1.1.1.1 DNS Resolution Issue


#1

Hello, having issue with a 1.1.1.1 dns lookup… seems to work fine on 1.0.0.1 and 8.8.8.8…

Last login: Fri Jun  1 12:46:54 on ttys000
$ dig www.tahariasl.com 142 @1.1.1.1

; <<>> DiG 9.10.6 <<>> www.tahariasl.com 142 @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33119
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.tahariasl.com.		IN	A

;; ANSWER SECTION:
www.tahariasl.com.	1068	IN	CNAME	www.production.tahariasl.weblinc.com.

;; AUTHORITY SECTION:
tahariasl.weblinc.com.	619	IN	SOA	ns-85.awsdns-10.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Jun 01 12:51:39 EDT 2018
;; MSG SIZE  rcvd: 170

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16103
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1536
;; QUESTION SECTION:
;142.				IN	A

;; AUTHORITY SECTION:
.			2058	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2018060101 1800 900 604800 86400

;; Query time: 13 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Jun 01 12:51:39 EDT 2018
;; MSG SIZE  rcvd: 107

$ dig www.tahariasl.com 142 @1.0.0.1

; <<>> DiG 9.10.6 <<>> www.tahariasl.com 142 @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30402
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.tahariasl.com.		IN	A

;; ANSWER SECTION:
www.tahariasl.com.	1068	IN	CNAME	www.production.tahariasl.weblinc.com.

;; AUTHORITY SECTION:
tahariasl.weblinc.com.	619	IN	SOA	ns-85.awsdns-10.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 1 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Jun 01 12:51:39 EDT 2018
;; MSG SIZE  rcvd: 170

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29234
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1536
;; QUESTION SECTION:
;142.				IN	A

;; AUTHORITY SECTION:
.			786	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2018060101 1800 900 604800 86400

;; Query time: 17 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Fri Jun 01 12:51:39 EDT 2018
;; MSG SIZE  rcvd: 107

$ dig www.tahariasl.com 142 @8.8.8.8

; <<>> DiG 9.10.6 <<>> www.tahariasl.com 142 @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48749
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.tahariasl.com.		IN	A

;; ANSWER SECTION:
www.tahariasl.com.	1068	IN	CNAME	www.production.tahariasl.weblinc.com.

;; AUTHORITY SECTION:
tahariasl.weblinc.com.	619	IN	SOA	ns-85.awsdns-10.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Jun 01 12:51:39 EDT 2018
;; MSG SIZE  rcvd: 170

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35104
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;142.				IN	A

;; AUTHORITY SECTION:
.			86376	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2018060101 1800 900 604800 86400

;; Query time: 25 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Jun 01 12:51:39 EDT 2018
;; MSG SIZE  rcvd: 107

$ dig +short CHAOS TXT id.server @1.1.1.1
"ewr01"
$ dig +short CHAOS TXT id.server @1.0.0.1
"ewr01"

#2

I don’t think either 1.1.1.1 or 1.0.0.1 will resolve this correctly as the CNAME target appears have it’s DNS misconfigured and doesn’t support query minimization… which results in an NXDOMAIN response to resolvers which implement rfc7816.

I’ll put in a request to see if we can put in a manual bypass for this DNS record and ask our DNS team to see if the zone owner can fix their config.


#3

Which zone owner are you suggesting needs to perform a correction?


#4

Oh sorry, should have been clearer… weblinc.com has the issues.


#5

This topic was automatically closed after 14 days. New replies are no longer allowed.