DNS is not resolving for very small subset of users

We have an application that a small subset of our users cannot access. I had one of the users experiencing this do a nslookup and traceroute on their local wifi network.

My results:

➜  ~ nslookup app.upbeing.ai
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	app.upbeing.ai
Address: 172.67.162.174
Name:	app.upbeing.ai
Address: 104.21.90.236

➜  ~ traceroute app.upbeing.ai
traceroute: Warning: app.upbeing.ai has multiple addresses; using 104.21.90.236
traceroute to app.upbeing.ai (104.21.90.236), 64 hops max, 52 byte packets
 1  192.168.0.1 (192.168.0.1)  12.669 ms  4.619 ms  3.626 ms
 2  100.64.0.1 (100.64.0.1)  48.818 ms  25.477 ms  40.260 ms
 3  172.16.251.140 (172.16.251.140)  47.126 ms  33.657 ms  33.426 ms
 4  undefined.hostname.localhost (206.224.64.180)  46.677 ms  39.157 ms  54.209 ms
 5  undefined.hostname.localhost (206.224.64.171)  38.361 ms
    undefined.hostname.localhost (206.224.64.183)  50.449 ms  42.258 ms
 6  162.158.61.14 (162.158.61.14)  49.930 ms  40.228 ms  38.958 ms
 7  162.158.152.5 (162.158.152.5)  53.599 ms
    172.70.112.4 (172.70.112.4)  65.045 ms
    172.70.228.4 (172.70.228.4)  50.038 ms
 8  104.21.90.236 (104.21.90.236)  43.234 ms  38.300 ms  49.142 ms

Their results:

(base) zi@ZideMacBook-Pro ~ % nslookup app.upbeing.ai
Server:       192.168.4.1
Address:      192.168.4.1#53
Non-authoritative answer:
Name:  app.upbeing.ai
Address: 192.168.4.1

(base) zi@ZideMacBook-Pro ~ % traceroute app.upbeing.ai
traceroute to app.upbeing.ai (192.168.4.1), 64 hops max, 52 byte packets
 1  192.168.4.1 (192.168.4.1)  6.126 ms  4.880 ms  5.042 ms

Do I have something misconfigured or is this an issue with their ISP / DNS? We are not sure how many users this is affecting.

Thank you!

The user’s DNS (likely in their router) is resolving your name to itself, either to apply some form of login/filter or because it’s been set that way in the router settings. As these are private range IPs, it’s not a problem on the public DNS.

Ask them to try dig app.upbeing.ai @1.1.1.1 or 8.8.8.8 or 9.9.9.9 to check it resolves working round their DNS resolver.

1 Like

Thanks for the reply. Here is the users response:

(base) zi@ZideMacBook-Pro ~ % dig app.upbeing.ai @1.1.1.1
; <<>> DiG 9.10.6 <<>> app.upbeing.ai @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62470
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; OPT=65401: 24 ("$")
; OPT=65402: 34 ("4")
;; QUESTION SECTION:
;app.upbeing.ai.			IN	A
;; ANSWER SECTION:
app.upbeing.ai.		30	IN	A	192.168.4.1
;; Query time: 284 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Apr 30 22:25:39 ADT 2024
;; MSG SIZE rcvd: 83
(base) zi@ZideMacBook-Pro ~ %
10:27
Last login: Tue Apr 30 22:25:02 on ttys000
(base) zi@ZideMacBook-Pro ~ % dig app.upbeing.ai @8.8.8.8
; <<>> DiG 9.10.6 <<>> app.upbeing.ai @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5323
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; OPT=65401: 24 ("$")
; OPT=65402: 34 ("4")
;; QUESTION SECTION:
;app.upbeing.ai.			IN	A
;; ANSWER SECTION:
app.upbeing.ai.		30	IN	A	192.168.4.1
;; Query time: 38 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Apr 30 22:25:55 ADT 2024
;; MSG SIZE rcvd: 83
(base) zi@ZideMacBook-Pro ~ %
10:27
Last login: Tue Apr 30 22:25:44 on ttys001
(base) zi@ZideMacBook-Pro ~ % dig app.upbeing.ai @9.9.9.9
; <<>> DiG 9.10.6 <<>> app.upbeing.ai @9.9.9.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39156
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; OPT=65401: 24 ("$")
; OPT=65402: 34 ("4")
;; QUESTION SECTION:
;app.upbeing.ai.			IN	A
;; ANSWER SECTION:
app.upbeing.ai.		30	IN	A	192.168.4.1
;; Query time: 120 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Tue Apr 30 22:26:12 ADT 2024
;; MSG SIZE rcvd: 83
(base) zi@ZideMacBook-Pro ~ %

It looks like the behaviour of a captive portal or filtering, that’s rewriting the DNS responses as it’s always coming back with the gateway IP from before.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.