Dns_probe_finished_nxdomain


#1

Hi,

since I use 1.1.1.1 I often get DNS_PROBE_FINISHED_NXDOMAIN in Chrome. When switching back to 8.8.8.8 everything works fine.

Any idea why? An example site is https://www.corsicaferries.biz


#2

Usually it’s the case that the authoritative DNS servers are broken in some ways, e.g. http://dnsviz.net/d/www.corsicaferries.biz/WtTHBQ/dnssec/

Knot-resolver is apparently a little more sensitive to some issues than some other implementations.


#3

Neither of the nameservers for corsicaferries.com (or corsica-ferries.fr) supports EDNS properly (and half of the nameservers are broken completely). We’ll add overrides to disable most DNS protocol features for their nameservers to make it work at least.


#4

Thanks, When will this be live?


#5

Hi, I just pushed the overrides out, so the website should be resolving.


#6

I believe this problem is bigger. There are too many sites not reachable. Even CNN Philippines: http://www.cnnphilippines.com


#7

Works for me in my browser and dig:


#8

Yes now it is working for me, too. But I get these NX error messages often. I don’t get them with the Google DNS…


#9

I’m getting this with a different domain, ISP’s DNS returns the correct DNS but 1.1.1.1 is returning null values:

1.1.1.1 =
; <<>> DiG 9.10.6 <<>> ns muirfieldtravel.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57056
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;muirfieldtravel.com.		IN	NS

;; Query time: 47 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed May 09 08:53:15 BST 2018
;; MSG SIZE  rcvd: 37

ISPs DNS =

; <<>> DiG 9.10.6 <<>> ns muirfieldtravel.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33113
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;muirfieldtravel.com.		IN	NS

;; ANSWER SECTION:
muirfieldtravel.com.	172489	IN	NS	ns-208.awsdns-26.com.
muirfieldtravel.com.	172489	IN	NS	ns-526.awsdns-01.net.
muirfieldtravel.com.	172489	IN	NS	ns-1305.awsdns-35.org.
muirfieldtravel.com.	172489	IN	NS	ns-1994.awsdns-57.co.uk.

;; ADDITIONAL SECTION:
ns-1305.awsdns-35.org.	151397	IN	A	205.251.197.25
ns-1305.awsdns-35.org.	156869	IN	AAAA	2600:9000:5305:1900::1
ns-1994.awsdns-57.co.uk. 146038	IN	A	205.251.199.202
ns-1994.awsdns-57.co.uk. 161919	IN	AAAA	2600:9000:5307:ca00::1
ns-208.awsdns-26.com.	150592	IN	A	205.251.192.208
ns-208.awsdns-26.com.	154979	IN	AAAA	2600:9000:5300:d000::1
ns-526.awsdns-01.net.	147008	IN	A	205.251.194.14
ns-526.awsdns-01.net.	156077	IN	AAAA	2600:9000:5302:e00::1

;; Query time: 61 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed May 09 08:57:41 BST 2018
;; MSG SIZE  rcvd: 361