invest.motilaloswal.com is unreachable from cloudfare dns .
Browser gives error-
ERR_NAME_NOT_RESOLVED
Attaching image from cloudfare
β https://1.1.1.1/cdn-cgi/trace
β https://1.0.0.1/cdn-cgi/trace
What colo= and loc= do you see on these?
And, similar to that nslookup invest.motilaloswal.com, β¦ what exactly do you see with:
-
nslookup -type=SOA invest.motilaloswal.com -
nslookup -type=NS invest.motilaloswal.com
?
1 Like
trace url:
fl=268f45
h=1.1.1.1
ip=59.97.84.123
ts=1677866721.418
visit_scheme=https
uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 OPR/95.0.0.0
colo=DEL
sliver=none
http=http/2
loc=IN
tls=TLSv1.3
sni=off
warp=off
gateway=off
rbi=off
kex=X25519
fl=268f36
h=1.0.0.1
ip=59.97.84.123
ts=1677866722.128
visit_scheme=https
uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 OPR/95.0.0.0
colo=DEL
sliver=none
http=http/2
loc=IN
tls=TLSv1.3
sni=off
warp=off
gateway=off
rbi=off
kex=X25519
nslookup:
~ ξ° nslookup -type=SOA invest.motilaloswal.com ξ² β ξ² 17:13:37
;; Got SERVFAIL reply from 1.1.1.1, trying next server
Server: 1.0.0.1
Address: 1.0.0.1#53
** server can't find invest.motilaloswal.com: SERVFAIL
~ ξ° nslookup -type=NS invest.motilaloswal.com ξ² 1 β ξ² 23:36:24
;; Got SERVFAIL reply from 1.1.1.1, trying next server
Server: 1.0.0.1
Address: 1.0.0.1#53
** server can't find invest.motilaloswal.com: SERVFAIL
From airtel (different dns):
~ ξ° nslookup -type=SOA invest.motilaloswal.com ξ² β ξ² 23:38:41
;; Got SERVFAIL reply from 2401:4900:5470:9172::27, trying next server
Server: 192.168.91.111
Address: 192.168.91.111#53
** server can't find invest.motilaloswal.com: SERVFAIL
~ ξ° nslookup -type=NS invest.motilaloswal.com ξ² 1 β ξ² 23:38:46
;; Got SERVFAIL reply from 2401:4900:5470:9172::27, trying next server
Server: 192.168.91.111
Address: 192.168.91.111#53
** server can't find invest.motilaloswal.com: SERVFAIL
~ ξ° nslookup invest.motilaloswal.com ξ² 1 β ξ² 23:39:02
Server: 2401:4900:5470:9172::27
Address: 2401:4900:5470:9172::27#53
Non-authoritative answer:
Name: invest.motilaloswal.com
Address: 219.64.14.191
Airtel:
~ ξ° dig invest.motilaloswal.com ξ² β ξ² 23:39:20
; <<>> DiG 9.10.6 <<>> invest.motilaloswal.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25611
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;invest.motilaloswal.com. IN A
;; ANSWER SECTION:
invest.motilaloswal.com. 28 IN A 219.64.14.191
;; Query time: 54 msec
;; SERVER: 2401:4900:5470:9172::27#53(2401:4900:5470:9172::27)
;; WHEN: Fri Mar 03 23:45:17 IST 2023
;; MSG SIZE rcvd: 68
Cloudfare:
~ ξ° dig invest.motilaloswal.com ξ² β ξ² 23:45:17
; <<>> DiG 9.10.6 <<>> invest.motilaloswal.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47775
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;invest.motilaloswal.com. IN A
;; Query time: 448 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Mar 03 23:45:32 IST 2023
;; MSG SIZE rcvd: 52
Thanks. It was mostly this one / this way, I was looking for outputs here. 
motilaloswal.com is pointing their sub-domain invest.motilaloswal.com towards the two name servers ad8.motilaloswal.com and ad10.motilaloswal.com.
Since invest.motilaloswal.com is delegated this way, using NS records from the parent (motilaloswal.com), invest.motilaloswal.com is technically becoming itβs own zone.
The name servers ad8.motilaloswal.com and ad10.motilaloswal.com is refusing queries for several of these mandatory DNS records, such as e.g. the SOA and NS that should be within the authoritative zone.
The whole set up shouts out like:
-
The two name servers for
invest.motilaloswal.comis having a heavily restrictive firewall, or DNS βload balancerβ, that is actually blocking various DNS queries from succeeding. -
invest.motilaloswal.comis using stone age software, that is completely broken, and should be switched out.
(can also be a mix of them both)
As you are retrieving the same broken responses from India, that I do in Denmark (and various other EU locations), it should likely be safe to assume that we can rule out geographical restrictions / firewalls, thanks to your nslookups there.
The only way to get it fixed permanently / globally / et cetera, would be by getting the administrators for invest.motilaloswal.com to fix their broken set up.
Therefore, if you have any other way of reaching out to them, I would poke them and try to persuade them to fix it.
I doubt they would do anything but will try to reach out to them.
Here is another nslookup from a different ISP. (JIO)
~ ξ° nslookup invest.motilaloswal.com ξ² INT β ξ² 10:33:59
Server: fe80::a8ab:b5ff:fe25:2b64%15
Address: fe80::a8ab:b5ff:fe25:2b64%15#53
Non-authoritative answer:
Name: invest.motilaloswal.com
Address: 219.64.14.191
~ ξ° nslookup -type=NS invest.motilaloswal.com ξ² β ξ² 10:34:08
;; Got SERVFAIL reply from fe80::a8ab:b5ff:fe25:2b64%15, trying next server
Server: 172.20.10.1
Address: 172.20.10.1#53
** server can't find invest.motilaloswal.com: SERVFAIL
~ ξ° nslookup -type=SOA invest.motilaloswal.com ξ² 1 β ξ² 10:34:15
;; Got SERVFAIL reply from fe80::a8ab:b5ff:fe25:2b64%15, trying next server
Server: 172.20.10.1
Address: 172.20.10.1#53
** server can't find invest.motilaloswal.com: SERVFAIL
I still have a question, why is it reachable via other DNS providers?
Some DNS resolver software will validate things and make sure that responses conform perfectly according to the standards / best current practices.
Other DNS resolver software will look very lenient regarding the standards / best current practices.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.