1.1.1.1 not resolving duckdns subdomain


#1

I have setup DNS over TLS under pfsense using 1.1.1.1

.duckdns.org will not work, but it works if I’m using 8.8.8.8

Any idea why?


1.1.1.1 and DuckDNS name resolution issues
#2

Same issue for me. Have happend 4-5 times before also. No idea why but is a cloudflare dns issue only. Google dns and other dns services works without any issues. Had to stop using cloudflare dns beacuse of this.


#3

#4

Hope Cloudflare can fix this issue is very annoying when I can access my Home Automation system etc beacause is just stops working for hours 2-3 times a month.


#5

Hi there. It seems that there is some ongoing issue using CloudFlare DNS (1.1.1.1) to resolve DuckDNS subdomains.

I’ve tested 6 different duckDNS sub-domains and each and every one of them are unable to get resolved using either 1.1.1.1 or 1.0.0.1 (did not try IPv6 as I do not have any DuckDNS AAAA records as of now)

Testing out the same domains using other public DNS services (like Google’s 8.8.8.8, IBM’s 9.9.9.9 or Level 3 4.2.2.2) all end up resolving the domain fine.

Example: dig @9.9.9.9 .duckdns.org works while dig @1.1.1.1 .duckdns.org fails.

Same goes for good old nslookup

1.1.1.1 = server can’t find .duckdns.org: SERVFAIL
9.9.9.9 = server can’t find .duckdns.org: SERVFAIL

I’ve seen one other recent thread on this issue, but aside suggesting changing your DNS provider, nothing else has been discussed. Now, what if the person on the other end cannot change their DNS settings, and want to use a duckDNS address (or a CNAME that resolve to a duckDNS entry…) It’s likely to fail.

Comments?

Thanks!

(NOTE: I’ve replaced my real sub-domains with …)


#6

Yes. I have noticed this same issue over the last few days, although I don’t know when it actually started happening.


#7

Here’s the response from Cloudflare DOH:

$ curl -H 'accept: application/dns-json' "https://cloudflare-dns.com/dns-query?name=box.duckdns.org&type=A" | jq
{
  "Status": 2,
...
}

Based on the DOH docs and RCODEs RFC, a Status of 2 means:

RCODE           Response code - this 4 bit field is set as part of
                responses.  The values have the following
                interpretation:
                2               Server failure - The name server was
                                unable to process this query due to a
                                problem with the name server.

So maybe this is an issue with Cloudflare, but based on the spec this is an issue with Duckdns’s nameserver.


#8

Hi, the problem is that duckdns.org nameservers don’t support TCP (which is mandatory since RFC5966) so fallback in case of packet loss is impossible. I’ve added a workaround for this, it should be resolving a lot better now.

NOTE: it can still occasionally fail, as the resolver has nothing to fall back to when the nameserver doesn’t respond over UDP


Domains off a certain hosting provider not resolving