Cmdns.dev.dns-oarc.net and entropy.dns-oarc.net not resolvable via cloudflare but via other providers like google or 9.9.9.9


#1

Hi,
somebody know why this sites work via other resolvers but not via cloudflare?


#2

Resolving for me:


#3

From Frankfurt not

dig @1.1.1.1 entropy.dns-oarc.net
; <<>> DiG 9.10.3-P4-Debian <<>> @1.1.1.1 entropy.dns-oarc.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48891
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;entropy.dns-oarc.net. IN A
;; Query time: 130 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Jun 03 16:49:01 UTC 2018
;; MSG SIZE rcvd: 38

dig @1.1.1.1 cmdns.dev.dns-oarc.net
; <<>> DiG 9.10.3-P4-Debian <<>> @1.1.1.1 cmdns.dev.dns-oarc.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53356
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;cmdns.dev.dns-oarc.net. IN A
;; Query time: 129 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Jun 03 16:50:50 UTC 2018
;; MSG SIZE rcvd: 40


#4

Can you post the results of the following:

dig +short CHAOS TXT id.server @1.1.1.1


#5

dig +short CHAOS TXT id.server @1.1.1.1
“fra03”


#6

Ok, maybe @cscharff is lurking about and look into this.

p.s. Mine is lax01


#7

If i test from a other location it does work for me too, maybe they blacklisted the IPs of Frankfurt?

dig @1.1.1.1 cmdns.dev.dns-oarc.net
; <<>> DiG 9.10.3-P4-Debian <<>> @1.1.1.1 cmdns.dev.dns-oarc.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55526
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1536
;; QUESTION SECTION:
;cmdns.dev.dns-oarc.net. IN A
;; ANSWER SECTION:
cmdns.dev.dns-oarc.net. 60 IN A 64.191.0.140
;; Query time: 1133 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Jun 03 19:08:59 CEST 2018
;; MSG SIZE rcvd: 67

dig +short CHAOS TXT id.server @1.1.1.1
“dus01”


#8

;; ANSWER SECTION:
id.server. 0 CH TXT “fra03”

nslookup cmdns.dev.dns-oarc.net 1.1.1.1
Server: 1.1.1.1
Address: 1.1.1.1#53

Non-authoritative answer:
Name: cmdns.dev.dns-oarc.net
Address: 64.191.0.14

can you trace it from your location in fra?


#9

trace 1.1.1.1 or 64.191.0.14?


#10

Cloudflare dns


#11

Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev

  1. AS??? 192.168.1.1 0.0% 68 0.8 0.9 0.8 1.0 0.0
  2. AS29562 hsi-kbw-5-56-184-1.hsi16.kabel-badenwuerttemberg.de 0.0% 68 7.5 8.3 4.8 22.7 1.9
  3. AS??? 172.30.24.77 0.0% 68 8.6 9.0 7.5 17.2 1.9
  4. AS6830 de-fra01b-rc1-ae57-0.aorta.net 0.0% 67 13.4 14.6 11.8 44.0 4.7
  5. AS6830 de-fra03b-ri1-ae10-0.aorta.net 0.0% 67 13.7 13.9 12.8 23.3 1.2
  6. AS6453 ix-ae-27-0.tcore1.fr0-frankfurt.as6453.net 0.0% 67 18.1 13.9 12.7 18.1 0.8
  7. AS6453 if-ae-6-2.thar1.f2c-frankfurt.as6453.net 0.0% 67 13.7 14.1 10.5 21.0 1.3
  8. AS6453 195.219.148.122 0.0% 67 14.5 14.6 13.0 49.6 4.4
  9. AS13335 1dot1dot1dot1.cloudflare-dns.com 0.0% 67 14.3 14.8 13.2 29.8 2.7
                                                                   Packets               Pings

Host Loss% Snt Last Avg Best Wrst StDev

  1. AS??? 192.168.1.1 0.0% 121 0.9 0.9 0.8 2.3 0.1
  2. AS29562 5.56.184.1 0.0% 121 7.6 8.2 4.8 22.7 1.5
  3. AS??? 172.30.24.77 0.0% 121 9.6 9.0 7.5 17.2 1.6
  4. AS6830 84.116.190.105 0.0% 121 20.7 15.1 9.2 44.0 5.1
  5. AS6830 84.116.132.178 0.0% 121 14.1 14.1 12.8 40.6 2.6
  6. AS6453 195.219.50.106 0.0% 120 13.2 14.0 12.7 20.3 1.2
  7. AS6453 195.219.50.174 0.0% 120 14.6 14.1 10.5 21.0 1.4
  8. AS6453 195.219.148.122 0.0% 120 15.8 14.6 13.0 49.6 3.4
  9. AS13335 1.1.1.1 0.0% 120 13.7 14.5 13.0 29.8 2.2

#12


#13

Ok it seems if i retry often enough it does work indeed

But why does 4 of 5 trys to resolve the name fail?


#14

For me using MIA, resolving lists.dns-oarc.net sometimes fails.

One of dns-oarc.net's nameservers is refusing queries for the zone:

http://dnsviz.net/d/lists.dns-oarc.net/dnssec/


#15

Thanks for the help.


#16

This topic was automatically closed after 14 days. New replies are no longer allowed.