since I use I often get DNS_PROBE_FINISHED_NXDOMAIN in Chrome. When switching back to everything works fine.

Any idea why? An example site is https://www.corsicaferries.biz


Usually it’s the case that the authoritative DNS servers are broken in some ways, e.g. http://dnsviz.net/d/www.corsicaferries.biz/WtTHBQ/dnssec/

Knot-resolver is apparently a little more sensitive to some issues than some other implementations.


Neither of the nameservers for corsicaferries.com (or corsica-ferries.fr) supports EDNS properly (and half of the nameservers are broken completely). We’ll add overrides to disable most DNS protocol features for their nameservers to make it work at least.


Thanks, When will this be live?


Hi, I just pushed the overrides out, so the website should be resolving.


I believe this problem is bigger. There are too many sites not reachable. Even CNN Philippines: http://www.cnnphilippines.com


Works for me in my browser and dig:


Yes now it is working for me, too. But I get these NX error messages often. I don’t get them with the Google DNS…


I’m getting this with a different domain, ISP’s DNS returns the correct DNS but is returning null values: =
; <<>> DiG 9.10.6 <<>> ns muirfieldtravel.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57056
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;muirfieldtravel.com.		IN	NS

;; Query time: 47 msec
;; WHEN: Wed May 09 08:53:15 BST 2018
;; MSG SIZE  rcvd: 37


; <<>> DiG 9.10.6 <<>> ns muirfieldtravel.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33113
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 9

; EDNS: version: 0, flags:; udp: 512
;muirfieldtravel.com.		IN	NS

muirfieldtravel.com.	172489	IN	NS	ns-208.awsdns-26.com.
muirfieldtravel.com.	172489	IN	NS	ns-526.awsdns-01.net.
muirfieldtravel.com.	172489	IN	NS	ns-1305.awsdns-35.org.
muirfieldtravel.com.	172489	IN	NS	ns-1994.awsdns-57.co.uk.

ns-1305.awsdns-35.org.	151397	IN	A
ns-1305.awsdns-35.org.	156869	IN	AAAA	2600:9000:5305:1900::1
ns-1994.awsdns-57.co.uk. 146038	IN	A
ns-1994.awsdns-57.co.uk. 161919	IN	AAAA	2600:9000:5307:ca00::1
ns-208.awsdns-26.com.	150592	IN	A
ns-208.awsdns-26.com.	154979	IN	AAAA	2600:9000:5300:d000::1
ns-526.awsdns-01.net.	147008	IN	A
ns-526.awsdns-01.net.	156077	IN	AAAA	2600:9000:5302:e00::1

;; Query time: 61 msec
;; WHEN: Wed May 09 08:57:41 BST 2018
;; MSG SIZE  rcvd: 361


I have the same error message withmy website www.viosarp.gr where I have setup cloudflare. I have check it from various pc/mobiles and on some of them the problem exists. When I try to change to the dns of google it works.

But I think that this is not a solution. To inform all the clients to do this.

Any help on this please or if I can check anything to my setup on cloudflare or to my server please.


It seems to be resolving. Do you still see any problems?


I still have problem yes.
I dont know how to fix it as the problem exist to some of our clients visits.
I see the site fine but I have calls that some clients does not access the site.


I have this problem as well. The DNS for the site is using Cloudflare and when I use the cloudflare DNS servers on my device, the error occurs. bellinghamadvertising.com is the domain.


That domain has a DS record set at the registrar, but doesn’t have DNSSEC enabled at Cloudflare. and other validating resolvers can’t consider it valid. You have to delete the DS record at your registrar. If you want, you can enable DNSSEC on Cloudflare and set the DS record Cloudflare gives you.

bellinghamadvertising.com. 86400 IN     DS      12737 13 2 0E8EEF7C384249AAD82BEBCED36AD622768E17601E192DE2B1F205FA 120DA8D1


Thanks mnordhoff! You really nailed it.