Censorship or bugs?

DNS & Network 1.1.1.1
#1

Hello. I have problems with name resolution thar are related to military invasion of russian army into Ukraine. Either some internet providers started to block ALL .ru / .su domains or this is a domain name cache issue at the side of public DNS servers, maybe related to hacker attacks started from both warring countries. I will not explain, just look at this

The domain that does not exist:

[email protected]:/# nslookup xxxxxxxxx.ru 1.1.1.1
Server:         1.1.1.1
Address:        1.1.1.1#53

** server can't find xxxxxxxxx.ru: SERVFAIL

[email protected]:/# nslookup xxxxxxxxx.zu 1.1.1.1
Server:         1.1.1.1
Address:        1.1.1.1#53

** server can't find xxxxxxxxx.zu: NXDOMAIN

[email protected]:/# nslookup xxxxxxxxx.com 1.1.1.1
Server:         1.1.1.1
Address:        1.1.1.1#53

** server can't find xxxxxxxxx.com: NXDOMAIN


[email protected]:/# nslookup xxxxxxxxx.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find xxxxxxxxx.com: NXDOMAIN

[email protected]:/# nslookup xxxxxxxxx.zu 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find xxxxxxxxx.zu: NXDOMAIN

[email protected]:/# nslookup xxxxxxxxx.ru 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find xxxxxxxxx.ru: SERVFAIL

The domain that exists:

[email protected]:/# nslookup webhost1.ru 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find webhost1.ru: SERVFAIL

[email protected]:/# nslookup webhost1.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find webhost1.com: SERVFAIL

[email protected]:/# nslookup webhost1.ru 1.1.1.1
Server:         1.1.1.1
Address:        1.1.1.1#53

** server can't find webhost1.ru: SERVFAIL

[email protected]:/# nslookup webhost1.com 1.1.1.1
Server:         1.1.1.1
Address:        1.1.1.1#53

Non-authoritative answer:
Name:   webhost1.com
Address: 91.236.136.40
Name:   webhost1.com
Address: 91.236.136.5
Name:   webhost1.com
Address: 91.236.136.4

I think in first case all must return NXDOMAIN, not SERVFAIL. Also some domains lookups sometimes may return error few times and since N-th try they will return correct IP.

How it could happen?

#2

Not knowing the actual domain names makes this impossible to troubleshoot. I’m hedging my bets on a misconfiguration of the domains themselves.

1 Like
#3

Perhaps it is incompetence.

#4

Today from Windows. All domains are selected from Google search results for random search queries. This situation happens both using 1.1.1.1 and any other popular public DNS. I add domain’s nameservers from WHOIS after each.

C:\>nslookup wer.ru 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find wer.ru: Server failed

C:\>nslookup wer.ru 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

*** dns.google can't find wer.ru: Server failed

C:\>

nserver: ns3-l2.nic.ru.
nserver: ns4-cloud.nic.ru.
nserver: ns4-l2.nic.ru.
nserver: ns8-cloud.nic.ru.
nserver: ns8-l2.nic.ru.
state: REGISTERED, DELEGATED, UNVERIFIED

= = = = = = = = = = 

C:\>nslookup medtronic-diabetes.ru 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

*** dns.google can't find medtronic-diabetes.ru: Server failed

C:\>nslookup medtronic-diabetes.ru 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find medtronic-diabetes.ru: Server failed

C:\>nslookup medtronic-diabetes.ru 9.9.9.9
Server:  dns9.quad9.net
Address:  9.9.9.9

*** dns9.quad9.net can't find medtronic-diabetes.ru: Server failed

nserver: ns2.medtronic.com.
nserver: ns3.medtronic.com.
nserver: ns4.medtronic.com.
nserver: ns5.medtronic.com.
state: REGISTERED, DELEGATED, VERIFIED

= = = = = = = = = = 

C:\>nslookup goha.ru 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

DNS request timed out.
    timeout was 2 seconds.
*** one.one.one.one can't find goha.ru: Server failed

C:\>nslookup goha.ru 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

*** dns.google can't find goha.ru: Server failed

C:\>nslookup goha.ru 9.9.9.9
Server:  dns9.quad9.net
Address:  9.9.9.9

*** dns9.quad9.net can't find goha.ru: Server failed

nserver: ns1.digitalocean.com.
nserver: ns2.digitalocean.com.
nserver: ns3.digitalocean.com.
state: REGISTERED, DELEGATED, VERIFIED
= = = = = = = = = = 
C:\>nslookup soccer.ru 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find soccer.ru: Server failed

C:\>nslookup soccer.ru 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

*** dns.google can't find soccer.ru: Server failed

C:\>nslookup soccer.ru 9.9.9.9
Server:  dns9.quad9.net
Address:  9.9.9.9

*** dns9.quad9.net can't find soccer.ru: Server failed

nserver: ns1.hc.ru.
nserver: ns2.hc.ru.
state: REGISTERED, DELEGATED, VERIFIED

Sample of domains resolved without VPN

C:\>nslookup mmorpg-blog.ru 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    mmorpg-blog.ru
Address:  45.130.41.8

nserver: ns1.beget.com.
nserver: ns1.beget.pro.
nserver: ns2.beget.com.
nserver: ns2.beget.pro.

C:\>nslookup gamebomb.ru 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    gamebomb.ru
Address:  164.132.156.40

nserver: ns1.ddosa.net.
nserver: ns2.ddosa.net.
nserver: ns3.ddosa.net.
nserver: ns4.ddosa.net.

After these few experiments, one of the broken domains from the first list started to resolve (few minutes passed)

C:\>nslookup medtronic.com
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    medtronic.com
Addresses:  144.15.107.150, 144.15.206.53


C:\>nslookup medtronic.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    medtronic.com
Addresses:  144.15.206.53, 144.15.107.150


C:\>nslookup medtronic.com 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    medtronic.com
Addresses:  144.15.107.150, 144.15.206.53


C:\>nslookup medtronic.com 9.9.9.9
Server:  dns9.quad9.net
Address:  9.9.9.9

Non-authoritative answer:
Name:    medtronic.com
Addresses:  144.15.206.53, 144.15.107.150

Here are 2 requests made simultaneously from Windows (without VPN) and from remote Linux server:

C:\>nslookup medtronic-diabetes.ru 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find medtronic-diabetes.ru: Server failed

[email protected]:/$ nslookup medtronic-diabetes.ru 1.1.1.1
Server:         1.1.1.1
Address:        1.1.1.1#53

Non-authoritative answer:
Name:   medtronic-diabetes.ru
Address: 78.109.161.45

and one more domain

C:\>nslookup soccer.ru 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find soccer.ru: Server failed

[email protected]:/$ nslookup soccer.ru 1.1.1.1
Server:         1.1.1.1
Address:        1.1.1.1#53

Non-authoritative answer:
Name:   soccer.ru
Address: 95.213.230.226
#5

Here is the sample of DNS requests of existing website vc.ru hosted at Cloudflare DNS. None of public DNS or nameservers from WHOIS return correct IP of this domain to me, but everything works if I connect via VPN. I do not use DNS of my internet provider. How could it happen? Both Cloudflare and other public DNS return Server failed simultaneously and only for my GEO?

C:\>nslookup vc.ru 1.1.1.1
╤хЁтхЁ:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one не удалось найти vc.ru: Server failed

C:\>nslookup vc.ru 8.8.8.8
╤хЁтхЁ:  dns.google
Address:  8.8.8.8

*** dns.google не удалось найти vc.ru: Server failed

C:\>nslookup vc.ru 8.8.4.4
╤хЁтхЁ:  dns.google
Address:  8.8.4.4

*** dns.google не удалось найти vc.ru: Server failed

C:\>nslookup vc.ru 9.9.9.9
╤хЁтхЁ:  dns9.quad9.net
Address:  9.9.9.9

*** dns9.quad9.net не удалось найти vc.ru: Server failed

C:\>nslookup vc.ru iris.ns.cloudflare.com
╤хЁтхЁ:  iris.ns.cloudflare.com
Address:  173.245.58.118

*** iris.ns.cloudflare.com не удалось найти vc.ru: Server failed

C:\>nslookup vc.ru noel.ns.cloudflare.com
╤хЁтхЁ:  noel.ns.cloudflare.com
Address:  108.162.193.216

*** noel.ns.cloudflare.com не удалось найти vc.ru: Server failed

C:\>
#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.