What is the name of the domain?
kumbh.gov.in
What is the error number?
N/A
What is the error message?
Browser dependent: either “DNS address could not be found” or (if forced HTTPS) “a HTTPS version of kumbh.gov.in is not available”
What is the issue you’re encountering
No DNS lookup possible and/or no HTTPS certificate returned for this domain when using DNS over TLS (IPv4 to 1.1.1.1 & 1.0.0.1)
What steps have you taken to resolve the issue?
Gathering information only so far. I’m not an expert on either Cloudflare or DNS over TLS, but can confirm my configuration has been working for months and this is the first worldwide common web site that it’s failed on.
Many (local and global) users of this web site confirm it’s accessible, at least in vanilla configurations… there would be an Indian government debacle if it weren’t. So the failure either comes from Cloudflare somehow blocking this domain (by either withholding its DNS record or its HTTPS certificate) or the web site somehow being configured to prevent access unless non-proxied DNS & HTTPS are being used.
What are the steps to reproduce the issue?
On Google DNS:
$ kdig @8.8.8.8 +tls-ca kumbh.gov.in A
;; TLS session (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 11247
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 512 B; ext-rcode: NOERROR
;; PADDING: 407 B
;; QUESTION SECTION:
;; kumbh.gov.in. IN A
;; ANSWER SECTION:
kumbh.gov.in. 36 IN A 164.100.181.175
;; Received 468 B
;; Time 2024-11-05 15:57:19 IST
;; From 8.8.8.8@853(TLS) in 135.2 ms
On Cloudflare (on our system on which all browser access is failing):
$ kdig @1.1.1.1 +tls-ca kumbh.gov.in A
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 55728
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; EDE: 23 (Network Error): '164.100.181.101:53 timed out for kumbh.gov.in DNSKEY'
;; PADDING: 349 B
;; QUESTION SECTION:
;; kumbh.gov.in. IN A
;; ANSWER SECTION:
kumbh.gov.in. 60 IN A 164.100.181.175
;; Received 468 B
;; Time 2024-11-05 15:57:06 IST
;; From 1.1.1.1@853(TLS) in 2779.6 ms
The latter error for the query through Cloudflare:
;; EDE: 23 (Network Error): '164.100.181.101:53 timed out for kumbh.gov.in DNSKEY'
is what concerns me the most because it most resembles the error message appearing when forcing HTTPS and trying to press through the “Secure Site Not Available” message that appears in Firefox-based browsers… and since kdig
shows no such “timed out” message when using Google DNS.
If anyone suspects this is a local configuration problem, or even a configuration problem on the target web site, I would still appreciate some insight about why we can’t access the site even if Cloudflare is doing nothing to block the domain.
p.s. this may be a problem, at least in part, of the earlier problem reported here: