Cloudflare alt-svc failures cause spurious "DNS resolution error" in Tor Browser
Like other online users, Cloudflare's DNS sometimes return their own internal IP address. This behaviour results in DNS error screen.
You better ask Tor exit owners to change their DNS server to ISP one, or run unbound locally.
Activity
Please enable cookies. Error 1001 Ray ID: 5535cf189e478d0f • 2020-01-11 xx:xx:xx UTC DNS resolution error What happened?
You've requested a page on a website (spreadprivacy.com) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (spreadprivacy.com). There are two potential causes of this:
Most likely: if the owner just signed up for Cloudflare it can take a few minutes for the website's information to be distributed to our global network. Less likely: something is wrong with this site's configuration. Usually this happens when accounts have been signed up with a partner organization (e.g., a hosting provider) and the provider's DNS fails.Cloudflare Ray ID: 5535cf189e478d0f • Your IP: 2405:8100:8000:5ca1::4ae:dbad • Performance & security by Cloudflare
Please enable cookies. Error 1001 Ray ID: 5535dad91ec26e3c • 2020-01-11 xx:xx:xx UTC DNS resolution error What happened?
You've requested a page on a website (spreadprivacy.com) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (spreadprivacy.com). There are two potential causes of this:
Most likely: if the owner just signed up for Cloudflare it can take a few minutes for the website's information to be distributed to our global network. Less likely: something is wrong with this site's configuration. Usually this happens when accounts have been signed up with a partner organization (e.g., a hosting provider) and the provider's DNS fails.Cloudflare Ray ID: 5535dad91ec26e3c • Your IP: 2405:8100:8000:5ca1::493:8b61 • Performance & security by Cloudflare
And many others.
- Open tor browser
- Open in new tab, https://spreadprivacy.com/
- Change circuit and observe
Yippee
Please enable cookies. Error 1001 Ray ID: 5535dfec3d716e18 • 2020-01-11 xx:xx:xx UTC DNS resolution error What happened?
You've requested a page on a website (spreadprivacy.com) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (spreadprivacy.com). There are two potential causes of this:
Most likely: if the owner just signed up for Cloudflare it can take a few minutes for the website's information to be distributed to our global network. Less likely: something is wrong with this site's configuration. Usually this happens when accounts have been signed up with a partner organization (e.g., a hosting provider) and the provider's DNS fails.Cloudflare Ray ID: 5535dfec3d716e18 • Your IP: 2405:8100:8000:5ca1::4af:74a • Performance & security by Cloudflare
This is not related to DNS, cloudflare uses alt-svc and the IP address you are seeing in the HTML somewhat confirms that is an issue related to their onion services.
You can read more about that here: https://blog.cloudflare.com/cloudflare-onion-service/
You might want to contact Mahrud but he is no longer at CF AFAIK.
As a workaround you might be able to disable alt-svc support in your browser to avoid going through their onions.
You will see same error when you rorate your circuit & click "New identity" button.
In the same sense that Cloudflare owns the IP addresses that serve our customers’ websites, we run 10 .onion addresses. Think of them as 10 Cloudflare points of presence (or PoPs) within the Tor network.
some of them broken
None of the IP addresses listed in this trac issue are tor exit relays, they are just relays. Which confirms that the reporter of this issue was always looking at non-exit circuits to onion services.
195.128.103.192 https://metrics.torproject.org/rs.html#details/95FA758717D185CBC1D5EE992AAE084AD041927D
163.172.21.117 https://metrics.torproject.org/rs.html#details/74B8B22AF950B0BE11D8A228FB09D2F5279FB757
87.117.247.111 https://metrics.torproject.org/rs.html#details/6A3C57BE1EA3B400240F821A22B5E6060501A031
Replying to cypherpunks:
Tor circuit last node(3rd one)
195.128.103.192
Ban this piece of shit please... Hey, you can educate the volunteers first! But this can't be the true. Please educate yourself about circuits positions! Instead of blaming someone else and requesting ban. I request for banning false positive reports.
http://rougmnvswfsmd4dq.onion/rs.html#details/95FA758717D185CBC1D5EE992AAE084AD041927D
Replying to cypherpunks:
Please enable cookies. Error 1001 Ray ID: 5535dad91ec26e3c • 2020-01-11 xx:xx:xx UTC DNS resolution error What happened?
You've requested a page on a website (spreadprivacy.com) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (spreadprivacy.com). There are two potential causes of this:
Most likely: if the owner just signed up for Cloudflare it can take a few minutes for the website's information to be distributed to our global network. Less likely: something is wrong with this site's configuration. Usually this happens when accounts have been signed up with a partner organization (e.g., a hosting provider) and the provider's DNS fails.Cloudflare Ray ID: 5535dad91ec26e3c • Your IP: 2405:8100:8000:5ca1::493:8b61 • Performance & security by Cloudflare
None of the reported IP´s seem to be exitting! Are you sure you are using tor? i have looked into http://rougmnvswfsmd4dq.onion/rs.html#search/flag:exit%20 sorted by IPv6. But there exist no exit with IPv6 prefix 2405:
But there exist no exit with IPv6 prefix 2405:
I guess we can look at that problem during our work on #32864 (moved).
Trac:
Keywords: N/A deleted, network-health added
Parent: #24351 to #32864 (moved)-
Unparenting. Some steps to reproduce would be helpful, so we can move this ticket forward.
Trac:
Parent: #32864 (moved) to N/A
