1.1.1.1 doesn't resovle urzadskarbowy.gov.pl

Hello,

1.1.1.1 DNS resolvers doesn’t resovle Polish IRS domain urzadskarbowy.gov.pl.
Bellow is my dig command outputs :

; <<>> DiG 9.10.6 <<>> urzadskarbowy.gov.pl @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16621
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 16 74 69 6d 65 20 6c 69 6d 69 74 20 65 78 63 65 65 64 65 64 ("..time limit exceeded")
;; QUESTION SECTION:
;urzadskarbowy.gov.pl.		IN	A

;; Query time: 4121 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Mar 12 00:21:47 CET 2023
;; MSG SIZE  rcvd: 74

; <<>> DiG 9.10.6 <<>> urzadskarbowy.gov.pl @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49063
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 16 74 69 6d 65 20 6c 69 6d 69 74 20 65 78 63 65 65 64 65 64 ("..time limit exceeded")
;; QUESTION SECTION:
;urzadskarbowy.gov.pl.		IN	A

;; Query time: 1015 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Sun Mar 12 00:22:08 CET 2023
;; MSG SIZE  rcvd: 74

; <<>> DiG 9.10.6 <<>> urzadskarbowy.gov.pl @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62409
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;urzadskarbowy.gov.pl.		IN	A

;; ANSWER SECTION:
urzadskarbowy.gov.pl.	292	IN	A	145.237.204.138

;; Query time: 852 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Mar 12 00:22:21 CET 2023
;; MSG SIZE  rcvd: 65

**dig +short CHAOS TXT id.server @1.1.1.1**
"PRG"

**dig +short CHAOS TXT id.server @1.0.0.1**
"PRG"

**DOH query:**
cmd$ curl --http2 -H "accept: application/dns-json" "https://1.1.1.1/dns-query?name=urzadskarbowy.gov.pl"
{"Status":2,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"urzadskarbowy.gov.pl","type":1}],"Comment":["EDE(22): No Reachable Authority (time limit exceeded)"]}

Example query to urzadzskarbowy.gov.pl to my provider DNS servers:

; <<>> DiG 9.10.6 <<>> urzadskarbowy.gov.pl @192.168.33.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12780
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;urzadskarbowy.gov.pl.		IN	A

;; ANSWER SECTION:
urzadskarbowy.gov.pl.	258	IN	A	145.237.204.138

;; Query time: 96 msec
;; SERVER: 192.168.33.1#53(192.168.33.1)
;; WHEN: Sun Mar 12 00:27:42 CET 2023
;; MSG SIZE  rcvd: 54

/pch

Hi,

Thanks for the report. It seems to be the name server of urzadskarbowy.gov.pl (ns[1-4].mf.gov.pl) is blocking queries sent by 1.1.1.1 from our Prague data centers. We are contacting them to find out what is wrong. It works fine in other places.

Meanwhile, I’ve applied a workaround. Let me know if you still see the problem.

Hi,

Workaround is working fine I’ve response for domain urzadskarbowy.gov.pl . DOH query still returning “No Reachable Authority” but it is not so much problem for me.

; <<>> DiG 9.10.6 <<>> urzadskarbowy.gov.pl @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26235
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;urzadskarbowy.gov.pl.		IN	A

;; ANSWER SECTION:
urzadskarbowy.gov.pl.	300	IN	A	145.237.204.138

;; Query time: 157 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat Mar 18 13:23:28 CET 2023
;; MSG SIZE  rcvd: 65
cmd$ curl --http2 -H "accept: application/dns-json" "https://1.1.1.1/dns-query?name=urzadskarbowy.gov.pl"
{"Status":2,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"urzadskarbowy.gov.pl","type":1}],"Comment":["EDE(22): No Reachable Authority (time limit exceeded)"]}

/pch

I’ve updated the workaround to include DoH as well, it should work too now.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.