Can't resolve some domains

Some domains won’t resolve using 1.1.1.1 but will resolve with other DNS servers.
For example, haaretz.co.il:

$ drill @8.8.8.8 haaretz.co.il
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 27055
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; haaretz.co.il.       IN      A

;; ANSWER SECTION:
haaretz.co.il.  299     IN      A       192.118.72.27

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 190 msec
;; SERVER: 8.8.8.8
;; WHEN: Mon Apr  2 10:56:02 2018
;; MSG SIZE  rcvd: 47
$ drill @1.1.1.1 haaretz.co.il
Error: error sending query: Could not send or receive, because of network error

Most other domains work fine:

$ drill @1.1.1.1 google.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 26164
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; google.com.  IN      A

;; ANSWER SECTION:
google.com.     93      IN      A       216.58.214.78

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 144 msec
;; SERVER: 1.1.1.1
;; WHEN: Mon Apr  2 10:56:33 2018
;; MSG SIZE  rcvd: 44

Based on the error it could be a network issue. Does the same error occur if you try against 1.0.0.1?

Yeah I get the same error with 1.0.0.1. Does resolving this domain work for you? Because as you can see with other resolvers it works.

Works for me?

$ drill haaretz.co.il @1.1.1.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 49991
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; haaretz.co.il.   IN      A

;; ANSWER SECTION:
haaretz.co.il.      265     IN      A       192.118.72.27

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 1 msec
;; SERVER: 1.1.1.1
;; WHEN: Mon Apr  2 15:06:26 2018
;; MSG SIZE  rcvd: 47

I don’t suppose your government is censoring Haaretz, and not very well?

Works for me as well on 1.1.1.1 and 1.0.0.1.

Very weird. With my ISP’s or Google’s DNS it works, only with 1.1.1.1 I’m having issues.

I can confirm this issue also affects me.

$ drill haaretz.co.il @1.1.1.1
Error: error sending query: Could not send or receive, because of network error

Using 8.8.8.8 works fine.

$ drill haaretz.co.il @8.8.8.8
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 9192
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; haaretz.co.il.	IN	A

;; ANSWER SECTION:
haaretz.co.il.	297	IN	A	192.118.72.27

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 90 msec
;; SERVER: 8.8.8.8
;; WHEN: Tue Apr  3 11:04:19 2018
;; MSG SIZE  rcvd: 47

A friend of mine also let me know that he’s encountering issues with drushim.co.il. I can confirm that it doesn’t resolve for me as well.

Edit: I’ve been checking other Israeli websites, cal-online.co.il is also affected.

So that’s:

Will continue to update the list as I find more.

Edit 2: list updated with more domains, I checked a list of popular sites in Israel and got a few domains from there. These all work with 8.8.8.8.

healcode.com also not working for me, using 1.0.0.1, is working using 8.8.8.8.

cheers,
thobi

Is there a specific subdomain that’s not working? That domain seems extremely ordinary and works for me.

Edit: What do you mean by “not working”? A DNS resolution error? DNS resolves but you can’t connect to the site? It’s slow? Something else?

healcode.com resolves for me using 1.1.1.1 but all the domains listed by @MohammadAG don’t.

Just to give it a try, what happens if you use TLS or HTTPS? For example:

curl 'https://Cloudflare-dns.com/dns-query?ct=application/dns-json&name=haaretz.co.il&type=A'

Doesn’t seem to resolve.

$ curl 'https://Cloudflare-dns.com/dns-query?ct=application/dns-json&name=haaretz.co.il&type=A'

{"Status": 2,"TC": false,"RD": true, "RA": true, "AD": false,"CD": false,"Question":[{"name": "haaretz.co.il.", "type": 1}]}%

Same for me:

$ curl 'https://Cloudflare-dns.com/dns-query?ct=application/dns-json&name=haaretz.co.il&type=A'
{"Status": 2,"TC": false,"RD": true, "RA": true, "AD": false,"CD": false,"Question":[{"name": "haaretz.co.il.", "type": 1}]}

Would you mind running this command and pasting the output?

dig -c CH -t txt id.server +short @1.1.1.1

1 Like

Sure.

$ dig -c CH -t txt id.server +short @1.1.1.1
"tlv01"
1 Like

I can confirm the same for a couple of sites that I wanted to access.

I wanted to access a website that I manage but using 1.1.1.1 as the DNS results in an error (the site may be down / permanently moved to a diff address). But, with the default DNS, I can access the website.

Same here haaretz.co.il won’t resolve with 1.1.1.1 but will resolve with 8.8.8.8

Same here, can’t resolve any of the domains listed by @MohammadAG.

Weird, I can resolve all of them, so maybe it only happen from some POPs (due to rate limiting?).

For people who can’t resolve this, can you resolve resolver.dnscrypt.info to check what Cloudflare servers are used?

Accoording to the list, it looks like we have issue to reach those ns servers in our Tel Aviv PoP
We are looking into this.

5 Likes