DNS stopped responding about 20 minutes ago, giving "Server failed" error in nslookup command via terminal

Just about 20 minutes ago our operational service stopped working due to DNS error, didn’t find anything related to maintenance in Russia on today :frowning:

image

1 Like

The domain looks good, DNSSEC as well. I wonder if there may be an intermittent issue with the parent nameservers at dns.ripn.net - the registry does not seem to resolve either → cctld.ru - even the government domain does not seem to always resolve

When querying them directly, it works though.

@grenadiumdota, if you have a Twitter account, did you check there already?

Calling in the cavalry - @MVP

2 Likes

That’s what I experience:

;; communications error to 2001:678:14:0:193:232:156:17#53: timed out
;; communications error to 2001:678:14:0:193:232:156:17#53: timed out
FISHSTATION.ru.         345600  IN      NS      anahi.ns.cloudflare.com.
FISHSTATION.ru.         345600  IN      NS      graham.ns.cloudflare.com.
;; Received 120 bytes from 2001:678:14:0:193:232:156:17#53(f.dns.ripn.net) in 172 ms
;; communications error to 193.232.128.6#53: timed out
;; communications error to 193.232.128.6#53: timed out
;; communications error to 193.232.128.6#53: timed out
;; communications error to 193.232.142.17#53: timed out
;; communications error to 2001:678:17:0:193:232:128:6#53: timed out
;; communications error to 2001:678:15:0:193:232:142:17#53: timed out
;; communications error to 2001:678:16:0:194:85:252:62#53: timed out
fishstation.ru.         345600  IN      NS      anahi.ns.cloudflare.com.
fishstation.ru.         345600  IN      NS      graham.ns.cloudflare.com.
;; Received 108 bytes from 2001:678:14:0:193:232:156:17#53(f.dns.ripn.net) in 188 ms
3 Likes

Only realised now that’s not RIPE :smile:

1 Like

Forgot about twitter since it was blocked several years ago in our country ;(
Unfortunately I’m too inexperienced to try find something there, tried different tags and keywords
So that’s more likely an issue with main\entry dns servers in Russia? Like world → russian gateway (fail) → russian isp?

I also have a problem with DNS resolution for .RU domain. .NET and .APP domains from the same CF account works good. :frowning:

You are not missing out much, so I guess the block is for the better :smile:

This may be an issue with the Russian registry, though it’s difficult to fully confirm that. The registry’s nameservers simply appear to be not reachable from everywhere. If this is an issue with the registry or there are some international connectivity issues is (especially in these days) hard to tell.

Are you based in Russia? If so, do you have resolution issues with a local ISP as well? If so, it should be an issue with the registry.

1 Like

Even it might not be the case, however I’d just like to add a note, once a while (3 years ago) I’ve had one .ru ccTLD registered. Was using Cloudflare nameservers and the DNSSEC was also enabled. It was eurodns.com registrar. No issue with it.

1 Like

But if you have a Russian equivalent to Twitter, maybe check that out.

If that is general issue, I would assume some people who already thought they have a nice evening off are currently rushing to https://maps.app.goo.gl/JYBKKM9KkjDR9TqXA

1 Like

Several friends asked me about this issue just 10 minutes before I posted this thread, they couldn’t connect to some (or most) Russian websites as well due to DNS error (they are using default DNS servers provided by ISP)
Just contacted my VPS provider and several others - seems like something with DNSSEC and other main DNS servers here

Thank you all for quick replies!

1 Like

No, should not be DNSSEC. That’s a general resolution issue.

2 Likes

I’m no expert in this area for sure and don’t want to argue hehe
In case you’re curious and in case someone is looking for answer right now, here’s what I found, fresh post since 40 minutes ago (god forgive me for external links if they are prohibited): https://habr.com/ru/news/790188/

Might want to translate it to English with Google Chrome unless you speak russian haha

Yeah, that’s not really accurate I am afraid. It does not resolve in the first place.

Anyhow, @fritex also found a Russian link - Упали все домены в зоне RU. Проблемы с DNS - Доменные имена - Сайтостроение - Форум об интернет-маркетинге

1 Like

To be fair, Hacker News also claims that it is DNSSEC related - Russian TLD .RU fails DNSSEC validation | Hacker News - however I wouldn’t be entirely sure they are right either.

Your domain, for example, does not even appear to be signed. Of course, there could be an issue with .ru itself, but considering that the connection itself did not work, I am still confident this had nothing to do with DNSSEC and Hacker News is wrong :slight_smile:

1 Like

Can still take a couple of hours, but generally it would seem as if the issue was fixed.

Yeah, people reporting that it should be working by now but dns ttl and recaching (propagation? idk) might take a while, just noticed how my game server responds offline from time to time
And I was about to go sleep several hours ago :((((((((

Thank you again!

Yeah, the TLD servers should be working again, but cached entries could still be an issue for the next hours. But on the other hand, without caching the whole DNS thing might not work :slight_smile:

I would recommend to get a good night’s sleep regardless of server availability or not, unless that’s your main job of course :slight_smile:

Good night :sleeping_bed:

2 Likes

@grenadiumdota, all of that being said, you actually do have a security issue with your site. You have no certificate on your server and an outdated encryption mode on Cloudflare. Your site has no encryption I am afraid.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.