Can't resolve domain name trough some ISPs DNS servers

user21672 · January 31, 2022, 11:55am

Hello,
I recently noticed an absurd issue with one of my websites and can’t get to the bottom of it:

Scenario:
We have 2 domains, for 2 distinct sites ( I will refer to them as xx.com and zz.it ),

both domains are registered on the same registrar (register.it);
both domains use the same Cloudflare account and the same nameservers;
both domains are configured to be proxied by Cloudflare;
both sites are hosted on the same nginx server along with other sites (same A and AAAA records for both);
both domains are configured like this since more than 2 years with no changes to nameservers, the only change happened 4 months ago when we migrated both sites to a different server;

So if one site works fine the other should also, right? apparently not.

2 coworkers from Italy using 2 different ISPs (VeryMobile and NES Internet Solutions) couldn’t connect to our main site xx.com: error was about name resolution, chrome couldn’t find our domain, I asked them to try zz.it and it worked fine though.
Then I asked them to change their dns settings to use 1.1.1.1 as their dns server and it started working.

before changing dns I asked one of the coworkers to run a dig on our xx.com domain:

dig xx.com

; <<>> DiG 9.10.6 <<>> xx.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31404
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xx.com.			IN	A

;; ANSWER SECTION:
xx.com.		31	IN	A	188.114.X.Y apparently cloudflare columbia?
xx.com.		31	IN	A	188.114.Z.Y apparently cloudflare columbia?

;; AUTHORITY SECTION:
com.			80398	IN	SOA	e.gtld-servers.net.
com.			80398	IN	SOA	a.gtld-servers.net.
com.			80398	IN	SOA	k.gtld-servers.net.
com.			80398	IN	SOA	j.gtld-servers.net.
com.			80398	IN	SOA	b.gtld-servers.net.
com.			80398	IN	SOA	f.gtld-servers.net.
com.			80398	IN	SOA	h.gtld-servers.net.
com.			80398	IN	SOA	i.gtld-servers.net.
com.			80398	IN	SOA	g.gtld-servers.net.
com.			80398	IN	SOA	m.gtld-servers.net.
com.			80398	IN	SOA	d.gtld-servers.net.
com.			80398	IN	SOA	l.gtld-servers.net.
com.			80398	IN	SOA	c.gtld-servers.net.

;; ADDITIONAL SECTION:
......................
(more gltd server addresses)
......................
;; Query time: 236 msec
;; SERVER: 185.62.X.X#53(185.62.X.X)
;; WHEN: Mon Jan 26 12:39:56 CET 2022
;; MSG SIZE  rcvd: 869

We need to fix this as I can't ask my customers to change their pc settings to be able to login to my website. :sweat_smile:

sandro · January 31, 2022, 11:56am

No offence, but these mystery challenges really are not fun

What are the domains?

sandro · January 31, 2022, 11:59am

Well, generally, it resolves just fine.

Can you post the output of these commands?

nslookup labeldoo.com
nslookup labeldoo.com 1.1.1.1
nslookup labeldoo.com 1.0.0.1
nslookup labeldoo.com 8.8.8.8

user21672 · January 31, 2022, 12:03pm

❯ nslookup labeldoo.com

Server:		185.62.48.13
Address:	185.62.48.13#53

Non-authoritative answer:
Name:	labeldoo.com
Address: 188.114.96.22
Name:	labeldoo.com
Address: 188.114.97.22

❯ nslookup labeldoo.com 1.1.1.1

Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	labeldoo.com
Address: 104.21.2.32
Name:	labeldoo.com
Address: 172.67.128.167


~                                                                                          13:01:04
❯ nslookup labeldoo.com 8.8.8.8

Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	labeldoo.com
Address: 188.114.96.22
Name:	labeldoo.com
Address: 188.114.97.22


~                                                                                          13:01:10
❯ nslookup labeldoo.com 1.0.0.1

Server:		1.0.0.1
Address:	1.0.0.1#53

Non-authoritative answer:
Name:	labeldoo.com
Address: 104.21.2.32
Name:	labeldoo.com
Address: 172.67.128.167

sandro · January 31, 2022, 5:34pm

The Cloudflare nameservers give you different proxy addresses, but that should not be an issue per se.

In general, you seem to be able to resolve the domain fine. But as far as I understand your colleagues had issues, so they will need to run that.

user21672 · February 1, 2022, 9:32am

Yes, actually that was the output of nslookup on their computer before changing dns, if you see it matches the output of dig
Checking again the photos that they sent me I noticed the error in chrome was ERR_CONNECTION_TIMED_OUT
So apparently their ISP was blocking 188.114.96.0/20 or had some routing issues…

Anyways while I was replying to this I asked both colleagues to try the website and it’s working for both of them
So, sorry for wasting your time i guess… Thank you for help and fast reply!

system · February 4, 2022, 9:32am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with ERR_NAME_NOT_RESOLVED DNS & Network dns , dash-ssl-tls	4	7782	June 18, 2021
Cloudflare DNS not resolving the domain DNS & Network	2	2406	July 16, 2021
Can't resolve domain 1.1.1.1 dns	1	2510	June 18, 2021
DNS / Nameserver Resolve Issue DNS & Network dns , nameserver	4	2789	January 21, 2019
DNS cannot resolve DNS & Network	22	1627	October 31, 2022

Can't resolve domain name trough some ISPs DNS servers

Related topics