Getting SERVFAIL for some (seemingly valid) domains

I am trying to understand an issue that I am having with dns, using 1.1.1.1. Technically, I’m using a pihole server to point to a local instance of an unbound server, which then points to 1.1.1.1. Way more frequently than I’d like, I get errors when browsing on my local network where the brower complains it can’t find the server. If I don’t have time to debug, I disconnect from wifi on my mobile, reload the page, and reconnect to wifi and it works fine. But today I had time to debug. The site I am trying to visit is on the domain “archive.is”. I’m not sure what result the browser is getting, but I am trying to understand the difference in output from these three dig commands:

[email protected]:/etc $ dig archive.is @1.1.1.1 -p 53

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Raspbian <<>> archive.is @1.1.1.1 -p 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31311
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;archive.is.                    IN      A

;; AUTHORITY SECTION:
archive.is.             54668   IN      NS      anna.ns.cloudflare.com.
archive.is.             54668   IN      NS      ben.ns.cloudflare.com.

;; Query time: 8 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Jul 14 11:09:33 CDT 2020
;; MSG SIZE  rcvd: 103

[email protected]:/etc $ dig archive.is @8.8.8.8 -p 53

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Raspbian <<>> archive.is @8.8.8.8 -p 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29929
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;archive.is.                    IN      A

;; ANSWER SECTION:
archive.is.             299     IN      A       5.196.68.232

;; Query time: 54 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jul 14 11:09:37 CDT 2020
;; MSG SIZE  rcvd: 55

[email protected]:/etc $ dig archive.is @9.9.9.9 -p 53

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Raspbian <<>> archive.is @9.9.9.9 -p 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18174
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;archive.is.                    IN      A

;; ANSWER SECTION:
archive.is.             300     IN      A       5.196.68.232

;; Query time: 225 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Tue Jul 14 11:09:47 CDT 2020
;; MSG SIZE  rcvd: 55

The 5.196.68.232 address seems to be the correct answer. Why is cloudflare returning NS records? Also, the host command output:

[email protected]:/etc $ host archive.is 1.1.1.1
Using domain server:
Name: 1.1.1.1
Address: 1.1.1.1#53
Aliases:

Host archive.is not found: 2(SERVFAIL)
Host archive.is not found: 2(SERVFAIL)
[email protected]:/etc $ host archive.is 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

archive.is has address 5.196.68.232
archive.is mail is handled by 1 aspmx.l.google.com.
archive.is mail is handled by 5 alt1.aspmx.l.google.com.
archive.is mail is handled by 5 alt2.aspmx.l.google.com.
archive.is mail is handled by 10 aspmx2.googlemail.com.
archive.is mail is handled by 10 aspmx3.googlemail.com.

Please see existing conversations about the archive family of sites:


2 Likes

Thank you. I didn’t consider that it was a ‘domain-specific’ problem and only used generic terms when I was searching. I think I understand the issue now.