DNS queries against domains using a SOA record of worldnic[.]com(networksolutions) fails @1.1.1.1

Here’s the pattern I’m finding so far.

  • If I dig against 1.1.1.1 on records for domains that have SOA pointing to *.worldnic[.]com, I get an answer of “opcode: QUERY, status: SERVFAIL”.
  • The SOA ponts to worldnic[.]com servers
  • If I change the dns server I query against to say 8.8.8.8, it resolves. I’ve tested against several other public dns servers too with the same results where worldnic[.]com being the authoritative name servers for the queried domains results in a successful response.

Two Examples:
$ dig soa rightfish.net @8.8.8.8

; <<>> DiG 9.16.1-Ubuntu <<>> soa rightfish.net @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20994
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;rightfish.net.			IN	SOA

;; ANSWER SECTION:
rightfish.net.		7199	IN	SOA	NS29.WORLDNIC.COM. namehost.WORLDNIC.COM. 120062018 10800 3600 604800 3600

;; Query time: 112 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jun 23 08:32:36 PDT 2020
;; MSG SIZE  rcvd: 104

$ dig rightfish.net @1.1.1.1

; <<>> DiG 9.16.1-Ubuntu <<>> rightfish.net @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 65147
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;rightfish.net.			IN	A

;; Query time: 1960 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Jun 23 08:34:16 PDT 2020
;; MSG SIZE  rcvd: 42

$ dig rightfish.net @8.8.8.8

; <<>> DiG 9.16.1-Ubuntu <<>> rightfish.net @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43081
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;rightfish.net.			IN	A

;; ANSWER SECTION:
rightfish.net.		7199	IN	A	208.91.197.27

;; Query time: 132 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jun 23 08:34:22 PDT 2020
;; MSG SIZE  rcvd: 58

=================
$ dig SOA bigyearconsulting.com @8.8.8.8

; <<>> DiG 9.16.1-Ubuntu <<>> SOA bigyearconsulting.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22370
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;bigyearconsulting.com.		IN	SOA

;; ANSWER SECTION:
bigyearconsulting.com.	7199	IN	SOA	NS9.WORLDNIC.com. namehost.WORLDNIC.com. 120062017 10800 3600 604800 3600

;; Query time: 96 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jun 23 08:36:48 PDT 2020
;; MSG SIZE  rcvd: 108

$ dig bigyearconsulting.com @8.8.8.8

; <<>> DiG 9.16.1-Ubuntu <<>> bigyearconsulting.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62386
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;bigyearconsulting.com.		IN	A

;; ANSWER SECTION:
bigyearconsulting.com.	7199	IN	A	206.188.193.101

;; Query time: 100 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jun 23 08:36:55 PDT 2020
;; MSG SIZE  rcvd: 66
$ dig bigyearconsulting.com @1.1.1.1

; <<>> DiG 9.16.1-Ubuntu <<>> bigyearconsulting.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 28764
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;bigyearconsulting.com.		IN	A

;; Query time: 1960 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Jun 23 08:37:02 PDT 2020
;; MSG SIZE  rcvd: 50

=============

I have no affiliations to either of those domains. I simply used them along with several others as tests since their SOA has worldnic[.]com listed in the answer section.

Just an observation, and I hope if helps others.

It appears the issue may have just been resolved. I’m not sure if it was cloudflare’s side or networksolutions, but I can now resolve records for those previously listed domains @1.1.1.1.