Google Public DNS does not resolve domain records minvu.cl
Leonardo Cavieres
Hi,
I want to report that Google Public DNS does not resolve domain minvu.cl 8.8.8.8 records minvu.cl domain, which is causing problems with our website application and email service.
The following information is collected:
- Detection date: from the last week of June, 2017.
- Location: Chile
- Issue: Mail servers that use Google's public DNS servers are not able to validate our A, MX, records
- This problem is permanent.
Thank you in advance for your help.
Best regards,
Leonardo Cavieres
TEST GOOGLE PUBLIC DNS RESULT
Result for minvu.cl/A without DNSSEC validation:
{
"Status": 2,
"TC": false,
"RD": true,
"RA": true,
"AD": false,
"CD": true,
"Question": [
{
"name":
"minvu.cl.",
"type": 1
}
],
"Comment": "Nameservers
did not respond [163.247.53.11]."
}
Result for minvu.cl/MX without DNSSEC validation:
{
"Status": 2,
"TC": false,
"RD": true,
"RA": true,
"AD": false,
"CD": true,
"Question": [
{
"name":
"minvu.cl.",
"type": 15
}
],
"Comment": "Nameservers
did not respond [163.247.53.11, 163.247.53.10]."
}
IntoDNS TEST
|
Category |
Status |
Test name |
Information |
|
Parent |
|
Domain NS records |
Nameserver records returned by the parent servers are:
ns1.minvu.cl. ['163.247.53.10'] [TTL=3600] ns2.minvu.cl. ['163.247.53.11'] [TTL=3600]
a.nic.cl was kind enough to give us that information. |
|
|
|
TLD Parent Check |
Good. a.nic.cl, the parent server I interrogated, has information for your TLD. This is a good thing as there are some other domain extensions like "co.us" for example that are missing a direct check. |
|
|
|
Your nameservers are listed |
Good. The parent server a.nic.cl has your nameservers listed. This is a must if you want to be found as anyone that does not know your DNS servers will first ask the parent nameservers. |
|
|
|
DNS Parent sent Glue |
Good. The parent nameserver sent GLUE, meaning he sent your nameservers as well as the IPs of your nameservers. Glue records are A records that are associated with NS records to provide "bootstrapping" information to the nameserver.(see RFC 1912 section 2.3) |
|
|
|
Nameservers A records |
Good. Every nameserver listed has A records. This is a must if you want to be found. |
|
NS |
|
NS records from your nameservers |
NS records got from your nameservers listed at the parent NS are:
ns1.minvu.cl ['163.247.53.10'] [TTL=3600] ns2.minvu.cl ['163.247.53.11'] [TTL=3600] |
|
|
|
Recursive Queries |
Good. Your nameservers (the ones reported by the parent server) do not report that they allow recursive queries for anyone. |
|
|
|
Same Glue |
The A records (the GLUE) got from the parent zone check are the same as the ones got from your nameservers. You have to make sure your parent server has the same NS records for your zone as you do according to the RFC. This tests only nameservers that are common at the parent and at your nameservers. If there are any missing or stealth nameservers you should see them below! |
|
|
|
Glue for NS records |
OK. When I asked your nameservers for your NS records they also returned the A records for the NS records. This is a good thing as it will spare an extra A lookup needed to find those A records. |
|
|
|
Mismatched NS records |
OK. The NS records at all your nameservers are identical. |
|
|
|
DNS servers responded |
Good. All nameservers listed at the parent server responded. |
|
|
|
Name of nameservers are valid |
OK. All of the NS records that your nameservers report seem valid. |
|
|
|
Multiple Nameservers |
Good. You have multiple nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me. |
|
|
|
Nameservers are lame |
OK. All the nameservers listed at the parent servers answer authoritatively for your domain. |
|
|
|
Missing nameservers reported by parent |
OK. All NS records are the same at the parent and at your nameservers. |
|
|
|
Missing nameservers reported by your nameservers |
OK. All nameservers returned by the parent server a.nic.cl are the same as the ones reported by your nameservers. |
|
|
|
Domain CNAMEs |
OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. |
|
|
|
NSs CNAME check |
OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. |
|
|
|
Different subnets |
WARNING: Not all of your nameservers are in different subnets |
|
|
|
IPs of nameservers are public |
Ok. Looks like the IP addresses of your nameservers are public. This is a good thing because it will prevent DNS delays and other problems like |
|
|
|
DNS servers allow TCP connection |
OK. Seems all your DNS servers allow TCP connections. This is a good thing and useful even if UDP connections are used by default. |
|
|
|
Different autonomous systems |
WARNING: Single point of failure |
|
|
|
Stealth NS records sent |
Ok. No stealth ns records are sent |
|
SOA |
|
SOA record |
The SOA record is: Primary nameserver: ns1.minvu.cl Hostmaster E-mail address: hostname.minvu.cl Serial #: 2006023042 Refresh: 3600 Retry: 600 Expire: 604800 1 weeks Default TTL: 3600 |
|
|
|
NSs have same SOA serial |
OK. All your nameservers agree that your SOA serial number is 2006023042. |
|
|
|
SOA MNAME entry |
OK. ns1.minvu.cl That server is listed at the parent servers. |
|
|
|
SOA Serial |
Your SOA serial number is: 2006023042. This appears to be in the recommended format of YYYYMMDDnn. |
|
|
|
SOA REFRESH |
OK. Your SOA REFRESH interval is: 3600. That is OK |
|
|
|
SOA RETRY |
Your SOA RETRY value is: 600. Looks ok |
|
|
|
SOA EXPIRE |
Your SOA EXPIRE number is: 604800.Looks ok |
|
|
|
SOA MINIMUM TTL |
Your SOA MINIMUM TTL is: 3600. This value was used to serve as a default TTL for records without a given TTL value and now is used for negative caching (indicates how long a resolver may cache the negative answer). RFC2308 recommends a value of 1-3 hours. Your value of 3600 is OK. |
|
MX |
|
MX Records |
Your MX records that were reported by your nameservers are:
1 mx.minvu.cl 163.247.53.35
[These are all the MX records that I found. If there are some non common MX records at your nameservers you should see them below. ] |
|
|
|
Different MX records at nameservers |
Good. Looks like all your nameservers have the same set of MX records. This tests to see if there are any MX records not reported by all your nameservers and also MX records that have the same hostname but different IPs |
|
|
|
MX name validity |
Good. I did not detect any invalid hostnames for your MX records. |
|
|
|
MX IPs are public |
OK. All of your MX records appear to use public IPs. |
|
|
|
MX CNAME Check |
OK. No problems here. |
|
|
|
MX A request returns CNAME |
OK. No CNAMEs returned for A records lookups. |
|
|
|
MX is not IP |
OK. All of your MX records are host names. |
|
|
|
Number of MX records |
OK. Looks like you only have one MX record at your nameservers. You should be careful about what you are doing since you have a single point of failure that can lead to mail being lost if the server is down for a long time. |
|
|
|
Mismatched MX A |
OK. I did not detect differing IPs for your MX records. |
|
|
|
Duplicate MX A records |
OK. I have not found duplicate IP(s) for your MX records. This is a good thing. |
|
|
|
Reverse MX A records (PTR) |
Your reverse (PTR) record: 35.53.247.163.in-addr.arpa -> mx.minvu.cl You have reverse (PTR) records for all your IPs, that is a good thing. |
|
WWW |
|
WWW A Record |
Your www.minvu.cl A record is: www.minvu.cl -> wp73.minvu.cl -> [ 163.247.53.78 ]
[Looks like you have CNAME's] |
|
|
|
IPs are public |
OK. All of your WWW IPs appear to be public IPs. |
|
|
|
WWW CNAME |
OK. You do have a CNAME record for www.minvu.cl.Your CNAME entry also returns the A record for the CNAME entry, which is good. |
Processed in 1.491 seconds.
Trace route
C:\Users\Administrator>tracert -d 8.8.8.8
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 5 ms <1 ms <1 ms 30.30.30.1
2 1 ms 1 ms 1 ms 163.247.53.161
3 <1 ms <1 ms <1 ms 163.247.2.97
4 1 ms <1 ms <1 ms 163.247.20.250
5 5 ms 1 ms 1 ms 163.247.21.245
6 4 ms 1 ms 3 ms 163.247.21.251
7 1 ms 1 ms 1 ms 190.216.146.17
8 1 ms 2 ms 2 ms 72.14.210.230
9 1 ms 1 ms 1 ms 209.85.251.47
10 <1 ms 1 ms <1 ms 8.8.8.8
Trace complete.
C:\Users\Administrator>nslookup -debug www.minvu.cl 8.8.8.8
------------
Got answer:
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0
QUESTIONS:
8.8.8.8.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 8.8.8.8.in-addr.arpa
name = google-public-dns-a.google.com
ttl = 83405 (23 hours 10 mins 5 secs)
------------
Server: google-public-dns-a.google.com
Address: 8.8.8.8
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = SERVFAIL
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
www.minvu.cl, type = A, class = IN
------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
------------
Got answer:
HEADER:
opcode = QUERY, id = 4, rcode = SERVFAIL
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
www.minvu.cl, type = A, class = IN
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 5, rcode = SERVFAIL
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
www.minvu.cl, type = AAAA, class = IN
Verify that another open resolver can resolve the selected hostname
C:\Users\Administrator>nslookup www.minvu.cl. 4.2.2.1
Server: a.resolvers.level3.net
Address: 4.2.2.1
Non-authoritative answer:
Name: wp73.minvu.cl
Address: 163.247.53.78
Aliases: www.minvu.cl
C:\Users\Administrator>nslookup www.minvu.cl. 4.2.2.2
Server: b.resolvers.Level3.net
Address: 4.2.2.2
Non-authoritative answer:
Name: wp73.minvu.cl
Address: 163.247.53.78
Aliases: www.minvu.cl
C:\Users\Administrator>nslookup www.minvu.cl. 208.67.222.222
Server: resolver1.opendns.com
Address: 208.67.222.222
Non-authoritative answer:
Name: wp73.minvu.cl
Address: 163.247.53.78
Aliases: www.minvu.cl
C:\Users\Administrator>nslookup www.minvu.cl. 208.67.220.220
Server: resolver2.opendns.com
Address: 208.67.220.220
Non-authoritative answer:
Name: wp73.minvu.cl
Address: 163.247.53.78
Aliases: www.minvu.cl
C:\Users\Administrator>nslookup mx.minvu.cl. 4.2.2.1
Server: a.resolvers.level3.net
Address: 4.2.2.1
Non-authoritative answer:
Name: mx.minvu.cl
Address: 163.247.53.35
C:\Users\Administrator>nslookup mx.minvu.cl. 4.2.2.2
Server: b.resolvers.Level3.net
Address: 4.2.2.2
Non-authoritative answer:
Name: mx.minvu.cl
Address: 163.247.53.35
C:\Users\Administrator>nslookup mx.minvu.cl. 208.67.222.222
Server: resolver1.opendns.com
Address: 208.67.222.222
Non-authoritative answer:
Name: mx.minvu.cl
Address: 163.247.53.35
C:\Users\Administrator>nslookup mx.minvu.cl. 208.67.220.220
Server: resolver2.opendns.com
Address: 208.67.220.220
Non-authoritative answer:
Name: mx.minvu.cl
Address: 163.247.53.35
