SERVFAIL on newmexico.gov websites

Having been using 1.1.1.1 for years and for the first time, a SERVFAIL. No problem from GoogleDNS or others. Thanks in advance.

[email protected] ~ % dig @1.1.1.1 newmexico.gov
; <<>> DiG 9.10.6 <<>> @1.1.1.1 newmexico.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25007
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;newmexico.gov.			IN	A

;; Query time: 1990 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Jul 02 08:13:24 MDT 2020
;; MSG SIZE  rcvd: 42
% dig @1.1.1.1 newmexico.gov

; <<>> DiG 9.10.6 <<>> @1.1.1.1 newmexico.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13599
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;newmexico.gov.			IN	A

;; ANSWER SECTION:
newmexico.gov.		82	IN	A	164.64.46.10

;; Query time: 32 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Jul 02 07:27:11 PDT 2020
;; MSG SIZE  rcvd: 71

Thanks for the fast reply. Using Pihole as DNS resolver with 1.1.1.1 as Upstream DNS provider. Only newmexico.gov websites seem to be affected.

newmexico.gov-2020-06-27-07_52_25-UTC|438x500

CloudFlare Help Link

; <<>> DiG 9.10.6 <<>> newmexico.gov @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16448
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;newmexico.gov.			IN	A

;; Query time: 2250 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Jul 02 08:37:39 MDT 2020
;; MSG SIZE  rcvd: 42

; <<>> DiG 9.10.6 <<>> newmexico.gov @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1261
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;newmexico.gov.			IN	A

;; Query time: 2284 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Thu Jul 02 08:38:33 MDT 2020
;; MSG SIZE  rcvd: 42

; <<>> DiG 9.10.6 <<>> newmexico.gov @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61942
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;newmexico.gov.			IN	A

;; ANSWER SECTION:
newmexico.gov.		200	IN	A	164.64.46.10

;; Query time: 58 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Jul 02 08:39:08 MDT 2020
;; MSG SIZE  rcvd: 58

[email protected] ~ % dig @ns3.Cloudflare.com whoami.Cloudflare.com txt +short
"76.113.87.118"

traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 52 byte packets
 1  192.168.1.1 (192.168.1.1)  2.667 ms  1.238 ms  1.891 ms
 2  96.120.1.225 (96.120.1.225)  10.772 ms  11.670 ms  11.840 ms
 3  po-301-1203-rur01.santafe.nm.albuq.comcast.net (68.85.224.133)  11.749 ms  11.330 ms  10.911 ms
 4  be-2-ar01.albuquerque.nm.albuq.comcast.net (162.151.13.129)  13.545 ms  17.110 ms  13.820 ms
 5  be-33654-cr02.1601milehigh.co.ibone.comcast.net (68.86.95.237)  22.770 ms  22.824 ms  21.731 ms
 6  be-12176-pe02.910fifteenth.co.ibone.comcast.net (68.86.83.94)  25.432 ms  23.041 ms  21.419 ms
 7  50.208.232.118 (50.208.232.118)  20.694 ms  21.439 ms  28.921 ms
 8  one.one.one.one (1.1.1.1)  21.477 ms  21.775 ms  21.457 ms

traceroute to 1.0.0.1 (1.0.0.1), 64 hops max, 52 byte packets
 1  192.168.1.1 (192.168.1.1)  2.569 ms  1.221 ms  1.666 ms
 2  96.120.1.225 (96.120.1.225)  12.896 ms  11.534 ms  10.348 ms
 3  po-301-1203-rur01.santafe.nm.albuq.comcast.net (68.85.224.133)  11.336 ms  12.621 ms  12.874 ms
 4  be-2-ar01.albuquerque.nm.albuq.comcast.net (162.151.13.129)  13.295 ms  13.781 ms  26.549 ms
 5  be-33654-cr02.1601milehigh.co.ibone.comcast.net (68.86.95.237)  23.850 ms  21.839 ms  34.610 ms
 6  be-12176-pe02.910fifteenth.co.ibone.comcast.net (68.86.83.94)  23.263 ms  21.753 ms  21.772 ms
 7  50.208.232.118 (50.208.232.118)  21.249 ms  25.247 ms  25.493 ms
 8  one.one.one.one (1.0.0.1)  22.901 ms  24.317 ms  23.219 ms

dig +short CHAOS TXT id.server @1.1.1.1
"DEN"

dig +short CHAOS TXT id.server @1.0.0.1
"DEN"

; <<>> DiG 9.10.6 <<>> +tcp @1.1.1.1 id.server CH TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27832
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;id.server.			CH	TXT

;; ANSWER SECTION:
id.server.		0	CH	TXT	"DEN"

;; Query time: 26 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Jul 02 08:44:55 MDT 2020
;; MSG SIZE  rcvd: 52

; <<>> DiG 9.10.6 <<>> +tcp @1.0.0.1 id.server CH TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64630
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;id.server.			CH	TXT

;; ANSWER SECTION:
id.server.		0	CH	TXT	"DEN"

;; Query time: 151 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Thu Jul 02 08:45:22 MDT 2020
;; MSG SIZE  rcvd: 52

The Help Link said it’s the Denver datacenter. Can you confirm with:
dig +short CHAOS TXT id.server @1.1.1.1

While you check on that, maybe @anb can also take a look.

The info you requested

1 Like

Thanks for the report, I can confirm it. It looks like in DEN, our server lost connection to the upstream name servers. I’ll try to see what we could do.

1 Like

Thank you for looking into it!