Cloudflare dns unable to return A record of gtm-cn-tl32ay6hx0r.gtm-a5b4.com

Impact on www.proan-order.com via 1.1.1.1/2/3

I am a user of 1.1.1.1/2/3.
When I visit an online order placing system [www.proan-order.com](http://www.proan-order.com), I find unreachable.

Further check 1.1.1.1/2/3 response, server can return cname [gtm-cn-tl32ay6hx0r.gtm-a5b4.com](http://gtm-cn-tl32ay6hx0r.gtm-a5b4.com) but no A ip response.

After change dns to other providers, it works.

FYI
https://dns.google/resolve?name=gtm-cn-tl32ay6hx0r.gtm-a5b4.com&type=A


Hi @tommyltk,

So far, I can not resolve that domain using a different resolver. I recommend you to make sure that the domain is reachable:

$ dig A www.proan-order.com

; <<>> DiG 9.16.1-Ubuntu <<>> A www.proan-order.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64030
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

Take care!

Hi,

FYI
https://dns.google/query?name=www.proan-order.com


R:\Desktop>nslookup www.proan-order.com 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    gtm-cn-tl32ay6hx0r.gtm-a5b4.com
Addresses:  47.242.172.24
          47.242.48.148
Aliases:  www.proan-order.com


R:\Desktop>nslookup www.proan-order.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    gtm-cn-tl32ay6hx0r.gtm-a5b4.com
Addresses:  47.242.172.24
          47.242.48.148
Aliases:  www.proan-order.com


R:\Desktop>nslookup www.proan-order.com 1.1.1.2
Server:  UnKnown
Address:  1.1.1.2

*** UnKnown can't find www.proan-order.com: Non-existent domain

R:\Desktop>nslookup www.proan-order.com 1.1.1.3
Server:  UnKnown
Address:  1.1.1.3

Non-authoritative answer:
Name:    gtm-cn-tl32ay6hx0r.gtm-a5b4.com
Addresses:  47.242.172.24
          47.242.48.148
Aliases:  www.proan-order.com


R:\Desktop>nslookup www.proan-order.com 1.1.1.3
Server:  UnKnown
Address:  1.1.1.3

Non-authoritative answer:
Name:    gtm-cn-tl32ay6hx0r.gtm-a5b4.com
Addresses:  47.242.48.148
          47.242.172.24
Aliases:  www.proan-order.com


R:\Desktop>nslookup www.proan-order.com 1.1.1.2
Server:  UnKnown
Address:  1.1.1.2

*** UnKnown can't find www.proan-order.com: Non-existent domain

R:\Desktop>nslookup www.proan-order.com 1.1.1.2
Server:  UnKnown
Address:  1.1.1.2

*** UnKnown can't find www.proan-order.com: Non-existent domain

R:\Desktop>nslookup www.proan-order.com 1.1.1.3
Server:  UnKnown
Address:  1.1.1.3

*** UnKnown can't find www.proan-order.com: Non-existent domain

R:\Desktop>nslookup www.proan-order.com 1.1.1.3
Server:  UnKnown
Address:  1.1.1.3

Non-authoritative answer:
Name:    gtm-cn-tl32ay6hx0r.gtm-a5b4.com
Addresses:  47.242.172.24
          47.242.48.148
Aliases:  www.proan-order.com


R:\Desktop>nslookup www.proan-order.com 1.1.1.3
Server:  UnKnown
Address:  1.1.1.3

*** UnKnown can't find www.proan-order.com: Non-existent domain

R:\Desktop>nslookup www.proan-order.com 1.1.1.3
Server:  UnKnown
Address:  1.1.1.3

*** UnKnown can't find www.proan-order.com: Non-existent domain

R:\Desktop>nslookup www.proan-order.com 1.1.1.3
Server:  UnKnown
Address:  1.1.1.3

*** UnKnown can't find www.proan-order.com: Non-existent domain

R:\Desktop>nslookup www.proan-order.com 1.1.1.3
Server:  UnKnown
Address:  1.1.1.3

*** UnKnown can't find www.proan-order.com: Non-existent domain

R:\Desktop>nslookup www.proan-order.com 1.1.1.3
Server:  UnKnown
Address:  1.1.1.3

*** UnKnown can't find www.proan-order.com: Non-existent domain

R:\Desktop>nslookup www.proan-order.com 1.1.1.3
Server:  UnKnown
Address:  1.1.1.3

*** UnKnown can't find www.proan-order.com: Non-existent domain

R:\Desktop>nslookup www.proan-order.com 1.1.1.2
Server:  UnKnown
Address:  1.1.1.2

Non-authoritative answer:
Name:    gtm-cn-tl32ay6hx0r.gtm-a5b4.com
Addresses:  47.242.172.24
          47.242.48.148
Aliases:  www.proan-order.com


R:\Desktop>nslookup www.proan-order.com 1.1.1.2
Server:  UnKnown
Address:  1.1.1.2

Non-authoritative answer:
Name:    gtm-cn-tl32ay6hx0r.gtm-a5b4.com
Addresses:  47.242.172.24
          47.242.48.148
Aliases:  www.proan-order.com


R:\Desktop>nslookup www.proan-order.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find www.proan-order.com: Non-existent domain

R:\Desktop>nslookup www.proan-order.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find www.proan-order.com: Non-existent domain

R:\Desktop>nslookup www.proan-order.com 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    gtm-cn-tl32ay6hx0r.gtm-a5b4.com
Addresses:  47.242.172.24
          47.242.48.148
Aliases:  www.proan-order.com


R:\Desktop>nslookup www.proan-order.com 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    gtm-cn-tl32ay6hx0r.gtm-a5b4.com
Addresses:  47.242.172.24
          47.242.48.148
Aliases:  www.proan-order.com


R:\Desktop>nslookup www.proan-order.com 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    gtm-cn-tl32ay6hx0r.gtm-a5b4.com
Addresses:  47.242.172.24
          47.242.48.148
Aliases:  www.proan-order.com



If I change to nslookup -type=cname www.proan-order.com, 1.1.1.1/2/3 works properly.

R:\Desktop>nslookup -type=cname www.proan-order.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
www.proan-order.com     canonical name = gtm-cn-tl32ay6hx0r.gtm-a5b4.com

R:\Desktop>nslookup -type=cname www.proan-order.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
www.proan-order.com     canonical name = gtm-cn-tl32ay6hx0r.gtm-a5b4.com

R:\Desktop>nslookup -type=cname www.proan-order.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
www.proan-order.com     canonical name = gtm-cn-tl32ay6hx0r.gtm-a5b4.com

R:\Desktop>nslookup -type=cname www.proan-order.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
www.proan-order.com     canonical name = gtm-cn-tl32ay6hx0r.gtm-a5b4.com

R:\Desktop>nslookup -type=cname www.proan-order.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
www.proan-order.com     canonical name = gtm-cn-tl32ay6hx0r.gtm-a5b4.com

R:\Desktop>nslookup -type=cname www.proan-order.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
www.proan-order.com     canonical name = gtm-cn-tl32ay6hx0r.gtm-a5b4.com

R:\Desktop>nslookup -type=cname www.proan-order.com 1.1.1.2
Server:  UnKnown
Address:  1.1.1.2

Non-authoritative answer:
www.proan-order.com     canonical name = gtm-cn-tl32ay6hx0r.gtm-a5b4.com

R:\Desktop>nslookup -type=cname www.proan-order.com 1.1.1.2
Server:  UnKnown
Address:  1.1.1.2

Non-authoritative answer:
www.proan-order.com     canonical name = gtm-cn-tl32ay6hx0r.gtm-a5b4.com

R:\Desktop>nslookup -type=cname www.proan-order.com 1.1.1.2
Server:  UnKnown
Address:  1.1.1.2

Non-authoritative answer:
www.proan-order.com     canonical name = gtm-cn-tl32ay6hx0r.gtm-a5b4.com

R:\Desktop>nslookup -type=cname www.proan-order.com 1.1.1.2
Server:  UnKnown
Address:  1.1.1.2

Non-authoritative answer:
www.proan-order.com     canonical name = gtm-cn-tl32ay6hx0r.gtm-a5b4.com

R:\Desktop>nslookup -type=cname www.proan-order.com 1.1.1.3
Server:  UnKnown
Address:  1.1.1.3

Non-authoritative answer:
www.proan-order.com     canonical name = gtm-cn-tl32ay6hx0r.gtm-a5b4.com

R:\Desktop>nslookup -type=cname www.proan-order.com 1.1.1.3
Server:  UnKnown
Address:  1.1.1.3

Non-authoritative answer:
www.proan-order.com     canonical name = gtm-cn-tl32ay6hx0r.gtm-a5b4.com

R:\Desktop>nslookup -type=cname www.proan-order.com 1.1.1.2
Server:  UnKnown
Address:  1.1.1.2

Non-authoritative answer:
www.proan-order.com     canonical name = gtm-cn-tl32ay6hx0r.gtm-a5b4.com
Thus, it should be related to cloudflare lookup for cname domain.

R:\Desktop>nslookup -type=a gtm-cn-tl32ay6hx0r.gtm-a5b4.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find gtm-cn-tl32ay6hx0r.gtm-a5b4.com: Non-existent domain

R:\Desktop>nslookup -type=a gtm-cn-tl32ay6hx0r.gtm-a5b4.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    gtm-cn-tl32ay6hx0r.gtm-a5b4.com
Addresses:  47.242.172.24
          47.242.48.148

PS: this domain is working properly. As this is a online ordering system used by a restaurant, all customers in the restaurant are placing order via the same domain.

Thanks.

… What domain are you referring to is “working properly”?

The problem in your case, is the gtm-cn-tl32ay6hx0r.gtm-a5b4.com (sub-)domain.

It works mostly fine, when you are looking it up from e.g. Bangladesh, China, India, Singapore, Turkey or other Asian / Middle Eastern counties.

When it is being looked up from e.g. Europe, at least North America (e.g. United States & Canada), and Australia, the status for gtm-cn-tl32ay6hx0r.gtm-a5b4.com returns code 3 (NXDOMAIN), claiming that the name does not exist.

returns 3 (NXDOMAIN) , too:

{"Status":3,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"gtm-cn-tl32ay6hx0r.gtm-a5b4.com.","type":1}],"Authority":[{"name":"gtm-a5b4.com.","type":6,"TTL":600,"data":"vip1.alidns.com. hostmaster.hichina.com. 2021011217 3600 1200 86400 60"}],"Comment":"Response from 140.205.1.1."}

A likely scenario would be that the operators of the gtm-a5b4.com domain are attempting to impose continental restrictions on at least that (sub-)domain you are trying to query…

It wouldn’t be completely unlikely, that they are basing such decisions (e.g. continental / geographical restrictions) on some outdated Geo IP database that (as a result of being outdated) contains incorrect information, and as such, won’t respond to your DNS queries.

You would need to contact the operator of the gtm-a5b4.com domain, as the 3 (NXDOMAIN) result originate from their DNS servers (e.g. vip1.alidns.com and vip2.alidns.com), if you wish to the issue resolved.

1 Like

Hi,

Sorry. I should name my location. I am in Hong Kong. The restaurant is also in Hong Kong. The problem I encountered is that, I have set my Android phones to use security.cloudflare.com / family.cloudflare.com, when I go to the restaurant, we are required to use this www.proan-order.com to place order in the restaurant. Since security.cloudflare.com / family.cloudflare.com cannot resolve the IP, the browser shows unreachable. My workaround is to disable using dns security.cloudflare.com / family.cloudflare.com. Then we can access the system to place order.

Thus, I believe, this is not only impacting me/my family but also all ppl use Cloudflare dns in their phone. I would like to raise this to Cloudflare to resolve NXdomain issue of gtm-cn-tl32ay6hx0r.gtm-a5b4.com so that all ppl using Cloudflare dns in their phone can place order properly.

I mean, www.proan-order.com is working properly from users’ point of view.

What colo= (and perhaps loc=) do you see, when you enter these pages?

https://1.0.0.1/cdn-cgi/trace
https://1.1.1.1/cdn-cgi/trace

https://[2606:4700:4700::1111]/cdn-cgi/trace

It is not only affecting Cloudflare, but also Google Public DNS, OpenDNS, Quad 9, and others as well.

You can confirm that with various “multi location DNS check” tools out there.

Neither gtm-a5b4.com (nor gtm-cn-tl32ay6hx0r.gtm-a5b4.com) have anything to do with Cloudflare, as such, you’re literally trying to raise the issue at the wrong place.

It is really the operator of the gtm-a5b4.com domain that you need to contact, and ask them to step in and get it fixed with their DNS provider, if they want you to be able to access that (sub-)domain.

Perhaps they may not allow the content to be accessed by the url from various place.

The point I think it is Cloudflare hkg issue is because, after I change to other dns, e.g. isp’s dns and google dns, I can access the content without any issue.

Please consider this as a general user of Cloudflare 1.1.1.1/2/3 dns in hong kong.

Thanks.

That is exactly what I’ve been saying.

It could be something they are purposefully doing (e.g. they want to block certain countries or regions), or it could be because their systems are broken, but that they do not know about that (yet), which is why I’m suggesting you to contact them and raise the issue where it needs to be raised.

Given the fact that they (the operator of the gtm-a5b4.com domain, and/or their provider Alibaba (aliyun.com)) are limiting the DNS responses they give out, it is literally their fault.

Typically, such decisions are based on a lookup of the source IP addresses in a GeoIP database (e.g. a database that maps IP addresses to countries, cities, et cetera), and the solution would likely be that the DNS provider, e.g. Alibaba (aliyun.com) in this case, would need to update the GeoIP database, that they are using, to determine where the source IP address of the DNS request is from.

Should I understand that “hkg” part, as indicating that you saw “colo=HKG”, on the above /cdn-cgi/trace links?

Or what exact “colo=” do you see there?

1 Like

It could be Cloudflare dns issue or the ns issue. However, this has to be resolve between Cloudflare and the domain owner as I am a user of 1.1.1.1/2/3 and I cannot get A record from 1.1.1.1/2/3, not from ns server.

More, as a general user, I can access the url via google dns and mobile provider dns. What I can do is report to 1.1.1.1 to resolve it.

FYI
fl=583f42
h=cloudflare.com
ip=203.145.95.215
ts=1681907008.709
visit_scheme=https
uag=Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Mobile Safari/537.36
colo=HKG
sliver=none
http=http/2
loc=HK
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.