Looks like one of the subdomains we have the DNS hosted here for ( my.render.st ) is returning errors. Our monitoring service (binarycanary) is constantly getting errors. And we also have many customers complaining of being unable to access the site under this subdomain.
Here’s the error message from the monitoring service:
Error message: ERRHTTP13 HTTPMonitor Error. Unknown Host Exception: my.render.st
That error syntax looks to be specific to your monitoring service. What error message are the customers seeing?
Most customers are just complaining of not being able to access the site. Some sent us console logs from Chrome that look like this:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
That sure sounds like DNS, but it resolves everywhere I checked. Does you monitoring service ever get a successful connection? For the customers, it sounds like some customers can never connect. Do you have a responsive customer you can ask them to change their DNS resolver to something like 1.1.1.1/1.0.0.1 or 9.9.9.9 (or Google DNS)?
The monitoring service connects most of the time, but since today it shows an increased number of DNS issues. Attaching a screenshot from them.
I also checked with a few DNS check services and they show all green.
Also, for customers, they most of the time connect, but sometimes the DNS fails and they are not able to connect. Often enough to be annoying so they write to us.
If you check the Analytics page for your zone in dash.cloudflare.com, does it show any problems?
Thanks for pointing to that page. I was not aware it existed. There are lots of errors there, indeed.
Do you know if there’s any way to get more information on what the individual errors are?
Attaching a couple screenshots.
Only Paid Plans show the hostnames in the query. Even then, on less than an Enterprise plan, I wouldn’t know how to dig deeper other than by getting help from Support. I’ll bump this into the Escalation queue for the next on-duty staff member to take a look.
Thanks, I appreciate your help
So I don’t see any issues resolving my.render.st here or worldwide:
https://dig.ping.pe/my.render.st:A:8.8.8.8
https://dig.ping.pe/my.render.st:A:1.1.1.1
https://wheresitup.com/demo/results/60ccc532262aa77cb8794223
From a location where you are seeing the error, it’s good to use something like dig to see what DNS response you are receiving, e.g.
dig my.render.st
dig @1.1.1.1 my.render.st
dig @8.8.8.8 my.render.st
I’m just wondering what’s really going on. Cloudflare is returning NXDOMAIN responses for a lot of queries. So are they actually bad queries, or is the ‘my’ subdomain sometimes not resolving?
Unfortunately, I don’t have access to a location where I can test that. On all servers I have access to and on my computers it works well. On many customers’ computers it doesn’t and on also binarycanary reports DNS failures from time to time.
Is there any chance to see what the NXDOMAIN responses are for?
I there - apologies - I misread your question there and focused on the wrong point - the deeper DNS analytics can only be filtered by hostname on our Enterprise plans.
Any other ideas on what may be wrong here and what we can do to fix this? Would increasing the TTL from 5 minutes to 1 hour help reduce the errors?
@sorin - This started happening to one of my subdomains as well. Only one from what I can tell and is very aggrevating. The ttl was set to auto (which by default was 5 mins) and NXDOMAIN was being returned randomly for all my customers. Some worked some of the time, some didn’t.
I changed the TTL on that single subdomain to 1H and it has helped (resolved?) ← I’m still monitoring.
@a9l Thanks for confirming that increasing the TTL helps. I changed that as well and will monitor to see if it fixes it.
I can confirm the same finding on my side. Increasing the TTL to 1 hour just for this particular subdomain dropped the NXDOMAIN responses to almost zero.
This looks like an issue no cloudflare’s side in my opinion, one that should be check ed as it may affect many others.
Open a ticket and post the number here. @simon is probably still watching this thread and might dig up some theories on what’s happening.
@sorin My NXDOMAIN responses has remained almost nonexistent as well over the last 18h. I suspect a policy changed occurred on CloudFlare’s side perhaps related to rate limiting the number of dns queries on the free tier plan. Chances are if the queries come from the larger providers (e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc) they are excluded, but if you have multiple queries coming from a smaller DNS server, they hit the new rate limited rule.
I am unable to find supporting material for this, so would be good if someone from NET can confirm.
@sdayman unfortunately I have a free account, so opening a ticket is not possible. Got the message about having too many requests for free support. It’s understandable and I do not expect to receive support with a free account, just pointing out that opening a ticket is not possible.
@a9l this is a very smart speculation. It’s very possible this started happening. We don’t have a lot of unique traffic to this site, but there are many requests from the same users and with a 5 minutes TTL it probabil generated a larger number of DNS requests.
