1.1.1.1 Melbourne Farm failing to resolve cachefly.net and subdomains

Summary: From a variety of locations, ISPs and equipment, queries to the Melbourne Cloudflare resolving DNS farm are failing. Elimination of client side equipment or ISP introduced errors performed through using completely different equipment directly connected to Internet through different ISPs. No firewall filters or anti-virus DNS interceptors blocking queries.

The Melbourne farm is consistently not returning queries for the domain cachefly.net and subdomains. The Sydney and other overseas farms are responding correctly.

The issue is some of the Melbourne Cloudflare resolvers are returning SERVFAIL for anything under cachefly . net such as cdn . arstechnica . net.

For brevity, only kdig TLS queries shown for one failing site. All the usual dig / drill / nslookup @ 1.1.1.1 / 1.0.0.1 results are same as kdig’s.

Due to Cloudflare “Sorry, new users can only mention 2 users in a post. Sorry, new users can only put 4 links in a post.” there has been some mangling of domains in the following output.

Commands used to test:

kdig +tls +short @ 1.1.1.1 id.server CH TXT 
kdig +tls @ 1.1.1.1 cdn.arstechnica.net
kdig +tls @ 1.0.0.1 cdn.arstechnica.net
kdig +tls @ 8.8.8.8 cdn.arstechnica.net
kdig +tls @ 1.1.1.1 NS cachefly.net
kdig +tls @ 1.0.0.1 NS cachefly.net
kdig +tls @ 8.8.8.8 NS cachefly.net
kdig +tls @ 1.1.1.1 www.cloudflare.com
kdig +tls @ 1.0.0.1 www.abc.net.au

Results:

kdig +tls +short @ 1.1.1.1 id.server CH TXT
"MEL"


kdig +tls @ 1.1.1.1 cdn.arstechnica.net
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 61386
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; PADDING: 416 B
;; Option (15): 0016

;; QUESTION SECTION:
;; cdn.arstechnica.net.		IN	A

;; Received 474 B
;; Time 2021-06-07 14:53:45 AEST
;; From [email protected] 853(TCP) in 2016.5 ms


kdig +tls @1.0.0.1 cdn.arstechnica.net
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 61195
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; PADDING: 416 B
;; Option (15): 0016

;; QUESTION SECTION:
;; cdn.arstechnica.net.		IN	A

;; Received 474 B
;; Time 2021-06-07 14:53:47 AEST
;; From [email protected] 853(TCP) in 22.8 ms


kdig +tls @8.8.8.8 cdn.arstechnica.net
;; TLS session (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 13632
;; Flags: qr rd ra; QUERY: 1; ANSWER: 3; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 512 B; ext-rcode: NOERROR
;; PADDING: 341 B

;; QUESTION SECTION:
;; cdn.arstechnica.net.		IN	A

;; ANSWER SECTION:
cdn.arstechnica.net.	299	IN	CNAME	arstechnicarp.cachefly.net.
arstechnicarp.cachefly.net.	1823	IN	CNAME	vip1.g5.cachefly.net.
vip1.g5.cachefly.net.	2135	IN	A	205.234.175.175

;; Received 468 B
;; Time 2021-06-07 14:53:54 AEST
;; From [email protected] 853(TCP) in 38.1 ms


kdig +tls @1.1.1.1 NS cachefly.net
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 63335
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; PADDING: 423 B
;; Option (15): 0016

;; QUESTION SECTION:
;; cachefly.net.       		IN	NS

;; Received 474 B
;; Time 2021-06-07 14:53:58 AEST
;; From [email protected] 853(TCP) in 1970.1 ms


kdig +tls @1.0.0.1 NS cachefly.net
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 43207
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; PADDING: 423 B
;; Option (15): 0016

;; QUESTION SECTION:
;; cachefly.net.       		IN	NS

;; Received 474 B
;; Time 2021-06-07 14:54:09 AEST
;; From [email protected](TCP) in 1977.8 ms


kdig +tls @ 8.8.8.8 NS cachefly.net
;; TLS session (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 26085
;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 512 B; ext-rcode: NOERROR
;; PADDING: 382 B

;; QUESTION SECTION:
;; cachefly.net.       		IN	NS

;; ANSWER SECTION:
cachefly.net.       	21599	IN	NS	ns1.adns.cachefly.net.
cachefly.net.       	21599	IN	NS	ns2.adns.cachefly.net.

;; Received 468 B
;; Time 2021-06-07 14:54:12 AEST
;; From [email protected](TCP) in 167.2 ms

kdig +tls @ 1.1.1.1 www.cloudflare.com
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 65041
;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; PADDING: 385 B

;; QUESTION SECTION:
;; www.cloudflare.com. 		IN	A

;; ANSWER SECTION:
www.cloudflare.com. 	183	IN	A	104.16.123.96
www.cloudflare.com. 	183	IN	A	104.16.124.96

;; Received 468 B
;; Time 2021-06-07 15:03:52 AEST
;; From [email protected] 853(TCP) in 30.4 ms


kdig +tls @1.0.0.1 www.abc.net.au
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 53132
;; Flags: qr rd ra; QUERY: 1; ANSWER: 3; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; PADDING: 332 B

;; QUESTION SECTION:
;; www.abc.net.au.     		IN	A

;; ANSWER SECTION:
www.abc.net.au.     	298	IN	CNAME	www.abc.net.au.edgekey.net.
www.abc.net.au.edgekey.net.	21598	IN	CNAME	e3161.b.akamaiedge.net.
e3161.b.akamaiedge.net.	18	IN	A	104.119.100.93

;; Received 468 B
;; Time 2021-06-07 15:03:54 AEST
;; From [email protected] 853(TCP) in 30.1 ms
1 Like