DNS names have stopped to resolve on several public DNS servers

mishasam1 · March 8, 2022, 2:35am

Setup: I’ve two domains, both for freenom and have “.ga” Top-level domain. I’ve migrated them to Cloudflare few days ago by putting name servers offered by Cloudflare ( kara.ns.cloudflare.com and will.ns.cloudflare.com ) instead of registars ones. One of them is using Cloudflare proxy on A-Name record, the second one is just using A record for dns only. DNSSEC is off for both domains. TTL is set to “AUTO”. The only records are A names for one, and A name+C name for the another one. Both of them also have “TXT” records automatically added by Email Security configuration.
Router gets DNS servers by DHCP;
PC and other devices behind the router are getting DNS by DHCP from the router by requesting router.
Amazon’s AWS EC2 machine is getting DNS automatically, and in nslookup command the server is showed as 127.0.0.53

Situation: I can’t resolve any of them for like 16 hours or so by using dns-server provided with ISP’s DHCP (78.29.2.21, but I assume it won’t accept requests from outside anyway).
Also, when I use nslookup command and specify server “1.1.1.1” or “1.0.0.1”, which resolves to one.one.one.one correctly, I get DNS request timeout. Trying to resolve any other domain names with 1.1.1.1 is fine, as long as it’s not “.ga” TLD (my.ga for example).
When I use 8.8.8.8\8.8.4.4 sometimes it resolves to 188.114.xxx.xxx, sometimes it does not resolve at all. Right now I can’t resolve it from my router when I use google’s dns, I also can’t resolve it from the machine on Amazon’s AWS its pointing to, but on PC behind the router It do resolves to 188.114.x.x even after dns flushing by specifying exact same dns server.
I’ve also tried to specify Yandex’s DNS server (77.88.8.8) and its either does not resolve at all, or resolves on PC, while not resolving on router and aws. Or resolving on AWS, but not resolving on router and PC.

I’ve also tried to purge cache on Cloudflare DNS and Google DNS with no result.

I’ve tried to resolve it on several websites to:

dnschecker.org: resolves in 22 of 32 servers
nslookup.io: Cloudflare DNS, OpenDNS, Authoritative do resolve it most of the time. Sometimes google resolves it, sometimes it doesn’t. Same for Russia local DNS.
2ip.ru : Sometimes it does resolve to 188.114.x.x , sometimes it doesn’t resolve at all.

When I try to dig +trace , from devices that fail to resolve it, the last jump is

ga.                     172800  IN      NS      d.ns.ga.
ga.                     172800  IN      NS      a.ns.ga.
ga.                     172800  IN      NS      b.ns.ga.
ga.                     172800  IN      NS      c.ns.ga.
ga.                     86400   IN      NSEC    gal. NS RRSIG NSEC
ga.                     86400   IN      RRSIG   NSEC 8 1 86400 20220320170000 
...
...
...
;; Received 628 bytes from 192.36.148.17#53(i.root-servers.net) in 35 ms

On the devices that do resolve it, there are more jumps after that. If to be precise, the next jump is kara.ns.cloudflare.com and will.ns.cloudflare.com respectivly.

TOR browser resolves it correctly, same with EPIC browser’s proxy (I don’t know which dns server they are using)
I’ve contacted my ISP (just in case) and they don’t know what’s the problem too.

UPD: I’ve also tested both domains with Diagnostic Center | Check SSL and Test Website Security | Cloudflare and got “Request Failed” in “Check nameservers” saying: dnsexception Error when communicating with the DNS server.
Hovewer, I’ve also got “Looking Good!” for “Check if connecting to ‘domain.com’ works” test.

UPD2: I’ve also forgot to mention that I’m not using any firewall anywhere, including my devices, Cloudflare and the server itself.

UPD3: mxtoolbox finds a-name records correctly.

dan43 · March 8, 2022, 7:46am

I’m having the same problem for my domain asti.ga but only from certain locales. asti.ga is also registered via Freenom.

A customer in the Singapore region cannot resolve asti.ga:

$ dig @1.1.1.1 asti.ga

(asti.ga’s DNS is hosted by Cloudflare, btw).

Gives SERVFAIL with the EDNS saying:

OPT=15 [...] "time limit exceeded"

I’m not experiencing the problem myself (I’m in the UK) and I’ve not had any other reports of it.

dan43 · March 8, 2022, 10:04am

It’s all resolving now. @mishasam1 is it working for you too now?

mishasam1 · March 8, 2022, 2:40pm

Yes. I just woke up and everything is working perfectly for both of my domains. Every service resolves everything, every server in nslookup resolves without any timeouts and correctly on every device.

Its funny how last time I went to sleep everything broke, and now I went to sleep and everything got fixed.

However, I don’t know what was that, what was the problem or how can I prevent it in the future. Also I’m currently a student in SysAdministration and I will probably face the same problem in future but from the NS-server administrator perspective, so this knowlage is crucial.

dan43 · March 8, 2022, 2:53pm

I also saw freenom domain not working with blogger - Google Search Central Community mentioning the .ga TLD and freenom in the last 24 hours.

It might be a general problem? But I can’t see any other mention of it.

mishasam1 · March 8, 2022, 3:12pm

Thats the fun part.
I’ve been actively looking for any posts withing 24hrs on any theme related to either .ga TLD, or DNS and haven’t found anything about the situation. I’ve looked through posts in Cloudflare community with the same problem, as well as any dns-related posts within a week, and haven’t found ANYTHING. So I wasn’t even sure if the problem is global.

system · March 23, 2022, 3:12pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.