Message-ID: <87d75022-6918-612e-5fb6-30dda41e309e@thecshore.com>
Date: Sun, 25 Sep 2022 15:20:37 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.13.0
Subject: Re: websites unreachable
Content-Language: en-CA
To: amc252 <amc252@gmail.com>, ~alpine/users@lists.alpinelinux.org
Cc: Parke <parke.nexus@gmail.com>
References: <632b4d12.170a0220.37d88.456c@mx.google.com>
From: "Daniel F. Dickinson" <daniel@thecshore.com>
In-Reply-To: <632b4d12.170a0220.37d88.456c@mx.google.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

On 2022-09-21 1:42 p.m., amc252 wrote:
> Falkon version on Devuan is 3.1.0 while on Alpine is 22..04.2
> It seems a really huge difference, and I'm not sure if Alpine 3.16 and 
> Devuan Chimaera number packages differently.
> The internet setup is the same on Devuan and Alpine, through wpa_supplicant.
> The two systems settings are the same, AFAIK.
> I even tried copying Devuan Falkon's setting to Alpine and got the same error.
> Falkon, as far as I can tell, does not have an option to enable DNS-over-HTTPS.
> I ran some tests. here are the results I got for both pages that work and those that does not.

It looks to me like you have DNSSEC issues - what is serving your DNS?

Also, could you try curl or wget to the sites you show below, and show
the output. Browsers aren't the best test because they tend to have
internal fallback mechanisms that bypass the system DNS when it is broken.

Also, do you have any kind of proxy on the network?

Regards,

Daniel


> DEVUAN (all pages loaded normally)
>
> $ delv alpinelinux.org/
> ;;   validating ./SOA: got insecure response; parent indicates it should be secure
> ;;   validating ./SOA: got insecure response; parent indicates it should be secure
> ;; no valid RRSIG resolving 'org//DS/IN': 192.168.1.254#53
> ;; broken trust chain resolving 'alpinelinux.org//A/IN': 192.168.1.254#53
> ;; resolution failed: broken trust chain
>
> $ delv lists.alpinelinux.org/
> ;;   validating ./SOA: got insecure response; parent indicates it should be secure
> ;;   validating ./SOA: got insecure response; parent indicates it should be secure
> ;; no valid RRSIG resolving 'org//DS/IN': 192.168.1.254#53
> ;; broken trust chain resolving 'lists.alpinelinux.org//A/IN': 192.168.1.254#53
> ;; resolution failed: broken trust chain
>
> $ dig google.com
>
> ; <<>> DiG 9.16.27-Debian <<>> google.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25129
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;google.com.			IN	A
>
> ;; ANSWER SECTION:
> google.com.		52	IN	A	172.217.14.110
>
> ;; Query time: 7 msec
> ;; SERVER: 192.168.1.254#53(192.168.1.254)
> ;; WHEN: Tue Sep 20 18:20:06 PDT 2022
> ;; MSG SIZE  rcvd: 55
>
>
> $ dig alpinelinux.org/
>
> ; <<>> DiG 9.16.27-Debian <<>> alpinelinux.org/
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24750
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;alpinelinux.org/.		IN	A
>
> ;; AUTHORITY SECTION:
> .			10458	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022092002 1800 900 604800 86400
>
> ;; Query time: 12 msec
> ;; SERVER: 192.168.1.254#53(192.168.1.254)
> ;; WHEN: Tue Sep 20 18:16:20 PDT 2022
> ;; MSG SIZE  rcvd: 120
>
>
> $ dig lists.alpinelinux.org/
>
> ; <<>> DiG 9.16.27-Debian <<>> lists.alpinelinux.org/
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15734
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;lists.alpinelinux.org/.		IN	A
>
> ;; AUTHORITY SECTION:
> .			10746	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022092002 1800 900 604800 86400
>
> ;; Query time: 12 msec
> ;; SERVER: 192.168.1.254#53(192.168.1.254)
> ;; WHEN: Tue Sep 20 18:13:54 PDT 2022
> ;; MSG SIZE  rcvd: 126
>
> $ dig 192.168.1.254
>
> ; <<>> DiG 9.16.27-Debian <<>> 192.168.1.254
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39364
> ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;192.168.1.254.			IN	A
>
> ;; ANSWER SECTION:
> 192.168.1.254.		0	IN	A	192.168.1.254
>
> ;; Query time: 4 msec
> ;; SERVER: 192.168.1.254#53(192.168.1.254)
> ;; WHEN: Tue Sep 20 18:15:28 PDT 2022
> ;; MSG SIZE  rcvd: 47
>
> ALPINE LINUX
>
> page alpinelinux.org/ loads okay
> $ delv alpinelinux.org/
> ;;   validating ./SOA: got insecure response; parent indicates it should be secure
> ;;   validating ./SOA: got insecure response; parent indicates it should be secure
> ;; no valid RRSIG resolving 'org//DS/IN': 192.168.1.254#53
> ;; broken trust chain resolving 'alpinelinux.org//A/IN': 192.168.1.254#53
> ;; resolution failed: broken trust chain
>
> page lists.alpinelinux.org/ gives error
> $ delv lists.alpinelinux.org/
> ;;   validating ./SOA: got insecure response; parent indicates it should be secure
> ;;   validating ./SOA: got insecure response; parent indicates it should be secure
> ;; no valid RRSIG resolving 'org//DS/IN': 192.168.1.254#53
> ;; broken trust chain resolving 'lists.alpinelinux.org//A/IN': 192.168.1.254#53
> ;; resolution failed: broken trust chain
>
> page google.com loads okay
> $ dig google.com
>
> ; <<>> DiG 9.18.5 <<>> google.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52902
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;google.com.			IN	A
>
> ;; ANSWER SECTION:
> google.com.		151	IN	A	142.250.217.142
>
> ;; Query time: 9 msec
> ;; SERVER: 192.168.1.254#53(192.168.1.254) (UDP)
> ;; WHEN: Tue Sep 20 19:28:44 PDT 2022
> ;; MSG SIZE  rcvd: 55
> page alpinelinux.org loads okay
> $ dig alpinelinux.org/
>
> ; <<>> DiG 9.18.5 <<>> alpinelinux.org/
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54612
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;alpinelinux.org/.		IN	A
>
> ;; AUTHORITY SECTION:
> .			6022	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022092002 1800 900 604800 86400
>
> ;; Query time: 7 msec
> ;; SERVER: 192.168.1.254#53(192.168.1.254) (UDP)
> ;; WHEN: Tue Sep 20 19:30:16 PDT 2022
> ;; MSG SIZE  rcvd: 120
>
> page lists.alpinelinux.org/ gives error
> $ dig lists.alpinelinux.org/
>
> ; <<>> DiG 9.18.5 <<>> lists.alpinelinux.org/
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54968
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;lists.alpinelinux.org/.		IN	A
>
> ;; AUTHORITY SECTION:
> .			6100	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022092002 1800 900 604800 86400
>
> ;; Query time: 10 msec
> ;; SERVER: 192.168.1.254#53(192.168.1.254) (UDP)
> ;; WHEN: Tue Sep 20 19:31:20 PDT 2022
> ;; MSG SIZE  rcvd: 126
>
> I hope it helps.
>

-- 
https://wildtechgarden.ca Technical and professional website
https://princesandmadmen.ca Personal and political blog