1.1.1.1 sometimes doesn't resolve docs.infoblox.com

user66612 · May 2, 2023, 12:07pm

Hi,

/help/#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjEuMS4xIjoiWWVzIiwicmVzb2x2ZXJJcC0xLjAuMC4xIjoiWWVzIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTExMSI6Ik5vIiwicmVzb2x2ZXJJcC0yNjA2OjQ3MDA6NDcwMDo6MTAwMSI6Ik5vIiwiZGF0YWNlbnRlckxvY2F0aW9uIjoiRlJBIiwiaXNXYXJwIjoiTm8iLCJpc3BOYW1lIjoiQ2xvdWRmbGFyZSIsImlzcEFzbiI6IjEzMzM1In0=

I only noticed the issue with docs.infoblox.com. More often than not, it gives an empty response.

dig @1.1.1.1 docs.infoblox.com

; <<>> DiG 9.16.37 <<>> @1.1.1.1 docs.infoblox.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36874
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;docs.infoblox.com.             IN      A

;; Query time: 464 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue May 02 13:51:21 Mitteleuropäsche Sommerzeit 2023
;; MSG SIZE  rcvd: 46

Other public DNS providers don’t seem to have issues, although I noticed high query times across the board even with cached responses - not sure what’s behind that.

Also interesting that the parent domain infoblox.com is always resolving correctly (same NS records and SOA as docs.infoblox.com)

And one other thing I noticed: 1.0.0.1 seems to always be able to resolve it correctly

dig @1.0.0.1 docs.infoblox.com

; <<>> DiG 9.16.37 <<>> @1.0.0.1 docs.infoblox.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48728
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;docs.infoblox.com.             IN      A

;; ANSWER SECTION:
docs.infoblox.com.      180     IN      A       104.17.238.155
docs.infoblox.com.      180     IN      A       104.17.241.155
docs.infoblox.com.      180     IN      A       104.17.239.155
docs.infoblox.com.      180     IN      A       104.17.240.155
docs.infoblox.com.      180     IN      A       104.17.237.155

;; Query time: 605 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Tue May 02 14:01:03 Mitteleuropõische Sommerzeit 2023
;; MSG SIZE  rcvd: 126

Even as a DNS specialist, I’m a bit lost on that one.
I know they are some sort of competition to Cloudflare, so maybe it’s a built-in annoyance to Infoblox customers

Cheers

Chaika · May 2, 2023, 1:46pm

It looks like their ns5.infoblox.com and ns6.infoblox.com nameservers have issues returning the records on the docs subdomain. I’m guessing the other providers are failing over, where for some reason CF isn’t (and also isn’t servfailing?).

At least from my locations, it’s very consistent that ns5 and ns6 do not respond or servfail on docs, same behavior forcing tcp/udp

<<>> DiG 9.16.37-Debian <<>> docs.infoblox.com @ns6.infoblox.com
;; global options: +cmd
;; connection timed out; no servers could be reached

; <<>> DiG 9.16.37-Debian <<>> docs.infoblox.com @ns5.infoblox.com
;; global options: +cmd
;; connection timed out; no servers could be reached

; <<>> DiG 9.16.37-Debian <<>> docs.infoblox.com @ns5.infoblox.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47846
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
; COOKIE: cd644ee45a158dcccac06f1d645112b72672ab8b9ec1a372 (good)
;; QUESTION SECTION:
;docs.infoblox.com. IN A

;; Query time: 2376 msec
;; SERVER: 52.21.154.140#53(52.21.154.140)
;; WHEN: Tue May 02 06:40:07 PDT 2023
;; MSG SIZE rcvd: 74

They have no issues returning other records, like the apex A/AAAA or the SOA of the docs subdomain, as you noticed. If you have any way to contact them, I would reach out to them about those issues. 1.1.1.1 should (most likely - we can’t see the response it is getting of course) be failing over/retrying, but these nameservers also shouldn’t be broken in the first place.

user66612 · May 2, 2023, 1:53pm

Hey, nice find. I actually didn’t find the time yet to get into actual troubleshooting.

Probably it’s also the cause for those long response times even at the other providers.
I guess I’ll try to let them know.

Thanks a lot!

oneandonlyjason · May 2, 2023, 1:56pm

Had Problems resolving the Domain over 8.8.8.8 as Well right now. So maybe its Just Luck

system · May 5, 2023, 1:57pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.