Unable to resolve ericjohnson.com with Google's DNS

[jonatha...@gmail.com]

Hello,

I'm able to resolve www.ericjohnson.com on another computer on my same home network which uses my ISP's DNS, as well as on my phone, but I can't on my computer which uses Google's DNS.

I've tried flushing all DNS caches and using 8.8.4.4 instead of 8.8.8.8 and nothing has worked.

The intodns record is here: https://intodns.com/ericjohnson.com

The dnsvis result is here: http://dnsviz.net/d/www.ericjohnson.com/analyze/

C:\Windows\system32>tracert -d 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.1.1

  2     8 ms     8 ms     8 ms  142.254.141.13

  3    97 ms    21 ms    20 ms  24.28.89.65

  4    10 ms    14 ms    15 ms  24.175.49.213

  5    13 ms    15 ms    14 ms  24.175.49.0

  6    15 ms    15 ms    15 ms  66.109.1.216

  7    11 ms    11 ms     9 ms  207.86.208.49

  8    11 ms     9 ms    10 ms  207.86.208.62

  9    10 ms     9 ms    10 ms  108.170.240.65

 10    10 ms     9 ms    10 ms  72.14.234.145

 11    10 ms    11 ms    10 ms  8.8.8.8

Trace complete.

C:\Windows\system32>nslookup -debug www.ericjohnson.com 8.8.8.8

------------

Got answer:

    HEADER:

        opcode = QUERY, id = 1, rcode = NOERROR

        header flags:  response, want recursion, recursion avail.

        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:

        8.8.8.8.in-addr.arpa, type = PTR, class = IN

    ANSWERS:

    ->  8.8.8.8.in-addr.arpa

        name = google-public-dns-a.google.com

        ttl = 86399 (23 hours 59 mins 59 secs)

------------

Server:  google-public-dns-a.google.com

Address:  8.8.8.8

------------

Got answer:

    HEADER:

        opcode = QUERY, id = 2, rcode = SERVFAIL

        header flags:  response, want recursion, recursion avail.

        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:

        www.ericjohnson.com, type = A, class = IN

------------

------------

Got answer:

    HEADER:

        opcode = QUERY, id = 3, rcode = SERVFAIL

        header flags:  response, want recursion, recursion avail.

        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:

        www.ericjohnson.com, type = AAAA, class = IN

------------

------------

Got answer:

    HEADER:

        opcode = QUERY, id = 4, rcode = SERVFAIL

        header flags:  response, want recursion, recursion avail.

        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:

        www.ericjohnson.com, type = A, class = IN

------------

------------

Got answer:

    HEADER:

        opcode = QUERY, id = 5, rcode = SERVFAIL

        header flags:  response, want recursion, recursion avail.

        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:

        www.ericjohnson.com, type = AAAA, class = IN

------------

*** google-public-dns-a.google.com can't find www.ericjohnson.com: Server failed

C:\Windows\system32>nslookup -debug www.ericjohnson.com 4.2.2.1

------------

Got answer:

    HEADER:

        opcode = QUERY, id = 1, rcode = NOERROR

        header flags:  response, want recursion, recursion avail.

        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:

        1.2.2.4.in-addr.arpa, type = PTR, class = IN

    ANSWERS:

    ->  1.2.2.4.in-addr.arpa

        name = a.resolvers.level3.net

        ttl = 62960 (17 hours 29 mins 20 secs)

------------

Server:  a.resolvers.level3.net

Address:  4.2.2.1

------------

Got answer:

    HEADER:

        opcode = QUERY, id = 2, rcode = NOERROR

        header flags:  response, want recursion, recursion avail.

        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:

        www.ericjohnson.com, type = A, class = IN

    ANSWERS:

    ->  www.ericjohnson.com

        canonical name = ericjohnson.com

        ttl = 14400 (4 hours)

    ->  ericjohnson.com

        internet address = 72.52.136.31

        ttl = 14400 (4 hours)

------------

Non-authoritative answer:

------------

Got answer:

    HEADER:

        opcode = QUERY, id = 3, rcode = NOERROR

        header flags:  response, want recursion, recursion avail.

        questions = 1,  answers = 1,  authority records = 1,  additional = 0

    QUESTIONS:

        www.ericjohnson.com, type = AAAA, class = IN

    ANSWERS:

    ->  www.ericjohnson.com

        canonical name = ericjohnson.com

        ttl = 14400 (4 hours)

    AUTHORITY RECORDS:

    ->  ericjohnson.com

        ttl = 86400 (1 day)

        primary name server = ns1.virtualkeeper.net

        responsible mail addr = chief.virtualkeeper.com

        serial  = 2017022700

        refresh = 3600 (1 hour)

        retry   = 7200 (2 hours)

        expire  = 1209600 (14 days)

        default TTL = 86400 (1 day)

------------

Name:    ericjohnson.com

Address:  72.52.136.31

Aliases:  www.ericjohnson.com

I believe this means there may be a problem with the entry for www.ericjohnson.com in Google's DNS. I apologize if I am in error, I am not a networking or DNS expert. Please let me know if I can provide any additional information.

Thank you,

Jonathan

[Alex Dupuy]

The problem is not with ericjohnson.com, but with the name server configuration of your name servers ns[12].virtualkeeper.org.

https://intodns.com/virtualkeeper.org shows some of the problems. Even recursive name servers that can resolve ericjohnson.com fall over trying to resolve virtualkeeper.org:

$ dig +noall +comment virtualkeeper.org @4.2.2.1

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53823

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

Walking through it step by step,

$ checkdelegation ericjohnson.com

parent zone com:

ericjohnson.com. 172800 NS ns1.virtualkeeper.org.

ericjohnson.com. 172800 NS ns2.virtualkeeper.org.

So the .COM TLD says go ask ns[12].virtualkeeper.org (and by the way, you'll need to get their addresses from .ORG TLD).

Fine, we'll do that.

$ checkdelegation virtualkeeper.org

parent zone org:

virtualkeeper.org. 86400 NS ns1.virtualkeeper.org.

virtualkeeper.org. 86400 NS ns2.virtualkeeper.org.

ns1.virtualkeeper.org. 86400 A 72.52.136.30

ns2.virtualkeeper.org. 86400 A 72.52.136.32

This response from the .ORG TLD is okay, but unlike other resolvers Google Public DNS won't use the glue A record there to resolve ericjohnson.com; it only uses glue A records for the domain where they are needed as glue. So it will attempt to resolve the A records for ns1.virtualkeeper.org and ns2.virtualkeeper.org using the glue A records from .ORG TLD. Only problem is, those name servers don't actually know about themselves and respond with REFUSED.

$ dig +norec +noall +comment ns1.virtualkeeper.org @72.52.136.30

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 60694

;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

$ dig +norec +noall +comment ns1.virtualkeeper.org @72.52.136.32

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 10247

;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

If you properly configure ns[12].virtualkeeper.org with a virtualkeeper.org zone with correct SOA and NS records for the apex (@) and A records for the ns1 and ns2 subdomains, you should be able to resolve with Google Public DNS, and checkers like DNSViz and https://zonalizer.makeinstall.se/ will not fail trying to analyze ericjohnson.com or virtualkeeper.org either.

There are some other weirdnesses that should be cleaned up, although they won't prevent Google Public DNS from resolving your domain. The ns[12].virtualkeeper.org name servers think that the name servers for ericjohnson.com are ns[12].virtualkeeper.net, but those name servers know nothing and just refer back to the .COM TLD:

$ dig +norec +nocmd ericjohnson.com @ns1.virtualkeeper.org

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40505

;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:

;ericjohnson.com.               IN      A

;; ANSWER SECTION:

ericjohnson.com.        14400   IN      A       72.52.136.31

;; AUTHORITY SECTION:

ericjohnson.com.        86400   IN      NS      ns2.virtualkeeper.net.

ericjohnson.com.        86400   IN      NS      ns1.virtualkeeper.net.

;; Query time: 39 msec

;; SERVER: 72.52.136.30#53(72.52.136.30)

;; WHEN: Sat Jul  8 23:43:18 2017

;; MSG SIZE  rcvd: 102

$ dig +norec +nocmd ericjohnson.com @ns1.virtualkeeper.net

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61779

;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:

;ericjohnson.com.               IN      A

;; AUTHORITY SECTION:

com.                    144754  IN      NS      e.gtld-servers.net.

...

com.                    144754  IN      NS      d.gtld-servers.net.

;; Query time: 78 msec

;; SERVER: 206.130.109.52#53(206.130.109.52)

;; WHEN: Sat Jul  8 23:41:35 2017

;; MSG SIZE  rcvd: 257