Unable to resolve upstate.edu with 1.1.1.1

user4952 · February 21, 2021, 10:55pm

Howdy. I’m unable to resolve upstate.edu and www.upstate.edu using 1.1.1.1, but it works with 8.8.8.8, my ISP’s DNS servers, and my wireless carrier’s servers.

Here’s the output of my dig tests:

> dig upstate.edu @1.1.1.1

; <<>> DiG 9.10.6 <<>> upstate.edu @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 12739
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 16 ("..")
;; QUESTION SECTION:
;upstate.edu.			IN	A

;; Query time: 2023 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Feb 21 17:45:32 EST 2021
;; MSG SIZE  rcvd: 46

> dig upstate.edu @1.0.0.1

; <<>> DiG 9.10.6 <<>> upstate.edu @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23829
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 16 ("..")
;; QUESTION SECTION:
;upstate.edu.			IN	A

;; Query time: 39 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Sun Feb 21 17:45:36 EST 2021
;; MSG SIZE  rcvd: 46

> dig upstate.edu @8.8.8.8

; <<>> DiG 9.10.6 <<>> upstate.edu @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10376
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;upstate.edu.			IN	A

;; ANSWER SECTION:
upstate.edu.		29	IN	A	139.127.254.167

;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Feb 21 17:45:43 EST 2021
;; MSG SIZE  rcvd: 56

> dig +short CHAOS TXT id.server @1.1.1.1
"IAD"
> dig +short CHAOS TXT id.server @1.0.0.1
"IAD"
> dig @ns3.Cloudflare.com whoami.Cloudflare.com txt +short
"71.115.149.139"

Here’s the link to my diagnostic: https://cloudflare-dns.com/help/#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiTm8iLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiTm8iLCJkYXRhY2VudGVyTG9jYXRpb24iOiJJQUQiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJDbG91ZGZsYXJlIiwiaXNwQXNuIjoiMTMzMzUifQ==

Here’s the link to dnsviz: www.upstate.edu | DNSViz

I’ve already done a purge cache with no success.

Thanks for any help anyone can offer.

fritexvz · February 21, 2021, 11:27pm

Are your domain nameservers pointed to Cloudflare ones at your domain registar?

Seems not to me so far:

WHOIS gives the same result as DIG for NS records for your domain:

;QUESTION
upstate.edu. IN NS
;ANSWER
upstate.edu. 10799 IN NS dns01.upstate.edu.
upstate.edu. 10799 IN NS dns02.upstate.edu.
upstate.edu. 10799 IN NS dns1.upstate.edu.
upstate.edu. 10799 IN NS dns2.upstate.edu.

Is this topic regarding the DNSSEC issue?, because you posted a link to lookup and check for DS record and DNSSEC issues for a domain upstate.edu.

Have you tried using this:

My output:

; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> upstate.edu @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22286
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;upstate.edu.                   IN      A

;; ANSWER SECTION:
upstate.edu.            30      IN      A       139.127.254.167

;; Query time: 1603 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Feb 22 00:24:47 CET 2021
;; MSG SIZE  rcvd: 56


; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> upstate.edu @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59493
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;upstate.edu.                   IN      A

;; ANSWER SECTION:
upstate.edu.            30      IN      A       139.127.254.167

;; Query time: 1602 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Mon Feb 22 00:25:14 CET 2021
;; MSG SIZE  rcvd: 56


; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> upstate.edu @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57506
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;upstate.edu.                   IN      A

;; ANSWER SECTION:
upstate.edu.            29      IN      A       139.127.254.167

;; Query time: 107 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb 22 00:25:27 CET 2021
;; MSG SIZE  rcvd: 56


dig +short CHAOS TXT id.server @1.1.1.1
"DUS"
dig +short CHAOS TXT id.server @1.0.0.1
"DUS"

user4952 · February 22, 2021, 12:13am

Thanks for the response.

Are your domain nameservers pointed to Cloudflare ones at your domain registar?

My apologies for not being clear. I’m not an admin of this domain. I’m an end user trying to reach my local hospital/school’s website and finding I cannot get there if I use the 1.1.1.1 service.

Is this topic regarding the DNSSEC issue?, because you posted a link to lookup and check for DS record and DNSSEC issues for a domain upstate.edu .

The answer to that question is beyond my knowledge. I followed the instructions in (Have problems with 1.1.1.1? *Read Me First*) as best I could, and it suggested I include that report.

Have you tried using this:

https://cloudflare-dns.com/purge-cache/

Yes. As I mentioned in my initial post, I tried a cache purge on Cloudflare. It doesn’t seem to be necessary to do one for Google’s services, since the domain resolves there.

fritexvz · February 22, 2021, 1:52am

Have you tried restarting your router?

user4952 · February 22, 2021, 3:06am

Yes, a number of times as I’ve tried to diagnose this.

It may be worth noting that it also still fails if I take my router’s DNS out of the equation by specifying that any one of my devices should use 1.1.1.1 directly. But if I specify any of the other DNS servers I have available (8.8.8.8, my ISP’s, etc.), it’s fine.

anb · February 23, 2021, 7:36pm

Hey @user4952,

There’s a connectivity issue between our server and the authoritative nameservers of upstate.edu. I’m trying to contact the administrator on the other side, also added a workaround for the domain. It should resolve now.

user4952 · February 23, 2021, 8:56pm

Thank you very much. I appreciate the quick response and can confirm that the workaround has resolved the issue for me.