Intermittent DNS failure for one domain

I am having an issue with a piece of software which keeps failing due to an inability to resolve a particular domain. I’m using 1.1.1.1 as my primary. and 1.0.0.1 as my secondary. For some reason a good portion of the time, the DNS returns no IP addresses, and other times it returns the correct IP addresses.

The address in question is acc.edelivery.tech.ec.europa.eu.

Take these two dig examples, both within less than 1 second of each other:

# 11:05:11
$ dig @1.1.1.1 acc.edelivery.tech.ec.europa.eu

; <<>> DiG 9.10.6 <<>> @1.1.1.1 acc.edelivery.tech.ec.europa.eu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49012
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 06 ("..")
;; QUESTION SECTION:
;acc.edelivery.tech.ec.europa.eu. IN	A

;; Query time: 18 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Apr 15 11:05:11 BST 2021
;; MSG SIZE  rcvd: 66

# 11:05:11
$ dig @1.1.1.1 acc.edelivery.tech.ec.europa.eu

; <<>> DiG 9.10.6 <<>> @1.1.1.1 acc.edelivery.tech.ec.europa.eu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40254
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;acc.edelivery.tech.ec.europa.eu. IN	A

;; ANSWER SECTION:
acc.edelivery.tech.ec.europa.eu. 120 IN	A	147.67.35.45
acc.edelivery.tech.ec.europa.eu. 120 IN	A	147.67.211.45

;; Query time: 151 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Apr 15 11:05:12 BST 2021
;; MSG SIZE  rcvd: 92

The first call returned no IP addresses, but the second returned the two correct addresses.
What is the cause of this intermittent failure?

What error code is it? It could be a 4xx client side error, 5xx sever error or 1xxx error. If it’s an error ranging between 400-459 visit 4xx Client Error – Cloudflare Help Center If it’s from 500-530 visit Troubleshooting Cloudflare 5XX errors – Cloudflare Help Center If it’s from 1000-1200 visit Troubleshooting Cloudflare 1XXX errors – Cloudflare Help Center All other responce codes (1xx informational, 2xx success and 3xx redirect) are not errors.

It is not a HTTP error I’m experiencing. It is a failure to resolve the IP addresses for the service as you can see from the dig commands I attached. Sometimes 1.1.1.1 returns the IP addresses, other times it returns no addresses, sometimes within a second of each other.

Are cloudflare IP’s blocked? If so, that maybe why make sure all IP’s in the list below are not blocked!

No the IP’s for Cloudflare are not blocked. In this case I am talking to 1.1.1.1 and 1.0.0.1. Both always respond successfully, but sometimes say there are no IP addresses for the server I am looking up, other times return the correct IP addresses.

What about DNS records?

The DNS records are what I’m having issues with. As I have stated, the DNS A records for this site are sometimes not returned from 1.1.1.1 and 1.0.0.1.

This post was flagged by the community and is temporarily hidden.

This site is not owned or controlled by me, but I need to interact with it.
The owner of the site has stated they have not seen any issues with their name servers, and no one else has reported anything, so they believe this is an issue with 1.1.1.1.

This post was flagged by the community and is temporarily hidden.

I don’t think you are understanding the issue itself.
I am not trying to change the name servers for this site. I am simply trying to query the 1.1.1.1 DNS service for their A records.
Sometimes 1.1.1.1 does not give back the IP addresses for the service, other times it does not.

The OP issue is totally unrelated to Cloudflare Dashboard DNS management, so it’s better not to suggest a solution which is not relevant to OP’s issue.

Now the problem is 1.1.1.1 DNS resolver was unable to resolve the domains OP mentioned.

1 Like

Sorry, won’t happen again

Maybe you can try this:

https://1.1.1.1/purge-cache/

Hopefully this helps.

Thank you, I’ve just tried this but purging that cache has put it back to a state of returning no records for a short period of time.
It almost appears as if the cache is expiring, and not being refreshed immediately.
I believe the TTL on these records is only 120 seconds, so I would not expect them to be cached for any length of time.
When I query the authority for this domain via dig @ns1lux.europa.eu acc.edelivery.tech.ec.europa.eu., the response comes back in 36 ms, so I don’t know why it would take so long to update in Cloudflare, although I must admit I do not understand the inner workings of DNS.

1 Like

This post was flagged by the community and is temporarily hidden.

Unfortunately it’s a bit tricky to get support from Cloudflare for 1.1.1.1 related issues. Maybe @MVP knows how to contact Cloudflare support for 1.1.1.1 related issues (I mean, without having a Cloudflare dashboard account in the first place)?

1 Like

There is at least one glue issue, and one nameserver no responding via UDP, this together could cause all sorts of weirdness. I’m not in my office yet and not sure I understand modern resolvers well enough to know what exactly to expect, but any time there is a glue issue there is potential for intermittent failures as the state of the cache and order resolvers are queried becomes relevant.

https://dnsviz.net/d/acc.edelivery.tech.ec.europa.eu/dnssec/

2 Likes

I have not seen dnsvis.net before, this is a very useful tool thank you!
I don’t fully understand what those errors mean, but I’ll take then back to the site operator and see if there are changes they can make to resolve them.

1 Like