Problems reaching openmpt.org

Hi! I’ve been having problems resolving openmpt.org when using Cloudflare’s DNS resolver (1.1.1.1), both via warp-cli and by manually setting my DNS servers.

I encountered this issue while attempting to install some programs that depended on source code from the said domain.

For reference, here is my result when going to https://cloudflare-dns.com/help/.

Using dig, I can see that the lookup only works when my Wi-Fi connection uses my ISP’s DNS server, even if I specify 1.1.1.1.

❯ dig openmpt.org

; <<>> DiG 9.16.25 <<>> openmpt.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22185
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;openmpt.org.			IN	A

;; ANSWER SECTION:
openmpt.org.		71599	IN	A	5.45.99.242

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Feb 04 00:05:15 PST 2022
;; MSG SIZE  rcvd: 56

If I leave my DNS settings as-is, all resolvers work:

❯ dig openmpt.org 1.1.1.1

; <<>> DiG 9.16.25 <<>> openmpt.org 1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11216
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;openmpt.org.			IN	A

;; ANSWER SECTION:
openmpt.org.		71592	IN	A	5.45.99.242

;; Query time: 9 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Feb 04 00:05:22 PST 2022
;; MSG SIZE  rcvd: 56

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55636
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.1.1.1.			IN	A

;; ANSWER SECTION:
1.1.1.1.		0	IN	A	1.1.1.1

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Feb 04 00:05:22 PST 2022
;; MSG SIZE  rcvd: 52

❯ dig openmpt.org 1.0.0.1

; <<>> DiG 9.16.25 <<>> openmpt.org 1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63284
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;openmpt.org.			IN	A

;; ANSWER SECTION:
openmpt.org.		71590	IN	A	5.45.99.242

;; Query time: 9 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Feb 04 00:05:24 PST 2022
;; MSG SIZE  rcvd: 56

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37322
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.0.0.1.			IN	A

;; ANSWER SECTION:
1.0.0.1.		0	IN	A	1.0.0.1

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Feb 04 00:05:24 PST 2022
;; MSG SIZE  rcvd: 52

❯ dig openmpt.org 8.8.8.8

; <<>> DiG 9.16.25 <<>> openmpt.org 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19123
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;openmpt.org.			IN	A

;; ANSWER SECTION:
openmpt.org.		71595	IN	A	5.45.99.242

;; Query time: 9 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Feb 04 00:05:19 PST 2022
;; MSG SIZE  rcvd: 56

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6574
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;8.8.8.8.			IN	A

;; ANSWER SECTION:
8.8.8.8.		0	IN	A	8.8.8.8

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Feb 04 00:05:19 PST 2022
;; MSG SIZE  rcvd: 52

However, if I switch to 1.1.1.1, no resolvers work:

❯ dig openmpt.org 8.8.8.8

; <<>> DiG 9.16.25 <<>> openmpt.org 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42908
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 6 (DNSSEC Bogus): (DNSKEY openmpt.org. signatures, id = 15655)
;; QUESTION SECTION:
;openmpt.org.			IN	A

;; Query time: 1109 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Feb 04 00:14:34 PST 2022
;; MSG SIZE  rcvd: 88

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42183
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;8.8.8.8.			IN	A

;; AUTHORITY SECTION:
.			86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022020300 1800 900 604800 86400

;; Query time: 49 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Feb 04 00:14:34 PST 2022
;; MSG SIZE  rcvd: 111

❯ dig openmpt.org 1.1.1.1

; <<>> DiG 9.16.25 <<>> openmpt.org 1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7553
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 6 (DNSSEC Bogus): (DNSKEY openmpt.org. signatures, id = 15655)
;; QUESTION SECTION:
;openmpt.org.			IN	A

;; Query time: 1179 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Feb 04 00:14:38 PST 2022
;; MSG SIZE  rcvd: 88

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28698
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;1.1.1.1.			IN	A

;; AUTHORITY SECTION:
.			85913	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022020300 1800 900 604800 86400

;; Query time: 39 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Feb 04 00:14:38 PST 2022
;; MSG SIZE  rcvd: 111

If I switch to using Google’s DNS servers, all lookups start working again:

❯ dig openmpt.org 8.8.8.8

; <<>> DiG 9.16.25 <<>> openmpt.org 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62894
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;openmpt.org.			IN	A

;; ANSWER SECTION:
openmpt.org.		21595	IN	A	5.45.99.242

;; Query time: 40 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Feb 04 00:16:38 PST 2022
;; MSG SIZE  rcvd: 56

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14059
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;8.8.8.8.			IN	A

;; AUTHORITY SECTION:
.			86398	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022020300 1800 900 604800 86400

;; Query time: 40 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Feb 04 00:16:38 PST 2022
;; MSG SIZE  rcvd: 111

❯ dig openmpt.org 1.1.1.1

; <<>> DiG 9.16.25 <<>> openmpt.org 1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45785
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;openmpt.org.			IN	A

;; ANSWER SECTION:
openmpt.org.		21587	IN	A	5.45.99.242

;; Query time: 50 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Feb 04 00:16:41 PST 2022
;; MSG SIZE  rcvd: 56

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30700
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;1.1.1.1.			IN	A

;; AUTHORITY SECTION:
.			86399	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022020300 1800 900 604800 86400

;; Query time: 50 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Feb 04 00:16:41 PST 2022
;; MSG SIZE  rcvd: 111

Checking the output of dig as well as openmpt.org | DNSViz, it seems that something is failing with DNSSEC. That seems to be the main issue.

Should I attempt to contact the website administrators about this?

Just on a side-note, you’re executing the command dig openmpt.org 8.8.8.8, which is the same as running dig openmpt.org and dig 8.8.8.8 – which is probably not what you want. If you want to specify which server you want to make a request to use the @, e.g. dig openmpt.org @8.8.8.8. You’re saying that “none of the resolvers work” anymore when you switch to 1.1.1.1, even when you try 8.8.8.8, however, looking at your posted output you can see that the server you requested the DNS query is still Cloudflare (SERVER: 1.1.1.1#53(1.1.1.1)) and not 8.8.8.8 because you didn’t use the @. You get 2 answers, one for openmpt.org and one for the lookup of the A record of 8.8.8.8, which is impossible, hence why it returns an NXDOMAIN.

The DNSSEC looks very strange. This looks like an edge case. Perhaps @mvavrusa knows what’s going on.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.