SERVFAIL when looking up matrix.org on 8.8.8.8 and 8.8.4.4

[matth...@googlemail.com]

Hi all,

We're currently experiencing significant disruption for people trying to resolve matrix.org and riot.im via google public DNS on both 8.8.8.8 and 8.8.4.4 from ISPs in London:

$ nslookup -debug www.matrix.org. 8.8.8.8

Server: 8.8.8.8

Address: 8.8.8.8#53

------------

    QUESTIONS:

www.matrix.org, type = A, class = IN

    ANSWERS:

    AUTHORITY RECORDS:

    ADDITIONAL RECORDS:

------------

** server can't find www.matrix.org: SERVFAIL

Expected result:

$ nslookup -debug www.matrix.org. 1.1.1.1

Server: 1.1.1.1

Address: 1.1.1.1#53

------------

    QUESTIONS:

www.matrix.org, type = A, class = IN

    ANSWERS:

    ->  www.matrix.org

internet address = 104.24.207.27

ttl = 300

    ->  www.matrix.org

internet address = 104.24.206.27

ttl = 300

    AUTHORITY RECORDS:

    ADDITIONAL RECORDS:

------------

Non-authoritative answer:

Name: www.matrix.org

Address: 104.24.207.27

Name: www.matrix.org

Address: 104.24.206.27

This looks to be a problem in google public DNS (i hope) - is there anything we can do about it?

thanks,

Matthew

[Alex Dupuy]

It is possible there was a routing issue between Google and Cloudflare; this would cause inability to resolve names  for your domains even while your ISP had connectivity to both Google and Cloudflare.

If you have these sorts of problems in the future, try to use dns.google.com to resolve the domain, for example https://dns.google.com/query?name=matrix.org and if there are problems with the authoritative servers, there is often a diagnostic comment that provides more helpful information than the simple SERVFAIL error message you might get with dig.

At any rate, I'm not seeing any problems with those domains right now.

[matth...@googlemail.com]

thanks. yup, it resolved itself after about 45 minutes; will diagnose via dns.google.com in future. It could be good to add this to https://developers.google.com/speed/public-dns/docs/troubleshooting for future generations :)

M

[Alex Dupuy]

The troubleshooting docs could certainly use plenty of reworking, but the very first sentence on that page does mention dns.google.com:

If you are encountering problems when resolving particular names, and want to verify whether the problem is with Google Public DNS, please try resolve the domain first at: https://dns.google.com.

Probably it should be a separate bullet point rather than just in the introductory text that nobody reads :-)