docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon nycmeshnet

Public DNS resolver availability

Open clehner opened this issue 2 years ago • 2 comments

The DNS page lists a public IP address for a DNS server: https://github.com/nycmeshnet/docs/blob/6ed7b1cea987f333d2c919e611c4255408bac978/content/networking/dns.md#top-level-domains

199.167.59.10 - Public DNS Resolver for anyone in the world. No Logs, No filtering.

I see the host 199.167.59.10 answers DNS queries from inside the mesh, including for the .mesh TLD. However, I don't find it to be reachable from outside the mesh - via DNS queries or pings. Here is traceroute info from a DigitalOcean NYC3 VPS:

traceroute to 199.167.59.10 (199.167.59.10), 30 hops max, 60 byte packets
 1  * * *
 2  10.74.7.40 (10.74.7.40)  1.166 ms 10.74.7.46 (10.74.7.46)  1.150 ms 10.74.7.38 (10.74.7.38)  1.134 ms
 3  138.197.248.250 (138.197.248.250)  1.531 ms  1.873 ms 138.197.248.238 (138.197.248.238)  1.688 ms
 4  138.197.248.54 (138.197.248.54)  1.546 ms 138.197.248.56 (138.197.248.56)  1.558 ms 138.197.248.58 (138.197.248.58)  1.634 ms
 5  138.197.244.40 (138.197.244.40)  1.789 ms  1.772 ms  1.756 ms
 6  375pearl.nycmesh.net (206.82.104.151)  1.905 ms !N  1.088 ms !N *

Possible fixes for this issue:

  1. Update the page to clarify that 199.167.59.10 is only for use in the mesh (and/or other specific networks?)
  2. Enable 199.167.59.10 to respond to DNS queries from outside the mesh.

clehner avatar May 06 '22 05:05 clehner

Greetings, Talked about also in #157 , I'm putting here an example of resolving that works. Please let me know if otherwise

$ nslookup mail.mesh.nycmesh.net 199.167.59.10
Server:		199.167.59.10
Address:	199.167.59.10#53

Non-authoritative answer:
Name:	mail.mesh.nycmesh.net
Address: 10.70.140.70

$ nslookup google.com 199.167.59.10
Server:		199.167.59.10
Address:	199.167.59.10#53

Non-authoritative answer:
Name:	google.com
Address: 142.250.80.78
Name:	google.com
Address: 2607:f8b0:4006:80c::200e

zgiles avatar Oct 14 '22 01:10 zgiles

nslookup mail.mesh.nycmesh.net 199.167.59.10 [...]

I see these resolutions working only from within the mesh.

I am still finding that 199.167.59.10 is unreachable outside the mesh. From two networks, pinging it results in Destination Net Unreachable from 206.82.104.151. From other networks I get no response.

However, I find that changing 10 to 11 works. 199.167.59.11 appears to be a functioning public resolver for mesh.nycmesh.net (including for .mesh TLD). Perhaps the docs should be updated to use that address instead?

clehner avatar Oct 14 '22 12:10 clehner