Filipstad.se: DNS_PROBE_FINISHED_NXDOMAIN

Benadryl_Claritin · July 10, 2023, 7:53am

Hi,
I can open www.filipstad.se. Error message in browser: DNS_PROBE_FINISHED_NXDOMAIN

The site resolves fine with my provider’s dns (Deutsche Telekom)

nslookup filipstad.se  1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find filipstad.se: Server failed

nslookup filipstad.se  1.0.0.1
Server:  one.one.one.one
Address:  1.0.0.1

*** one.one.one.one can't find filipstad.se: Server failed

nslookup filipstad.se  8.8.8.8
Server:  dns.google
Address:  8.8.8.8

*** dns.google can't find filipstad.se: Server failed

nslookup -class=chaos -type=txt id.server 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
id.server       text =

        "HAM"

nslookup -class=chaos -type=txt id.server 1.0.0.1
Server:  one.one.one.one
Address:  1.0.0.1

Non-authoritative answer:
id.server       text =

        "HAM"

https://dnsviz.net/d/filipstad.se

Benadryl_Claritin · July 10, 2023, 7:56am

Apologies it resolves fine with Wilhelm.Tel (www.wtnet.de) DNS:

nslookup filipstad.se  213.209.104.220
Server:  dns-cache-1.wtnet.de
Address:  213.209.104.220

Non-authoritative answer:
Name:    filipstad.se
Address:  185.94.60.51

nslookup filipstad.se  213.209.104.250
Server:  dns-cache-2.wtnet.de
Address:  213.209.104.250

Non-authoritative answer:
Name:    filipstad.se
Address:  185.94.60.51

Chaika · July 10, 2023, 1:09pm

Your DNSSEC is messed up. I saw you linked to dnsviz, but the last result was from over a year ago. I reran it, and you have some sort of weird mess: filipstad.se | DNSViz. It looks like @nsext.filipstad.se/185.94.60.61 is responding with the right signed records, but @gw.filipstad.se/185.94.60.2 isn’t.

Your ISP’s Resolver probably isn’t validating DNSSEC.

Benadryl_Claritin · July 10, 2023, 7:09pm

Hi, this isn’t my site so I’m not sure what you mean with “your dnssec is messed up”. I can only say that with Cloudflare DNS I can’t access the page and with other DNS servers I can. This is what counts.

Chaika · July 10, 2023, 7:17pm

I see, sorry for the confusion. Yea, it’s nothing on your end. Cloudflare and other DNS Resolvers like Google are doing the right thing, and failing intermittently due to a security misconfiguration on the website owners end. As you have discovered, some DNS Resolvers do not properly validate/enforce that, including a lot of Internet Service Provider Owned DNS Resolvers. The website owner has purposefully turned on the security mechanism, DNSSEC, and Cloudflare/etc are merely honoring it. If you have a way to contact the website and inform them of such an issue (linking DNSViz as well would probably be helpful), that would help them fix the issue.

Benadryl_Claritin · July 10, 2023, 8:04pm

It strangely works now

system · July 13, 2023, 8:04pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.