium.com +trace @1.1.1.1
; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> DS go.technitium.com +trace @1.1.1.1
;; global options: +cmd
. 61871 IN NS d.root-servers.net.
. 61871 IN NS h.root-servers.net.
. 61871 IN NS e.root-servers.net.
. 61871 IN NS b.root-servers.net.
. 61871 IN NS g.root-servers.net.
. 61871 IN NS c.root-servers.net.
. 61871 IN NS i.root-servers.net.
. 61871 IN NS f.root-servers.net.
. 61871 IN NS k.root-servers.net.
. 61871 IN NS l.root-servers.net.
. 61871 IN NS m.root-servers.net.
. 61871 IN NS a.root-servers.net.
. 61871 IN NS j.root-servers.net.
. 61871 IN RRSIG NS 8 0 518400 20240117050000 20240104040000 30903 . NG0lAPqTSOmSW02oV6+f62WF6tTlnlVozhdRPo40JBED0AViqQL348xX q5gTWrejUE0Dp0x0Pp8H5/NZMCVeYtyBBUxcmwLRs7IhltMNQjkOXH2y DYyXi+bup7KMSthEHDiVdE3e2B58mFHEumemZxPfnKOEMrpAdnb15LvF ZkfqSE4Ld4CzpXXWO/fAWtD3NnmPlAc9LX7+woKsPquK40CLQQg3sY9/ wcoIa3Z3VTr32o9R4iBFZD5eAhCBl3gPabR7KQF1XR9Fnu9l0kREXt5g u8SN/a26KuhTb51bN9xiqivTJnZZ3YIQEts/aJehRbDDzpMh5U+eAEje 8KRjYw==
;; Received 525 bytes from 1.1.1.1#53(1.1.1.1) in 56 ms
;; Received 35 bytes from 202.12.27.33#53(m.root-servers.net) in 312 ms
Thanks for those details. But since that I do not know your network config or your DNS server's config, I cannot figure out much from these details and have to make a lot of assumptions.
Are you using any forwarder with your DNS server? The resolution and DNSSEC validation totally depends on your forwarder. If there is no forwarder then the DNS server will do recursive resolution and any DNSSEC validation issue will indicate response tampering.
Also, try replicating the same tests from the DNS Client tab on the admin panel with DNSSEC validation option enabled. This will give a bit better picture since it will give the DNS server's perspective.
hi, in app store i get error: Error! HttpClient could not resolve IP address for host: go.technitium.com
in browser http://go.technitium.com/ return 404 Not Found, also is not configured https!
Technitium Version 11.5.3