We are experiencing an issue when attempting to resolve the domain primafuture.com
using Cloudflare’s DNS resolver at 1.1.1.1
. The problem occurs with the following command:
curl --header "accept: application/dns-json" "https://1.1.1.1/dns-query?name=primafuture.com"
This returns the following error:
{"Status":2,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"primafuture.com","type":1}],"Comment":["EDE(22): No Reachable Authority at delegation primafuture.com."]}
However, upon checking the logs on our bind9
server, it shows that the request to the authoritative DNS server is being processed and approved, as shown below:
17-Sep-2024 07:11:03.660 client @0x7f401d412168 172.68.212.69#30616: UDP request
17-Sep-2024 07:11:03.660 client @0x7f401d412168 172.68.212.69#30616: using view '_default'
17-Sep-2024 07:11:03.660 client @0x7f401d412168 172.68.212.69#30616: request is not signed
17-Sep-2024 07:11:03.660 client @0x7f401d412168 172.68.212.69#30616: recursion not available (allow-recursion did not match)
17-Sep-2024 07:11:03.660 client @0x7f401d412168 172.68.212.69#30616 (primafuture.com): query 'primafuture.com/A/IN' approved
17-Sep-2024 07:11:03.660 client @0x7f401d412168 172.68.212.69#30616 (primafuture.com): set ede: info-code 18 extra-text (null)
17-Sep-2024 07:11:03.660 client @0x7f401d412168 172.68.212.69#30616 (primafuture.com): reset client
17-Sep-2024 07:11:04.160 client @0x7f401d412168 172.68.212.69#30616: UDP request
17-Sep-2024 07:11:04.160 client @0x7f401d412168 172.68.212.69#30616: using view '_default'
17-Sep-2024 07:11:04.160 client @0x7f401d412168 172.68.212.69#30616: request is not signed
17-Sep-2024 07:11:04.160 client @0x7f401d412168 172.68.212.69#30616: recursion not available (allow-recursion did not match)
17-Sep-2024 07:11:04.160 client @0x7f401d412168 172.68.212.69#30616 (primafuture.com): query 'primafuture.com/A/IN' approved
17-Sep-2024 07:11:04.160 client @0x7f401d412168 172.68.212.69#30616 (primafuture.com): set ede: info-code 18 extra-text (null)
17-Sep-2024 07:11:04.160 client @0x7f401d412168 172.68.212.69#30616 (primafuture.com): reset client
When performing the same DNS query from a web-based dig tool, such as digwebinterface com, the DNS resolution is successful:
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.16.tuxcare.els4 <<>> +additional +nsid primafuture.com. @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52183
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 12 ("..")
; NSID: 37 33 35 6d 31 30 31 ("735m101")
;; QUESTION SECTION:
;primafuture.com. IN A
;; ANSWER SECTION:
primafuture.com. 3600 IN A 87.236.194.79
;; Query time: 262 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Sep 17 07:52:07 CEST 2024
;; MSG SIZE rcvd: 77
However, when running the same query from my local machine using the following command:
dig +additional +nsid primafuture.com. @1.1.1.1
I get a SERVFAIL
response:
; <<>> DiG 9.16.1-Ubuntu <<>> +additional +nsid primafuture.com. @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56085
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 16 61 74 20 64 65 6c 65 67 61 74 69 6f 6e 20 70 72 69 6d 61 66 75 74 75 72 65 2e 63 6f 6d 2e ("..at delegation primafuture.com.")
; NSID: 33 31 6d 36 38 ("31m68")
;; QUESTION SECTION:
;primafuture.com. IN A
;; Query time: 2007 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Út zář 17 07:52:36 CEST 2024
;; MSG SIZE rcvd: 89