DNS not resolving correct using Google Public DNS only
588 views
Skip to first unread message
ili...@gmail.com
Apr 1, 2017, 6:18:10 PM4/1/17
to public-dns-discuss
The domain name does not resolve correctly using google dns only.
No matter how many times I query the other DNS server the response is the same, but when using the google dns both 8.8.8.8 and 8.8.4.4
- Google DNS
Seems random sometimes I get a correct answer from google DNS sometimes I don't
$ nslookup -debug chillandlive.com. 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
------------
QUESTIONS:
chillandlive.com, type = A, class = IN
ANSWERS:
-> chillandlive.com
internet address = 138.201.243.188
ttl = 10037
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name: chillandlive.com
Address: 138.201.243.188
$ nslookup -debug chillandlive.com. 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
------------
QUESTIONS:
chillandlive.com, type = A, class = IN
ANSWERS:
AUTHORITY RECORDS:
-> chillandlive.com
origin = dee.ns.cloudflare.com
mail addr = dns.cloudflare.com
serial = 2024169236
refresh = 10000
retry = 2400
expire = 604800
minimum = 3600
ttl = 1526
ADDITIONAL RECORDS:
------------
Non-authoritative answer:
*** Can't find chillandlive.com.: No answer
- Authoritative
$ nslookup -debug chillandlive.com. dee.ns.cloudflare.com
Server: dee.ns.cloudflare.com
Address: 2400:cb00:2049:1::adf5:3a5d#53
------------
QUESTIONS:
chillandlive.com, type = A, class = IN
ANSWERS:
-> chillandlive.com
internet address = 138.201.243.188
ttl = 10735
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Name: chillandlive.com
Address: 138.201.243.188
$ nslookup -debug chillandlive.com. trey.ns.cloudflare.com
Server: trey.ns.cloudflare.com
Address: 2400:cb00:2049:1::adf5:3bf2#53
------------
QUESTIONS:
chillandlive.com, type = A, class = IN
ANSWERS:
-> chillandlive.com
internet address = 138.201.243.188
ttl = 10800
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Name: chillandlive.com
Address: 138.201.243.188
- OpenDNS
$ nslookup -debug chillandlive.com. 208.67.222.222
Server: 208.67.222.222
Address: 208.67.222.222#53
------------
QUESTIONS:
chillandlive.com, type = A, class = IN
ANSWERS:
-> chillandlive.com
internet address = 138.201.243.188
ttl = 10800
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name: chillandlive.com
Address: 138.201.243.188
208.67.220.220
$ nslookup -debug chillandlive.com. 208.67.220.220
Server: 208.67.220.220
Address: 208.67.220.220#53
------------
QUESTIONS:
chillandlive.com, type = A, class = IN
ANSWERS:
-> chillandlive.com
internet address = 138.201.243.188
ttl = 10735
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name: chillandlive.com
Address: 138.201.243.188
peterint...@gmail.com
Apr 3, 2017, 10:46:58 AM4/3/17
to public-dns-discuss
LS,
Duyvesteyn.nl is not reported correctly in google dns.
Other public dns sites are all working correctly including intodns. Mxtoolbox also does not show any issues.
nslookup -debug duyvesteyn.nl 8.8.8.8
------------
Got answer:
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
8.8.8.8.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 8.8.8.8.in-addr.arpa
name = google-public-dns-a.google.com
ttl = 86399 (23 hours 59 mins 59 secs)
------------
Server: google-public-dns-a.google.com
Address: 8.8.8.8
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
duyvesteyn.nl.corp.microsoft.com, type = A, class = IN
AUTHORITY RECORDS:
-> microsoft.com
ttl = 1799 (29 mins 59 secs)
primary name server = ns1.msft.net
responsible mail addr = msnhst.microsoft.com
serial = 2017040201
refresh = 7200 (2 hours)
retry = 600 (10 mins)
expire = 2419200 (28 days)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
duyvesteyn.nl.corp.microsoft.com, type = AAAA, class = IN
AUTHORITY RECORDS:
-> microsoft.com
ttl = 1799 (29 mins 59 secs)
primary name server = ns1.msft.net
responsible mail addr = msnhst.microsoft.com
serial = 2017040201
refresh = 7200 (2 hours)
retry = 600 (10 mins)
expire = 2419200 (28 days)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 4, rcode = SERVFAIL
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
duyvesteyn.nl, type = A, class = IN
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 5, rcode = SERVFAIL
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
duyvesteyn.nl, type = AAAA, class = IN
------------
*** google-public-dns-a.google.com can't find duyvesteyn.nl: Server failed
Duyvesteyn.nl is not reported correctly in google dns.
Other public dns sites are all working correctly including intodns. Mxtoolbox also does not show any issues.
nslookup -debug duyvesteyn.nl 8.8.8.8
------------
Got answer:
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
8.8.8.8.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 8.8.8.8.in-addr.arpa
name = google-public-dns-a.google.com
ttl = 86399 (23 hours 59 mins 59 secs)
------------
Server: google-public-dns-a.google.com
Address: 8.8.8.8
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
duyvesteyn.nl.corp.microsoft.com, type = A, class = IN
AUTHORITY RECORDS:
-> microsoft.com
ttl = 1799 (29 mins 59 secs)
primary name server = ns1.msft.net
responsible mail addr = msnhst.microsoft.com
serial = 2017040201
refresh = 7200 (2 hours)
retry = 600 (10 mins)
expire = 2419200 (28 days)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
duyvesteyn.nl.corp.microsoft.com, type = AAAA, class = IN
AUTHORITY RECORDS:
-> microsoft.com
ttl = 1799 (29 mins 59 secs)
primary name server = ns1.msft.net
responsible mail addr = msnhst.microsoft.com
serial = 2017040201
refresh = 7200 (2 hours)
retry = 600 (10 mins)
expire = 2419200 (28 days)
default TTL = 3600 (1 hour)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 4, rcode = SERVFAIL
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
duyvesteyn.nl, type = A, class = IN
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 5, rcode = SERVFAIL
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
duyvesteyn.nl, type = AAAA, class = IN
------------
*** google-public-dns-a.google.com can't find duyvesteyn.nl: Server failed
Alex Dupuy
Apr 3, 2017, 11:02:19 AM4/3/17
to public-dns-discuss, peterint...@gmail.com
Peter wrote:
Duyvesteyn.nl is not reported correctly in google dns.
Other public dns sites are all working correctly including intodns. Mxtoolbox also does not show any issues.
The 'duyvesteyn.nl' zone has a DNSSEC misconfiguration.
The parent zone 'nl' has a DS record for 'duyvesteyn'
but the 'duyvesteyn.nl' zone has no DNSKEY record.
To fix this, remove the DS record for 'duyvesteyn.nl'
in the 'nl' zone. Contact your registrar (Greenhost) to do so.
'duyvesteyn.nl' is in 'duyvesteyn.nl' zone under .NL
'duyvesteyn.nl' is failing DNSSEC validation, and has
4 nameservers in 'microsoftonline.com' (all are failing validation)
Alex Dupuy
Apr 3, 2017, 11:46:34 AM4/3/17
to public-dns-discuss, ili...@gmail.com
ilijamt wrote:
The domain name does not resolve correctly using google dns only.No matter how many times I query the other DNS server the response is the same, but when using the google dns both 8.8.8.8 and 8.8.4.4
Seems random sometimes I get a correct answer from google DNS sometimes I don't
I am finding CNAME records for chillandlive.com in the Google Public DNS cache, e.g.:
dig +noall +comments +answer +nocl +nottl +time=2 -q chillandlive.com. -t DNSKEY
@publicdns.google.com. +cd +dnssec +multiline
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; ANSWER SECTION:
Since your name servers are now located at CloudFlare (which does CNAME flattening at the zone apex), and when I double-checked some of those query results, I saw short 5 minute TTLs, I'm guessing you had your name servers elsewhere with a CNAME for chillandlive.com (CNAME at zone apex does not work), but recently moved your name servers to CloudFlare (which can do that without breaking resolution because of flattening), and Google Public DNS still has your old resolver delegation in its cache. Unfortunately, the cache flush feature works only on the response cache, and does not change the delegation cache Google Public DNS uses itself to determine which name server to use to resolve a name.
Once the TTL on the old delegation records in .COM zone has expired (they are 2 days long, this will take a while), this problem should go away.
peterint...@gmail.com
Apr 3, 2017, 5:21:55 PM4/3/17
to public-dns-discuss
And any hints hoe to do this? Domain is hosted at A provider and nameservers are directer to Microsoft...
Reply all
Reply to author
Forward
0 new messages