NS record not working in some countries

What is the name of the domain?

rdp.pit.net.au

What is the issue you’re encountering

I have created an NS record, which seems to propagate in a few countries, but not my own being Australia.

What steps have you taken to resolve the issue?

NS are pointing from my Domain Registrar and have been working fine.
I also had a NS of rdp.pit.net.au pointing to dng.pit.net.au for a while, but now it’s no longer working.

I have checked and DNSSEC doesn’t appear to be enabled.
All the other records are working fine such as A record/CNAME record etc.
I have given it well over 48 hours (closer to a week) and it still has not resolved after re-adding it.
Any ideas why this might not be working? Is there a setting in Cloudflare I have enabled causing me issues?

What feature, service or problem is this related to?

DNS not responding/updating

Can you explain exactly what seems to be the problem, maybe show a screenshot?

I see the delegation, but there is no nameserver active on the destination address.

pit.net.au.             3600    IN      NS      maleah.ns.cloudflare.com.
pit.net.au.             3600    IN      NS      bradley.ns.cloudflare.com.
;; Received 103 bytes from 2a01:8840:be::1#53(q.au) in 36 ms

rdp.pit.net.au.         300     IN      NS      dng.pit.net.au.
;; Received 77 bytes from 108.162.194.118#53(maleah.ns.cloudflare.com) in 20 ms
pit.net.au.             3600    IN      NS      maleah.ns.cloudflare.com.
pit.net.au.             3600    IN      NS      bradley.ns.cloudflare.com.
;; Received 131 bytes from 2407:6e00:254::1#53(a.au) in 156 ms

dng.pit.net.au.         300     IN      A       58.96.111.122
;; Received 59 bytes from 2a06:98c1:50::ac40:2276#53(maleah.ns.cloudflare.com) in 4 ms
dig rdp.pit.net.au @58.96.111.122
;; communications error to 58.96.111.122#53: timed out
;; communications error to 58.96.111.122#53: timed out
;; communications error to 58.96.111.122#53: timed out

; <<>> DiG 9.18.24-0ubuntu0.22.04.1-Ubuntu <<>> rdp.pit.net.au @58.96.111.122
;; global options: +cmd
;; no servers could be reached
2 Likes

Thanks very much for the reply.

It seems as though the NS rdp.pit.net.au isn’t resolving dng.pit.net.au everywhere and is stopping my Duo Network Gateway from working.

I previously had this working and when it stopped, I noticed the NS was no longer propagating to all Australian servers.

In this image you can see it is only loading to a couple.

The idea to have the DNG setup securely according to Duo’s documentation is to have an A record (in my case, dng.pit.net.au) pointing to an internal DNS server, with an NS record (in my case, rdp.pit.net.au) pointing to it so that it handles the internal DNS redirection.

According to your dig, it shows the WAN IP is timing out. Would this likely be related to the firewall stopping that traffic then rather than the NS itself not working?
Thanks again

I would recommend that you ignore what you see in that image. It doesn’t really do what you think it does.

It’s impossible to say whether the query was blocked by a firewall or if there is no nameserver listening, but both are options.

1 Like