Google won't resolve my CNAME addresses (Cloudflare is ok)

[mika mizuno]

Last week, we got some networking claims(got DNS_PROBE_FINISHED_NXDOMAIN on chrome) of customers who use my services.
It was a case of using 8.8.8.8, changing 1.1.1.1 was solved it, and I reproduced it on my mac.

I use subdomains hosted on Amazon Route53.
app2.manageboard.jp
staging.manageboard.jp
app.manageboard.jp

Their primary DNS is provided by xserver(xtwo.ne.jp).
ref: https://www.xserver.ne.jp/manual/man_domain_spec.php

8.8.8.8 says `Name servers returned malformed responses`,
https://dns.google/query?name=app2.manageboard.jp&rr_type=A&ecs=
and dig also says similar warning (end of this message).

Is the cause in the Primary DNS ?
It's hard to keep asking them to change their DNS to 1.1.1.1 because my service is about to grow and some people will likely use 8.8.8.8.

Thank you

Mika


dig app2.manageboard.jp +norec @ns1.xtwo.ne.jp +noedns
;; Warning: Message parser reports malformed message packet.
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.10.6 <<>> app2.manageboard.jp +norec @ns1.xtwo.ne.jp +noedns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16387
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;app2.manageboard.jp. IN A

;; ANSWER SECTION:
app2.manageboard.jp. 3600 IN CNAME mb-prod-lb-1387628205.ap-northeast-1.elb.amazonaws.com.

;; AUTHORITY SECTION:
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 128.8.10.90
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 128.63.2.53
i.root-servers.net. 3600000 IN A 192.36.148.17
j.root-servers.net. 3600000 IN A 192.58.128.30
k.root-servers.net. 3600000 IN A 193.0.14.129
l.root-servers.net. 3600000 IN A 198.32.64.12
m.root-servers.net. 3600000 IN A 202.12.27.33

;; Query time: 53 msec
;; SERVER: 175.28.4.232#53(175.28.4.232)
;; WHEN: Thu Jul 28 02:20:52 JST 2022
;; MSG SIZE rcvd: 524

[Tianhao Chi]

This issue is due to the authoritative nameserver not truncating the response correctly. We recently made the change that for an incorrectly truncated response, it's attributed as a malformed response and TCP retry will not be performed. Please contact the authoritative nameserver to have this issue fixed.

[mika mizuno]

thank you!

I'll try to get in touch with them first.

2022年7月29日金曜日 4:56:34 UTC+9 chiti...@google.com:

[Puneet Sood]

On Fri, Jul 29, 2022 at 10:17 AM mika mizuno <mika....@knowledgelabo.com> wrote:

thank you!

I'll try to get in touch with them first.

There is another aspect in the response you posted that should be fixed. The response contains root name server names and IP addresses in the AUTH/ADDL sections. Those are unnecessary. Removing them from responses will reduce the response message size allowing most responses to fit within 512 bytes and avoid truncation, TCP.

 

--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-disc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/59d330ec-dceb-4906-932d-a87f11011fd6n%40googlegroups.com.