spatz
April 2, 2018, 8:00am
1
Some domains won’t resolve using 1.1.1.1 but will resolve with other DNS servers.
For example, haaretz.co.il:
$ drill @8.8.8.8 haaretz.co.il
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 27055
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; haaretz.co.il. IN A
;; ANSWER SECTION:
haaretz.co.il. 299 IN A 192.118.72.27
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 190 msec
;; SERVER: 8.8.8.8
;; WHEN: Mon Apr 2 10:56:02 2018
;; MSG SIZE rcvd: 47
$ drill @1.1.1.1 haaretz.co.il
Error: error sending query: Could not send or receive, because of network error
Most other domains work fine:
$ drill @1.1.1.1 google.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 26164
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; google.com. IN A
;; ANSWER SECTION:
google.com. 93 IN A 216.58.214.78
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 144 msec
;; SERVER: 1.1.1.1
;; WHEN: Mon Apr 2 10:56:33 2018
;; MSG SIZE rcvd: 44
cs-cf
April 2, 2018, 2:17pm
2
Based on the error it could be a network issue. Does the same error occur if you try against 1.0.0.1?
spatz
April 2, 2018, 2:59pm
3
Yeah I get the same error with 1.0.0.1. Does resolving this domain work for you? Because as you can see with other resolvers it works.
Works for me?
$ drill haaretz.co.il @1.1.1.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 49991
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; haaretz.co.il. IN A
;; ANSWER SECTION:
haaretz.co.il. 265 IN A 192.118.72.27
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 1 msec
;; SERVER: 1.1.1.1
;; WHEN: Mon Apr 2 15:06:26 2018
;; MSG SIZE rcvd: 47
I don’t suppose your government is censoring Haaretz, and not very well?
cs-cf
April 2, 2018, 3:11pm
5
Works for me as well on 1.1.1.1 and 1.0.0.1.
spatz
April 2, 2018, 3:20pm
6
Very weird. With my ISP’s or Google’s DNS it works, only with 1.1.1.1 I’m having issues.
I can confirm this issue also affects me.
$ drill haaretz.co.il @1.1.1.1
Error: error sending query: Could not send or receive, because of network error
Using 8.8.8.8 works fine.
$ drill haaretz.co.il @8.8.8.8
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 9192
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; haaretz.co.il. IN A
;; ANSWER SECTION:
haaretz.co.il. 297 IN A 192.118.72.27
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 90 msec
;; SERVER: 8.8.8.8
;; WHEN: Tue Apr 3 11:04:19 2018
;; MSG SIZE rcvd: 47
A friend of mine also let me know that he’s encountering issues with drushim.co.il. I can confirm that it doesn’t resolve for me as well.
Edit: I’ve been checking other Israeli websites, cal-online.co.il is also affected.
So that’s:
Will continue to update the list as I find more.
Edit 2: list updated with more domains, I checked a list of popular sites in Israel and got a few domains from there. These all work with 8.8.8.8.
thau79
April 3, 2018, 12:06pm
8
healcode.com also not working for me, using 1.0.0.1, is working using 8.8.8.8.
cheers,
thobi
Is there a specific subdomain that’s not working? That domain seems extremely ordinary and works for me.
Edit: What do you mean by “not working”? A DNS resolution error? DNS resolves but you can’t connect to the site? It’s slow? Something else?
spatz
April 3, 2018, 7:18pm
10
healcode.com resolves for me using 1.1.1.1 but all the domains listed by @MohammadAG don’t.
Just to give it a try, what happens if you use TLS or HTTPS? For example:
curl 'https://Cloudflare-dns.com/dns-query?ct=application/dns-json&name=haaretz.co.il&type=A'
Doesn’t seem to resolve.
$ curl 'https://Cloudflare-dns.com/dns-query?ct=application/dns-json&name=haaretz.co.il&type=A'
{"Status": 2,"TC": false,"RD": true, "RA": true, "AD": false,"CD": false,"Question":[{"name": "haaretz.co.il.", "type": 1}]}%
spatz
April 3, 2018, 7:42pm
13
Same for me:
$ curl 'https://Cloudflare-dns.com/dns-query?ct=application/dns-json&name=haaretz.co.il&type=A'
{"Status": 2,"TC": false,"RD": true, "RA": true, "AD": false,"CD": false,"Question":[{"name": "haaretz.co.il.", "type": 1}]}
cs-cf
April 3, 2018, 8:15pm
14
Would you mind running this command and pasting the output?
dig -c CH -t txt id.server +short @1.1.1.1
1 Like
spatz
April 3, 2018, 8:28pm
15
Sure.
$ dig -c CH -t txt id.server +short @1.1.1.1
"tlv01"
1 Like
I can confirm the same for a couple of sites that I wanted to access.
I wanted to access a website that I manage but using 1.1.1.1 as the DNS results in an error (the site may be down / permanently moved to a diff address). But, with the default DNS, I can access the website.
ndolev
April 4, 2018, 7:19am
17
Same here haaretz.co.il won’t resolve with 1.1.1.1 but will resolve with 8.8.8.8
Same here, can’t resolve any of the domains listed by @MohammadAG .
Weird, I can resolve all of them, so maybe it only happen from some POPs (due to rate limiting?).
For people who can’t resolve this, can you resolve resolver.dnscrypt.info
to check what Cloudflare servers are used?
Accoording to the list, it looks like we have issue to reach those ns servers in our Tel Aviv PoP
We are looking into this.
5 Likes