Can't Resolve SalesForce Organization Domain

dash-dns
#1

I recently switched from Google Public DNS (8.8.8.8) to CloudFlare DNS (1.1.1.1). Everything was fine the first couple of weeks. However, since yesterday, I have been experiencing ongoing issues accessing my SalesForce organization domain. It’s an intermittent issue where CloudFlare DNS can’t resolve the domain (it resolves correctly for an hour, then it doesn’t resolve, and so on).

It seems like I can get it working by using the https://cloudflare-dns.com/purge-cache/ tool. However, that seems to only last for an hour or so.

dig @1.1.1.1 lumeritscholar2017.my.salesforce.com a

; <<>> DiG 9.8.3-P1 <<>> @1.1.1.1 lumeritscholar2017.my.salesforce.com a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1875
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;lumeritscholar2017.my.salesforce.com. IN A

;; ANSWER SECTION:
lumeritscholar2017.my.salesforce.com. 170 IN CNAME na50.my.salesforce.com.
na50.my.salesforce.com.	52	IN	CNAME	na50-iad.my.salesforce.com.
na50-iad.my.salesforce.com. 52	IN	CNAME	na50-iad.iad.r.my.salesforce.com.

It works using Google Public DNS

dig @8.8.8.8 lumeritscholar2017.my.salesforce.com a

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 lumeritscholar2017.my.salesforce.com a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3083
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;lumeritscholar2017.my.salesforce.com. IN A

;; ANSWER SECTION:
lumeritscholar2017.my.salesforce.com. 299 IN CNAME na50.my.salesforce.com.
na50.my.salesforce.com.	299	IN	CNAME	na50-iad.my.salesforce.com.
na50-iad.my.salesforce.com. 299	IN	CNAME	na50-iad.iad.r.my.salesforce.com.
na50-iad.iad.r.my.salesforce.com. 29 IN	A	13.108.235.20
na50-iad.iad.r.my.salesforce.com. 29 IN	A	13.108.232.20
na50-iad.iad.r.my.salesforce.com. 29 IN	A	13.108.233.20

;; Query time: 69 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Oct 23 09:56:53 2018
;; MSG SIZE  rcvd: 173

CloudFlare DNS Debug Link

#2

iad.r.my.salesforce.com runs some sort of sketchy DNS server… Maybe the resolver doesn’t tolerate one of its issues/

http://dnsviz.net/d/iad.r.my.salesforce.com/W88yJA/dnssec/

#3

This is actually a question for salesforce why they are using junk like this ?
https://ednscomp.isc.org/ednscomp/62a9e5e7b3

1 Like