How to tell 1.1.1.1 that some sites are not resolving?

weather.gc.ca
ec.gc.ca
for a couple days now many other sites from the gc.ca are not resolving from 1.1.1.1 or 1.0.0.1.

They both resolve for me on both resolvers.

they resolve for me if I do not use the cloudfare yyc (calgary) 1.1.1.1
so the issue is only on the 1.1.1.1 yyc

$ ./hlmonitor
Last login: Thu Aug 19 18:58:14 2021 from 199.247.206.234
[[email protected] ~]$ dig ec.gc.ca @1.1.1.1

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> ec.gc.ca @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23439
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 16 ("…")
;; QUESTION SECTION:
;ec.gc.ca. IN A

;; Query time: 2815 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Aug 19 19:05:10 MDT 2021
;; MSG SIZE rcvd: 43

[[email protected] ~]$ dig ec.gc.ca @1.0.0.1

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> ec.gc.ca @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63001
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 16 ("…")
;; QUESTION SECTION:
;ec.gc.ca. IN A

;; Query time: 2131 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Thu Aug 19 19:05:42 MDT 2021
;; MSG SIZE rcvd: 43

[[email protected] ~]$ dig ec.gc.ca @8.8.8.8

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> ec.gc.ca @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30370
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ec.gc.ca. IN A

;; ANSWER SECTION:
ec.gc.ca. 599 IN A 199.212.18.76

;; Query time: 123 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug 19 19:05:46 MDT 2021
;; MSG SIZE rcvd: 53

[[email protected] ~]$ dig +short CHAOS TXT id.server @1.1.1.1
“YYC”
[[email protected] ~]$ dig +short CHAOS TXT id.server @1.0.0.1
“YYC”
[[email protected] ~]$ dig @ns3.cloudfare.com whoami.Cloudfare.com txt +short

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> @ns3.cloudfare.com whoami.Cloudfare.com txt +short
; (4 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached
[[email protected] ~]$

[[email protected] ~]$ sudo traceroute -I 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
1 gateway (199.247.207.241) 1.349 ms 1.373 ms 1.383 ms
2 104-37-148-26.whipcord.com (104.37.148.26) 97.829 ms 97.870 ms 97.878 ms
3 104-37-148-30.whipcord.com (104.37.148.30) 46.305 ms 46.335 ms 46.330 ms
4 * * *
5 gw-cloudflare.yycix.ca (206.126.225.41) 30.759 ms 30.779 ms 31.251 ms
6 one.one.one.one (1.1.1.1) 27.476 ms 27.795 ms *

we are 199.247.206.0/23

So ec.gc.ca and other sites from gc.ca will not resolve for me when we use the yyc 1.1.1.1 proxy

How do I get someone in Cloudfare to look at this issue?

ec.gc.ca does resolve from other 1.1.1.1 proxies it just will not resolve from the yyc 1.1.1.1 and we are a hop away from the 1.1.1.1 and weather.gc.ca ec.gc.ca and several other govt of canada sites will not resolve from yyc 1.1.1.1

Hi @corey7 ,

Sorry about this. There seems to be an connectivity issue between our servers and the upstream name servers. I applied a workaround, hope this fixed your issue. Thanks.

1 Like

@anb
yes this worked!! :slight_smile:

thanks

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.