1.1.1.1 fail to resolve aws console

I have been using 1.1.1.1 for a while not and only recently started seeing DNS resolution issues. I have started seeing aws console queries fail at least 4 out of 5 queries. All of the other public DNS servers seem happy about the query. I have attached a Failed dig.

FAILED DIG:

dig console.aws.amazon.com @1111

; <<>> DiG 9.10.6 <<>> console.aws.amazon.com @1111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22666
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 00 49 74 65 72 61 74 69 6f 6e 20 6c 69 6d 69 74 20 72 65 61 63 68 65 64 ("…Iteration limit reached")
;; QUESTION SECTION:
;console.aws.amazon.com. IN A

;; Query time: 20 msec
;; SERVER: 1111#53(1111)
;; WHEN: Mon Nov 30 10:33:31 EST 2020
;; MSG SIZE rcvd: 80

PASSING DIG 5 mins later:

1 Like

Here is the passing DIG since a new user can not have too many URLs.

; <<>> DiG 9.10.6 <<>> console.aws.amazon.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6035
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;console.aws.amazon.com. IN A

;; ANSWER SECTION:
console.aws.amazon.com. 47 IN CNAME lbr-optimized.console-l.amazonaws.com.
lbr-optimized.console-l.amazonaws.com. 47 IN CNAME us-east-1.console.aws.amazon.com.
us-east-1.console.aws.amazon.com. 47 IN CNAME console.us-east-1.amazonaws.com.
console.us-east-1.amazonaws.com. 47 IN A 54.239.30.25

;; Query time: 20 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Nov 30 10:36:17 EST 2020
;; MSG SIZE rcvd: 171

I’m seeing the same issue today.

It works a fraction of the time:

 % dig console.aws.amazon.com @1.1.1.1

; <<>> DiG 9.16.1-Ubuntu <<>> console.aws.amazon.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2234
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;console.aws.amazon.com.                IN      A

;; ANSWER SECTION:
console.aws.amazon.com. 45      IN      CNAME   lbr-optimized.console-l.amazonaws.com.
lbr-optimized.console-l.amazonaws.com. 45 IN CNAME us-east-1.console.aws.amazon.com.
us-east-1.console.aws.amazon.com. 45 IN CNAME   console.us-east-1.amazonaws.com.
console.us-east-1.amazonaws.com. 45 IN  A       54.239.30.25

;; Query time: 3 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Nov 30 13:12:07 EST 2020
;; MSG SIZE  rcvd: 171

Iteration limit reached:

 % dig console.aws.amazon.com @1.1.1.1

; <<>> DiG 9.16.1-Ubuntu <<>> console.aws.amazon.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 9176
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 00 49 74 65 72 61 74 69 6f 6e 20 6c 69 6d 69 74 20 72 65 61 63 68 65 64 ("..Iteration limit reached")
;; QUESTION SECTION:
;console.aws.amazon.com.                IN      A

;; Query time: 11 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Nov 30 13:12:17 EST 2020
;; MSG SIZE  rcvd: 80

And sometimes just SERVFAIL

 % dig console.aws.amazon.com @1.1.1.1

; <<>> DiG 9.16.1-Ubuntu <<>> console.aws.amazon.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29960
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;console.aws.amazon.com.                IN      A

;; Query time: 37 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Nov 30 13:11:58 EST 2020
;; MSG SIZE  rcvd: 51

Hi, sorry about that. Looks like there was a local spike in traffic, it should be resolving more reliably now.