Temporary failure in name resolution affecting most public traffic

We’re having a bizarre issue with one of our domains that has been going on for the past 15+ hours at this point. The domain is not resolvable in many parts of the country. I tried pinging it on a few different Linux servers and got:

example.com: Temporary failure in name resolution

The problem isn’t geographically limited though. People all over the country have now told me they can’t ping the domain either. However, some people can ping the domain and access it normally.

Finally, somebody pointed me to this site: https://dnschecker.org/ip-blacklist-checker.php

When I try resolving the domain, “Blacklisted?” is No for all of them except for this one: dnsbl.spfbl.net

When I click the error, it says this:

No rDNS was found.

This IP has been flagged because have none valid FCrDNS.

Register a valid rDNS for this IP, which points to the same IP.

The rDNS must be registered under your own domain for you be able to delist it.

I can’t think what has caused this or how to fix it. The domain’s A records don’t point to a static IP as far as I know, since it goes through the Cloudflare load balancers. I thought it might have been an issue with Cloudflare, which we use for our nameservers. However, their portal didn’t indicate anything at all yesterday or anything relevant this morning.

The only fix we’ve found is to change the preferred DNS server manually. For instance, Google and OpenDNS don’t resolve the domain. On dnsblacklist.org, 7 out of 12 DNS resolvers fail to resolve it. Cloudflare and 4 other resolvers can successfully resolve it. If we change the preferred DNS server to 1.1.1.1 manually on the servers, now they can ping the domain.

The problem is that all of our public users, obviously, are not going to do this. Any thoughts on what exactly is going on? I haven’t changed anything with the domain records at all recently, and this doesn’t affect any of my other domains which also use Cloudflare as the nameserver. The issue affects all subdomains on this domain as well as the primary domain, regardless of whether traffic on that address is proxied through Cloudflare.

We are experiencing the same problem with the pgkb.org domain.

Hostnames will resolve on 1.1.1.1 but not on 8.8.8.8.

Hi, can you send me the domain in private ASAP and I can take a look!

Hi, my domain is experiencing the same issue since the day before yesterday, could you please take a look at my domain as well? BTW I can’t send private msg currently.

Error from Google Public DNS describes this as an DNSSEC validation error. DNSViz shows my RRSIG as expired. Further investigation leads me to this post:

Fixed as of yesterday I think - had the same problems as the other users on this post and a few others. I turned DNSSEC off and back on and somehow that fixed what was borked in Cloudflare. I think we’re all good now! I think an explanation of what happened and/or DNSSEC monitoring would be helpful, though.

Hey, you can DM me on Twitter if that works: https://twitter.com/Chreo

nvm it is fixed now :slight_smile:

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.