Non resolving domain with 1.1.1.1

Zero Trust 1.1.1.1
1

So, after battling with HBO for few days now, it seems that Cloudflare doesn’t resolve their drm key server domain properly. The domain in question is:
hbo-playready.drmkeyserver.com

Here are the digs:

$ dig @1.1.1.1 hbo-playready.drmkeyserver.com                

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @1.1.1.1 hbo-playready.drmkeyserver.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34374
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;hbo-playready.drmkeyserver.com.        IN      A

;; ANSWER SECTION:
hbo-playready.drmkeyserver.com. 60 IN   CNAME   license-eu-tokyo.drmkeyserver.com.

;; AUTHORITY SECTION:
drmkeyserver.com.       900     IN      SOA     ns-1824.awsdns-36.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 98 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Apr 14 00:07:00 CEST 2020
;; MSG SIZE  rcvd: 204

Now google (same with quad9 and opendns as well as local isp dns)

$ dig @8.8.8.8 hbo-playready.drmkeyserver.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @8.8.8.8 hbo-playready.drmkeyserver.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25085
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;hbo-playready.drmkeyserver.com.        IN      A

;; ANSWER SECTION:
hbo-playready.drmkeyserver.com. 59 IN   CNAME   license-eu-tokyo.drmkeyserver.com.
license-eu-tokyo.drmkeyserver.com. 59 IN A      35.158.188.37
license-eu-tokyo.drmkeyserver.com. 59 IN A      35.158.237.230

;; Query time: 52 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Apr 14 00:08:30 CEST 2020
;; MSG SIZE  rcvd: 122

I’m using both DoH with cloudflared and direct 1.1.1.1, both have the same issue.
Any help will be greatly appreciated. I’m not going back to google!

2

It looks like there is some sort of issue with AWS DNS, my own DNS resolver fails to resolve it as well, I assume something is wrong there. Have you actually tried contacting AWS?

https://dnsviz.net/d/hbo-playready.drmkeyserver.com/dnssec/

3 
$ dig @1.1.1.1 hbo-playready.drmkeyserver.com

; <<>> DiG 9.9.7-P3 <<>> @1.1.1.1 hbo-playready.drmkeyserver.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57100
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;hbo-playready.drmkeyserver.com.    IN    A

;; ANSWER SECTION:
hbo-playready.drmkeyserver.com.    60 IN    CNAME    license-eu-tokyo.drmkeyserver.com.

;; AUTHORITY SECTION:
drmkeyserver.com.    900    IN    SOA    ns-1824.awsdns-36.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 111 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Apr 13 21:35:53 EDT 2020
;; MSG SIZE  rcvd: 204

iPad $ dig @8.8.8.8 hbo-playready.drmkeyserver.com
; <<>> DiG 9.9.7-P3 <<>> @8.8.8.8 hbo-playready.drmkeyserver.com
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18618
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;hbo-playready.drmkeyserver.com.    IN    A

;; ANSWER SECTION:
hbo-playready.drmkeyserver.com.    59 IN    CNAME    license-eu-tokyo.drmkeyserver.com.

;; AUTHORITY SECTION:
drmkeyserver.com.    899    IN    SOA    ns-1824.awsdns-36.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 44 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Apr 13 21:36:19 EDT 2020
;; MSG SIZE  rcvd: 174

So I saw this post and it reminded me of an issue in a GitHub repo here: Interesting dig on an (un)dead host. · Issue #14 · dead-hosts/dev-center · GitHub. So I thought I’d give this dig a try. But for me, both Cloudflare and Google end up at Amazon.

5

I guess someone fixed it. It’s good now.

$ dig @1.1.1.1 hbo-playready.drmkeyserver.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @1.1.1.1 hbo-playready.drmkeyserver.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4419
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;hbo-playready.drmkeyserver.com.        IN      A

;; ANSWER SECTION:
hbo-playready.drmkeyserver.com. 7 IN    A       35.158.237.230
hbo-playready.drmkeyserver.com. 7 IN    A       35.158.188.37

;; Query time: 9 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Apr 21 10:10:57 CEST 2020
;; MSG SIZE  rcvd: 121
1 Like