My domain can not be resolved by 1.1.1.1

My domains can not be resolved by 1.1.1.1, but 8.8.8.8 is OK.
Here are the domains:
xxx.tpddns.cn & xxx.tplinkdns.com


Example:

nslookup extra-six.tpddns.cn -type=A 1.1.1.1
Server:         1.1.1.1
Address:        1.1.1.1#53

** server can't find extra-six.tpddns.cn: SERVFAIL

But 8.8.8.8 is OK.

nslookup extra-six.tpddns.cn -type=A 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	extra-six.tpddns.cn
Address: 113.87.14.230

Hi, it seems like tpddns.cn returns NOTIMPL for any other type than A record so it’s impossible to get child NS set or check for DNSKEY records. See https://dnsviz.net/d/extra-six.tpddns.cn/dnssec/

Can you try switching to 1.0.0.2?

1 Like

Thanks. 1.0.0.2 is OK.
What is the difference between 1.0.0.2 & 1.1.1.1, so that 1.0.0.2 can resolve the domain but the other cannot?

What the types of record does tpddns.cn & tplinkdns.com need to implement to ensure that 1.1.1.1 can resolve their domains?

Hi, could you replay me?

What the types of record does tpddns.cn & tplinkdns.com need to implement to ensure that 1.1.1.1 can resolve their domains?
Just need to implement the NS record?

Hi, 1.0.0.2 is the next version of our software which includes additional workarounds like for this case.
tpddns.cn needs to (at least) respond to A, AAAA, NS, DNSKEY, and DS type queries.

2 Likes

I got it. Thanks.

Hi,

I have tested tp-link.com.cn: https://dnsviz.net/d/tp-link.com.cn/dnssec/
Its DNS does not respond to AAAA, DNSKEY and DS type queries. But it can be resolved by 1.1.1.1.
It seems that AAAA, DNSKEY and DS type queries are unnecessary.

Hi, I still have two doubts:

  1. I have tested tp-link.com.cn : https://dnsviz.net/d/tp-link.com.cn/dnssec/
    Its DNS does not respond to AAAA, DNSKEY and DS type queries. But it can be resolved by 1.1.1.1.
    It seems that AAAA, DNSKEY and DS type queries are unnecessary.

  2. When do you plan to deploy the version in 1.0.0.2 to 1.1.1.1 server?

Hi, the version of the software is continuously updated. If it works for you, you’re probably using the newer version. It might not always work as nameservers have infrastructure and reputation caches, if a nameserver is flagged for not responding, it might be ignored for some time.