Unable to resolve upstate.edu with 1.1.1.1

Howdy. I’m unable to resolve upstate.edu and www.upstate.edu using 1.1.1.1, but it works with 8.8.8.8, my ISP’s DNS servers, and my wireless carrier’s servers.

Here’s the output of my dig tests:

> dig upstate.edu @1.1.1.1

; <<>> DiG 9.10.6 <<>> upstate.edu @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 12739
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 16 ("..")
;; QUESTION SECTION:
;upstate.edu.			IN	A

;; Query time: 2023 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Feb 21 17:45:32 EST 2021
;; MSG SIZE  rcvd: 46

> dig upstate.edu @1.0.0.1

; <<>> DiG 9.10.6 <<>> upstate.edu @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23829
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 16 ("..")
;; QUESTION SECTION:
;upstate.edu.			IN	A

;; Query time: 39 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Sun Feb 21 17:45:36 EST 2021
;; MSG SIZE  rcvd: 46

> dig upstate.edu @8.8.8.8

; <<>> DiG 9.10.6 <<>> upstate.edu @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10376
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;upstate.edu.			IN	A

;; ANSWER SECTION:
upstate.edu.		29	IN	A	139.127.254.167

;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Feb 21 17:45:43 EST 2021
;; MSG SIZE  rcvd: 56

> dig +short CHAOS TXT id.server @1.1.1.1
"IAD"
> dig +short CHAOS TXT id.server @1.0.0.1
"IAD"
> dig @ns3.Cloudflare.com whoami.Cloudflare.com txt +short
"71.115.149.139"

Here’s the link to my diagnostic: https://cloudflare-dns.com/help/#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiTm8iLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiTm8iLCJkYXRhY2VudGVyTG9jYXRpb24iOiJJQUQiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJDbG91ZGZsYXJlIiwiaXNwQXNuIjoiMTMzMzUifQ==

Here’s the link to dnsviz: www.upstate.edu | DNSViz

I’ve already done a purge cache with no success.

Thanks for any help anyone can offer.

Are your domain nameservers pointed to Cloudflare ones at your domain registar?

Seems not to me so far:

WHOIS gives the same result as DIG for NS records for your domain:

;QUESTION
upstate.edu. IN NS
;ANSWER
upstate.edu. 10799 IN NS dns01.upstate.edu.
upstate.edu. 10799 IN NS dns02.upstate.edu.
upstate.edu. 10799 IN NS dns1.upstate.edu.
upstate.edu. 10799 IN NS dns2.upstate.edu.

Is this topic regarding the DNSSEC issue?, because you posted a link to lookup and check for DS record and DNSSEC issues for a domain upstate.edu.

Have you tried using this:

My output:

; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> upstate.edu @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22286
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;upstate.edu.                   IN      A

;; ANSWER SECTION:
upstate.edu.            30      IN      A       139.127.254.167

;; Query time: 1603 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Feb 22 00:24:47 CET 2021
;; MSG SIZE  rcvd: 56


; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> upstate.edu @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59493
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;upstate.edu.                   IN      A

;; ANSWER SECTION:
upstate.edu.            30      IN      A       139.127.254.167

;; Query time: 1602 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Mon Feb 22 00:25:14 CET 2021
;; MSG SIZE  rcvd: 56


; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> upstate.edu @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57506
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;upstate.edu.                   IN      A

;; ANSWER SECTION:
upstate.edu.            29      IN      A       139.127.254.167

;; Query time: 107 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb 22 00:25:27 CET 2021
;; MSG SIZE  rcvd: 56


dig +short CHAOS TXT id.server @1.1.1.1
"DUS"
dig +short CHAOS TXT id.server @1.0.0.1
"DUS"

Thanks for the response.

Are your domain nameservers pointed to Cloudflare ones at your domain registar?

My apologies for not being clear. I’m not an admin of this domain. I’m an end user trying to reach my local hospital/school’s website and finding I cannot get there if I use the 1.1.1.1 service.

Is this topic regarding the DNSSEC issue?, because you posted a link to lookup and check for DS record and DNSSEC issues for a domain upstate.edu .

The answer to that question is beyond my knowledge. I followed the instructions in (Have problems with 1.1.1.1? *Read Me First*) as best I could, and it suggested I include that report.

Have you tried using this:

Yes. As I mentioned in my initial post, I tried a cache purge on Cloudflare. It doesn’t seem to be necessary to do one for Google’s services, since the domain resolves there.

Have you tried restarting your router?

Yes, a number of times as I’ve tried to diagnose this.

It may be worth noting that it also still fails if I take my router’s DNS out of the equation by specifying that any one of my devices should use 1.1.1.1 directly. But if I specify any of the other DNS servers I have available (8.8.8.8, my ISP’s, etc.), it’s fine.

Hey @user4952,

There’s a connectivity issue between our server and the authoritative nameservers of upstate.edu. I’m trying to contact the administrator on the other side, also added a workaround for the domain. It should resolve now.

Thank you very much. I appreciate the quick response and can confirm that the workaround has resolved the issue for me.