Cannot resolve the www.esunbank.com.tw


#1

www.esunbank.com.tw doesn’t resolve using 1.1.1.1
Can someone confirm?
image


Cannot resolve website www.esunbank.com.tw
#2
$ dig www.esunbank.com.tw @1.1.1.1
# SERVFAIL
$ dig www.esunbank.com.tw @8.8.8.8
175.99.135.161

Ya, something with the cloudflare resolver.


Domain does not resolve
#3

can the cloudflare staff help to solve this problem?


#4

I also encunters the issue. 1.1.1.1 responses www.esunbank.com.tw has invalide DNSSEC.

And DNSViz also shows there is a DNSSEC error in www.esunbank.com.tw


#5

Sometimes the DNS can resolve the website but sometimes can’t


#6

That would appear to be an issue of the domain’s nameservers. They partially time out and they do return different IP addresses.


#7

There are a handful of sites that Cloudfare fail to resolve. The most famous one being the archive set of sites. A couple days ago there was a reddit post with a link about internet marketshare, and it also failed. Cloudfare already said that they won’t fix it on their end, and that if those sites want to they can tweak their settings to allow to be resolved by cloudfare. I believe it was about security/privacy. You’ll probably have better luck contacting the techs from your bank and asking them to take a look.


1.1.1.1 unable to resolve https://www.hblibank.com.pk/
#8

#9

Hi,

One of the nameserver for this domain is “dns.esunbank.com.tw”. As you can see, when querying with DNSSEC enabled(this is what 1.1.1.1 do in the background), the response size is bigger than the regular MTU.
dig @dns.esunbank.com.tw esunbank.com.tw dnskey +dnssec

; <<>> DiG 9.11.5-1-Debian <<>> @dns.esunbank.com.tw esunbank.com.tw dnskey +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42979
;; flags: qr aa rd ad; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;esunbank.com.tw.               IN      DNSKEY

;; ANSWER SECTION:
esunbank.com.tw.        86400   IN      DNSKEY  257 3 8 AwEAAbtBUmPijODEsIJTy/am8HsOXdJx2N3ZcuGS7jLZIYaCudARBURw 1cZ5jlfp2WoysrCLCqZigTXX0MnsP1EqfpzHJlXBBKbXycaOc4zZ0Hk5 Dncj2yTCX1B/0HEyrHUwGu1EEnnrLJURxpA0lTApLKLGADaAKyHFFYiJ mH3/od5fd+p1J6KYeFdbJ6igdEKK2NjnfY93EcCSBebo5Si7Y43g8/V5 HtYiQKF8j0c+vaqVb+kuvN66ftMqLC5YC08cYjrNCMJKgGiO628kMUFo SXoQd+LVH913OGC9eBwwQ159fyNeNYKRPcdfZk1fa1krbZJneWUU3RLQ XllRJAzGwEU=
esunbank.com.tw.        86400   IN      DNSKEY  256 3 8 AwEAAazJuKoFuhCXsyxRowTyjL5DqCjhFS3nsO5qKwmaHiaGJwZgANOp YYGFWYUEDnZybtNSqe39wA5y9Q2a8CYMahL2wztAJokaPlEaltidFlOF 4lVUFv39bxxazWbZ04FMeZz9eAEwJ6iC9TVVcBt7ShXJv/XHKnfI2Uzk tvXch9YO7DMbWfRc7b50m7pko97azwD497Z0iDn3zMsGmgmLCAumMHoJ Mq7MkCSgIjt1apPj0rqs0UyK+kNrT9NyXGiu7SWKx4eVlEMfyEeJPkQh jFBeM6jU41rW13/gaKppcZ8reqMdUfMonLBNACTN4e/p30mMnO4zpS0M AxaAXXGgCbs=
esunbank.com.tw.        86400   IN      DNSKEY  256 3 8 AwEAAdxD4Ww3bLXTaLDev+mnx99o631VsEN3w2IZGhAwpuxmCJZCz1Rh KcAGHsqIlxtjrSzgvpLNoP83l+ZahtvFMJMfkBKVxXrFl4XA7bUSBeXu DfvvkFqa/PjvAkxbFu+0ABYYzc25NJgEKzpNPmPMIyqZGRkbRIoHygop gk3QiGdWDty+yVZGYXweFCV+Lo40arOl4bAirJ8jDIPWnMu/Kc3jJbvl W1EtzOIm9rSy+pA6TcoOZiV7xY8ixtYPVp609mwjCxAdf7nAVRBe1bIX Qim6tfxMTJ6QiWrar8r6D8fAo2DW54mmgRiAYthj2xWr+p7ysaOU9hPB z6nG4k2/khc=
esunbank.com.tw.        86400   IN      RRSIG   DNSKEY 8 3 86400 20181210103611 20181203103611 52630 esunbank.com.tw. LdH074p6bwu2ZjAmocXbEc5gsQtjABpxLdjiXolFKro1wyjrXZoSVY2v m77EkmK4le8Wg/fBmBXhNKoXOetiHWjOQwlX7as+AbHSudYJ35Ra7IHB 7MkzV3io22FfdnNcuGoNAHGl87aydLGHoWmWg1ONKCUm0w8aSatcfQgk WW1UY1KxGfMo5/cLjgFcMBKu6UR+/hcMQ1mgb0duDin3A1905pD8L5pj 31LY4IY1CFDFaPkLl/tS+3KUsFKdHe0QfAu+WC30QEt+NJazJ9l//bps Ut/QIJY1A874vleg2nI5Mz2/w/zTQ48j/eQcIMI+R8BUkt2kuJMCZxIY hHMAUg==
esunbank.com.tw.        86400   IN      RRSIG   DNSKEY 8 3 86400 20181210103611 20181203103611 3744 esunbank.com.tw. kZWeb7QV9SrmbS3NALt6mNI1uotio/oKqjvfGFHstLphR2srC9+C/MsY qdDXp+dkVdRSgVeNLCG/eYrD79Py5XaqlJ2u7Cdt0hiJI6jEYXJ6M0wq ml8/ekuziDKP1n0KkneSLrSsAFGYMIHqPC1jDR7wtTkN2z6LUJm7YHDu gkJwkTRFnvru4Tx8olcrG1ZSgR+Fxzp8BSXVLu5DP8qN5JsCy2+hTQVp COOKJnfIheRQkblWe1tYkw1tr73jDA9v8LIJpMnBTKbg0qNdXXFWxEKm CJdDQ0CeRfDwKKd69xye5+ZJEGtHbgcapUocBgNFq9N4DvjhoEyLxkag MZwNoQ==
esunbank.com.tw.        86400   IN      RRSIG   DNSKEY 8 3 86400 20181210103611 20181203103611 16743 esunbank.com.tw. HDHaSdyDmC+ziiy5Tz5KJmSiSq+aBg7npbEQEo3mtpvL3tt3NLz6LqPV T8dmRxkDEMPELO10m8z16SZUTxPEhxxpYvQ3RlhowNsnbYhH29og7DMA 7C0T11YUPIRjz7sJhlcQtcCzn7VDchJ28keg9CXz5R56Wul9pP3kKseS kCbHeO7Xd02O7WKnrYXtnBBCO5O28GZDNu9Bz4KbzX5Kla4ukMh+PIn9 XWe9WYDx+i2RejlCX2V8mV9I1u6xKKMoFSvxYpQcJd9V1qEBlqfEuAj+ MDH9VYZTXOgq1geKHd2TaZp1GDwGKg3KY4vuE0US+uJiaXECupTvlv4e SBB3Uw==

;; Query time: 159 msec
;; SERVER: 203.67.45.130#53(203.67.45.130)
;; WHEN: Tue Dec 04 12:16:33 PST 2018
;; MSG SIZE  rcvd: 1781

In this case, to avoid fragment, 1.1.1.1 will try to talk to the server with TCP, but unfortunately, the server doesn’t like TCP.

dig @dns.esunbank.com.tw esunbank.com.tw dnskey +dnssec +tcp

; <<>> DiG 9.11.5-1-Debian <<>> @dns.esunbank.com.tw esunbank.com.tw dnskey +dnssec +tcp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55946
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;esunbank.com.tw.               IN      DNSKEY

;; AUTHORITY SECTION:
esunbank.com.tw.        28800   IN      SOA     dns.esunbank.com.tw. shian-1763.email.esunbank.com.tw. 2011111061 10800 3600 604800 86400

;; Query time: 173 msec
;; SERVER: 203.67.45.130#53(203.67.45.130)
;; WHEN: Tue Dec 04 12:27:37 PST 2018
;; MSG SIZE  rcvd: 101

#10

24