DNS_PROBE_FINISHED_NXDOMAIN on website after one year working

Website, Application, Performance DNS & Network
1

I have a domain. Pixelito.ir
I had set the domain to Cloudflare’s DNS and it was working normally for more than a year.
Since a 3 days ago, without making any changes in the codes or Cloudflare setting or server settings, the site is unavailable, and when I open the site in the browser, I encounter the following errors:
DNS ADDRESS COULD NOT BE FOUND
DNS_PROBE_FINISHED_NXDOMAIN

The Cloudflare Config Is :

Screenshot 1402-05-25 at 00.38.29
Screenshot 1402-05-25 at 00.38.292532×86 7.03 KB

Domain Whois :
Screenshot 1402-05-25 at 00.39.59

On the same server, I set another domain and the site is displayed easily. domain is config by Cloudflare.

What I have done so far:

1- I turned off the proxy
2- I turned on Under Attack Mode. In this case, the site was available for a few moments.
3- I made the security settings stronger.

But none of them were fruitful.
Does anyone have any ideas?

4

It looks like some DNS servers are having issues resolving it

3 Likes
5

How should I do this?
And how can this happen without changing anything?

6

You need to contact any DNS resolver that isn’t working correctly. It happened at the resolver level and had nothing to do with Cloudflare.

2 Likes
7

Right now, a.nic.ir, one of the root servers for the .ir top-level domain, is resolving your domain by itself rather than returning the delegation to your nameservers. It’s basically hijacking your domain and returning an incorrect (private) IP address.

% dig pixelito.ir @a.nic.ir

; <<>> DiG 9.10.6 <<>> pixelito.ir @a.nic.ir
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1123
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;pixelito.ir.                   IN      A

;; ANSWER SECTION:
pixelito.ir.            418     IN      A       10.10.34.36

;; Query time: 207 msec
;; SERVER: 193.189.123.2#53(193.189.123.2)
;; WHEN: Wed Aug 16 17:34:19 EDT 2023
;; MSG SIZE  rcvd: 45

The server a.nic.ir itself is unreachable from two of the four IP addresses I tried it from. But overall, it appears that a fraction (maybe 25%) of your lookups will return that private IP address, which is not what you want at all.

It may be deliberate on the part of whoever runs .ir but I have no way to know that.

3 Likes
8

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.