1.1.1.1 fails to resolve a Google endpoint

alextsits · January 19, 2022, 7:09pm

I have a Google endpoint, minikf-11.endpoints.arrikto-playground.cloud.goog that the DNS of my local ISP, and the Google DNS are able to resolve, but 1.1.1.1 can’t.

Could you help me understand the source of this discrepancy?

The relevant DNS queries (both with host and with dig for every DNS server):

# Querying the DNS of my ISP with `host`
$ host minikf-11.endpoints.arrikto-playground.cloud.goog dns1.otenet.gr
Using domain server:
Name: dns1.otenet.gr
Address: 2a02:587:101:0:195:170:0:1#53
Aliases:

minikf-11.endpoints.arrikto-playground.cloud.goog has address 35.190.143.99

# Querying Google's DNS with `host`
$ host minikf-11.endpoints.arrikto-playground.cloud.goog 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

minikf-11.endpoints.arrikto-playground.cloud.goog has address 35.190.143.99

# Querying Cloudflare's DNS with `host`
$ host minikf-11.endpoints.arrikto-playground.cloud.goog 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

Host minikf-11.endpoints.arrikto-playground.cloud.goog not found: 2(SERVFAIL)

# Querying the DNS of my ISP with `dig`
$ dig minikf-11.endpoints.arrikto-playground.cloud.goog @dns1.otenet.gr

; <<>> DiG 9.16.24 <<>> minikf-11.endpoints.arrikto-playground.cloud.goog @dns1.otenet.gr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14371
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 46e3b446a1b64975ef67cefa61e8574d703f60275b17641a (good)
;; QUESTION SECTION:
;minikf-11.endpoints.arrikto-playground.cloud.goog. IN A

;; ANSWER SECTION:
minikf-11.endpoints.arrikto-playground.cloud.goog. 60 IN A 35.190.143.99

;; Query time: 63 msec
;; SERVER: 2a02:587:101:0:195:170:0:1#53(2a02:587:101:0:195:170:0:1)
;; WHEN: Wed Jan 19 20:24:13 EET 2022
;; MSG SIZE  rcvd: 122

# Querying Google's DNS with `dig`
$ dig minikf-11.endpoints.arrikto-playground.cloud.goog @8.8.8.8

; <<>> DiG 9.16.24 <<>> minikf-11.endpoints.arrikto-playground.cloud.goog @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39434
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;minikf-11.endpoints.arrikto-playground.cloud.goog. IN A

;; ANSWER SECTION:
minikf-11.endpoints.arrikto-playground.cloud.goog. 60 IN A 35.190.143.99

;; Query time: 193 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jan 19 20:19:12 EET 2022
;; MSG SIZE  rcvd: 94

# Querying Cloudflare's DNS with `dig`
$ dig minikf-11.endpoints.arrikto-playground.cloud.goog @1.1.1.1

; <<>> DiG 9.16.24 <<>> minikf-11.endpoints.arrikto-playground.cloud.goog @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42265
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 10 (RRSIGs Missing): (failed to verify minikf-11.endpoints.arrikto-playground.cloud.goog. A)
;; QUESTION SECTION:
;minikf-11.endpoints.arrikto-playground.cloud.goog. IN A

;; Query time: 279 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Jan 19 20:20:10 EET 2022
;; MSG SIZE  rcvd: 153

alextsits · January 21, 2022, 11:22am

An update:
I can now see 1.1.1.1 no longer shows the problematic behavior and resolves *.endpoints.*.cloud.goog properly, like the other public DNS servers:

# Testing with `host`
$ host minikf-9.endpoints.arrikto-playground.cloud.goog 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

minikf-9.endpoints.arrikto-playground.cloud.goog has address 35.241.104.250

# Testing with `dig`
$ dig minikf-11.endpoints.arrikto-playground.cloud.goog @1.1.1.1

; <<>> DiG 9.16.24 <<>> minikf-11.endpoints.arrikto-playground.cloud.goog @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1984
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;minikf-11.endpoints.arrikto-playground.cloud.goog. IN A

;; ANSWER SECTION:
minikf-11.endpoints.arrikto-playground.cloud.goog. 60 IN A 35.190.143.99

;; Query time: 369 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Jan 21 13:18:31 EET 2022
;; MSG SIZE  rcvd: 94

But this is very troubling: A lot of people depend on 1.1.1.1 as their nameserver, it’s not obvious to me what changed in the last few days to fix this.
Do you have any insight on this / any pointers I can follow?

mvavrusa · January 27, 2022, 7:34pm

Moved to Some VMware subdomains not reachable - #16 by mvavrusa

system · February 26, 2022, 7:35pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
1.1.1.1 fails to resolve Google endpoints (v2) 1.1.1.1	6	1723	June 11, 2022
I can't resolve the domain: https://monetgrzecka.towergarden.com/ DNS & Network	2	1862	November 26, 2021
DNS resolving fails with CloudFlare, works with Google and others 1.1.1.1	4	2872	June 18, 2021
1.1.1.1 not resolving an address 1.1.1.1	4	978	November 1, 2023
Strange resolution behavior with ndots:5 DNS & Network	1	1887	February 20, 2022

1.1.1.1 fails to resolve a Google endpoint

Related topics