May someone please explain why Cloudfare DNSs does not resolve this domain?

jgabriel · June 14, 2023, 8:46am

Please may someone explain why all public DNS may resolve the domain q10gestion . com but Cloudfare cannot?

Dnssec has been activated today to see if it fixes the issuie, but still no luck.

Tks!

anon9246926 · June 14, 2023, 9:20am

I beg to differ. dig @8.8.8.8 q10gestion.com returns no answer.

Why would that help?

Perhaps this is the issue:

$ dig q10gestion.com +trace

couldn't get address for 'dns11.binariaweb.net': not found
couldn't get address for 'dns12.binariaweb.net': not found
dig: couldn't get address for 'dns11.binariaweb.net': no more

jgabriel · June 14, 2023, 9:31am

Thanks for your reply,
We thought it was a dnssec requiriment for Cloudflare. There is no place where I can check their requirements to list a domain that appears in all the other public DNS.
PS. When I use nslookup all the dns servers but Cloudflare ones reply.

anon9246926 · June 14, 2023, 9:38am

nslookup q10gestion.com
;; Got SERVFAIL reply from 1.0.0.1, trying next server
;; Got SERVFAIL reply from 2606:4700:4700::1111, trying next server
Server:		1.1.1.1
Address:	1.1.1.1#53

** server can't find q10gestion.com: SERVFAIL

I get a response which gives another version of Respuesta no autoritativa.

binariaweb.net isn’t accessible as a domain the nameservers aren’t available, so no service will find your domain.

jgabriel · June 14, 2023, 9:48am

Thanks again , when I dig online, all of them resolve except Cloudflare.

Laudian · June 14, 2023, 9:50am

You have a problem with your DNSSEC:

dig +trace +nodnssec q10gestion.com

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> +trace +nodnssec q10gestion.com
;; global options: +cmd
.                       4193    IN      NS      j.root-servers.net.
.                       4193    IN      NS      b.root-servers.net.
.                       4193    IN      NS      g.root-servers.net.
.                       4193    IN      NS      h.root-servers.net.
.                       4193    IN      NS      d.root-servers.net.
.                       4193    IN      NS      k.root-servers.net.
.                       4193    IN      NS      i.root-servers.net.
.                       4193    IN      NS      m.root-servers.net.
.                       4193    IN      NS      l.root-servers.net.
.                       4193    IN      NS      a.root-servers.net.
.                       4193    IN      NS      e.root-servers.net.
.                       4193    IN      NS      c.root-servers.net.
.                       4193    IN      NS      f.root-servers.net.
;; Received 239 bytes from 127.0.0.53#53(127.0.0.53) in 0 ms

com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
;; Received 839 bytes from 199.7.83.42#53(l.root-servers.net) in 28 ms

q10gestion.com.         172800  IN      NS      dns11.binariaweb.net.
q10gestion.com.         172800  IN      NS      dns12.binariaweb.net.
;; Received 97 bytes from 2001:503:231d::2:30#53(b.gtld-servers.net) in 0 ms

q10gestion.com.         86400   IN      A       217.76.51.118
q10gestion.com.         86400   IN      NS      dns12.binariaweb.net.
q10gestion.com.         86400   IN      NS      dns11.binariaweb.net.
;; Received 147 bytes from 217.76.51.118#53(dns11.binariaweb.net) in 28 ms

delv q10gestion.com
;; broken trust chain resolving 'q10gestion.com/A/IN': 127.0.0.53#53
;; resolution failed: broken trust chain

See here: DNSSEC Analyzer - q10gestion.com

jgabriel · June 14, 2023, 10:13am

Thanks, if they modified the DNSSEC records just few hours ago, it may take a while to propagate.
Tks!

sandro · June 14, 2023, 10:16am

This is not a DNSSEC issue, @anon9246926 is pretty close with his summary.

jgabriel · June 14, 2023, 8:44pm

Thanks, but again if you do query all the main public DNS providers of the world, the domain resolves in all of them but the CF ones and I am not even able to get a right explanation from CF of why this is happening to fix it. If they are the only ones rejecting to resolve at least they should explain why.

Meanwhile users in that domain get emails not delivered from all the places using cloudfare as DNS provider.

i40west · June 14, 2023, 9:41pm

The problem seems to be that the DNS servers at binariaweb.net are mostly not working, but some are. The result is that about three-quarters of lookups for your domain are failing. See this traversal check.

So what’s likely happening is that Google (for example) has a successful result cached, and Cloudflare does not. It will work or fail randomly, but fail most of the time.

jgabriel · June 14, 2023, 9:44pm

Thanks, that sounds more plausible to me. But we need a clear explanation of what they think is wrong for them but not for the other public DNS.

BTW, it is not my domain and I am not at all related to their DNS providers, just trying to help them to find a fix.

RegN · June 15, 2023, 5:38pm

This is exactly right. These guys have totally overcomplicated their DNS with no less than 16 authoritative servers. I can’t post a link but see Abongo search: https://abongo.com/dns?query=binariaweb.net

system · June 30, 2023, 5:39pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.