Google Public DNS mostly doesn't reply with the correct DNS answer
59 views
Skip to first unread message
corenti...@gmail.com
Mar 6, 2019, 11:16:39 AM3/6/19
to public-dns-discuss
Hi all,
We created a CNAME record a few days ago and noticed it was not redirecting to the correct target most of the time (it's supposed to redirect to an AWS service, but instead just returning to our *.domain.tld target).
We tried creating another subdomain and it worked fine without any issue, we deleted and re-created our CNAME record and it's still going on the wrong target.
1. We can communicate with Google DNS through a traceroute
2. When executing dig on the subdomain, we have the issue :
corentin@LAPTOP-O3NO25DV:/mnt/c/Users/CorentinCloss $ dig @8.8.8.8 natasha.mpulse.eu.
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @8.8.8.8 natasha.mpulse.eu.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55796
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;natasha.mpulse.eu. IN A
;; ANSWER SECTION:
natasha.mpulse.eu. 3599 IN CNAME eafe5b63-albnginxingress-a-b742-1480374157.eu-west-1.elb.amazonaws.com.
eafe5b63-albnginxingress-a-b742-1480374157.eu-west-1.elb.amazonaws.com. 59 IN A 54.77.72.213
eafe5b63-albnginxingress-a-b742-1480374157.eu-west-1.elb.amazonaws.com. 59 IN A 52.213.108.113
eafe5b63-albnginxingress-a-b742-1480374157.eu-west-1.elb.amazonaws.com. 59 IN A 54.246.150.238
;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Mar 06 16:47:14 STD 2019
;; MSG SIZE rcvd: 178
corentin@LAPTOP-O3NO25DV:/mnt/c/Users/CorentinCloss $ dig @8.8.8.8 natasha.mpulse.eu.
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @8.8.8.8 natasha.mpulse.eu.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64119
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;natasha.mpulse.eu. IN A
;; ANSWER SECTION:
natasha.mpulse.eu. 4969 IN CNAME mpulse.eu.
mpulse.eu. 7199 IN A 80.92.66.204
;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Mar 06 16:47:15 STD 2019
;; MSG SIZE rcvd: 76
As you can see above, we don't have the same reply for the 2 exact same commands at a few seconds interval (the correct one is the first with AWS, the bad one is the second one).
Google Public DNS also struggles to reply the correct data without performing DNSSEC validation (returns both the true and bad values)
We have no issues with Level 3's, OpenDNS or Cloudflare DNS servers.
This has been tested on a computer running Ubuntu, a computer running Windows, an iPhone connected through 4G (no wifi on the same network as the 2 previous computers) and an AWS server.
Please apologize for some typos ;)
Puneet Sood
Mar 6, 2019, 11:36:17 AM3/6/19
to corenti...@gmail.com, public-dns-discuss
This was likely due to caching of the CNAME record. Note the TTL of
7199 in the CNAME response. Even if a record is changed, the old
record may continue to be used by resolvers until its TTL expires. See
https://developers.google.com/speed/public-dns/faq#update_cache
I am not seeing the CNAME response now across our service globally so
I expect the records have expired and returning the AWS based records.
> --
> You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-disc...@googlegroups.com.
> To post to this group, send email to public-dn...@googlegroups.com.
> Visit this group at https://groups.google.com/group/public-dns-discuss.
> To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/b835478b-ef2f-40fd-bad6-d2237b917c9b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
7199 in the CNAME response. Even if a record is changed, the old
record may continue to be used by resolvers until its TTL expires. See
https://developers.google.com/speed/public-dns/faq#update_cache
I am not seeing the CNAME response now across our service globally so
I expect the records have expired and returning the AWS based records.
> You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-disc...@googlegroups.com.
> To post to this group, send email to public-dn...@googlegroups.com.
> Visit this group at https://groups.google.com/group/public-dns-discuss.
> To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/b835478b-ef2f-40fd-bad6-d2237b917c9b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Andrzej Swietek
Mar 6, 2019, 12:30:15 PM3/6/19
to Puneet Sood, corenti...@gmail.com, public-dns-discuss
Seems like you have a wild card record *.mpulse.edu
;; ANSWER SECTION:
test.mpulse.eu. 7200 IN CNAME mpulse.eu.
mpulse.eu. 7200 IN A 80.92.66.204
And ttl default of 7200>> This has been tested on a computer running Ubuntu, a computer running Windows, an iPhone connected through 4G (noTo view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/CA%2B9_gVv%3DJkxdG9gKZrr6guyVuZ9t07txX3LCv_TtRKsfV0JUXQ%40mail.gmail.com.
;; ANSWER SECTION:
test.mpulse.eu. 7200 IN CNAME mpulse.eu.
mpulse.eu. 7200 IN A 80.92.66.204
And ttl default of 7200
corenti...@gmail.com
Mar 6, 2019, 9:36:41 PM3/6/19
to public-dns-discuss
I agree there was the TTL set a 7200 seconds, however, even after 48 hours we still had this problem (we created that subdomain 2 days ago and deleted + recreated today to check if it was still happening).
Anyway I just checked again and it seems to be working fine now according to the dig reply
Thank you ! :)
> To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsub...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages