Unable to resolve www.coinbase.com with 1.1.1.1

kirby741852963 · December 3, 2019, 11:53am

The is the output of dig from my machine:

maple3142:/mnt/c/Users/maple3142 $ dig A 1.1.1.1 +trace www.coinbase.com

; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> A 1.1.1.1 +trace www.coinbase.com
;; global options: +cmd
.                       6388    IN      NS      f.root-servers.net.
.                       6388    IN      NS      g.root-servers.net.
.                       6388    IN      NS      h.root-servers.net.
.                       6388    IN      NS      i.root-servers.net.
.                       6388    IN      NS      j.root-servers.net.
.                       6388    IN      NS      k.root-servers.net.
.                       6388    IN      NS      l.root-servers.net.
.                       6388    IN      NS      m.root-servers.net.
.                       6388    IN      NS      a.root-servers.net.
.                       6388    IN      NS      b.root-servers.net.
.                       6388    IN      NS      c.root-servers.net.
.                       6388    IN      NS      d.root-servers.net.
.                       6388    IN      NS      e.root-servers.net.
.                       6388    IN      RRSIG   NS 8 0 518400 20191216050000 20191203040000 22545 . Ry0e3dGnfRwwyyywc2kpIVv7xcc7qbJNthS8+nhoz835geccqoeR4p0A uIF38Cl+Xsy7X0cr7CoAeSOXRAnFR0hPNhtCauziNgyrY77/bN/b+Xcu DqOVVQ/6OB5SOvEzpQ8WYxAHfHGDfmRhfeIDZsnDPbHbLXhu5CkPlhtX Qi9kTM53EUhZbJHBQ9SztSQhp6D5VlB+5YAWRPHS6w0oNbwurPZMlB/2 fMDQmeLkBE/Zg5S9NIJapmzoYUYjtItrEmzRyeHJQsVut6L7eAnukd5P bz6cTd14xVxwsvKmmxE7q5l/6KZaMGZRyqdUMvzq5iQ1Vs8hetaEgHoY Aaunbw==
;; Received 717 bytes from 192.168.0.1#53(192.168.0.1) in 4 ms

.                       86400   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2019120300 1800 900 604800 86400
.                       86400   IN      RRSIG   SOA 8 0 86400 20191216050000 20191203040000 22545 . bhjkHW1VkJT9l2wcFLx9jzepSZh1uXI46g/VRY6vFC3yMeIwTmt1eAnf p3mqbNexzgWv9bvocHsvJfI/QLxyFFV8HnN2rXi+A1EydSla/VwNm+km FfhRwP56TTFUnhZWja44Jk++LGz2zftJ4MUak0a/6YXL57hUyHvMRCS/ pYTB+dX/7egUMSZ4w47c1cx+Fg8UzfjKkUp3EGq9lFWOowYJUYqjlBTI DsI6n60sFkBewUqHbECptaHxIao8QSII4ytjSaT2GAN9LAeEDkTuEwe+ QZ0zthuDadsohVDa4SS1tvFZ5M9C9HRcL1Iw1DgJzyPrxBJFuheoda/Y uRvMmw==
.                       86400   IN      NSEC    aaa. NS SOA RRSIG NSEC DNSKEY
.                       86400   IN      RRSIG   NSEC 8 0 86400 20191216050000 20191203040000 22545 . YiR3KiVmd8QMQo7hAE1vsbPnuNqVSorP92BtBv1MnaQymn2RE16NZRxa L3Y4TKYNsypeiJDgiDElcDsp2TJcQgukaxsZnq3cw4uZ7DU86lxQv5lr 7CSYJup6E9zxfxVZnqOn+7VaubnEu79GhV6gVpflIByGwCY8jETBNk7h LIAdbMvTIcxseaAl2z4RE4OfT7BVAZj3vJOHzvKaeLgYnj4JhTdV8tgS EqTNct1lMMCzRHwV1Monwy7BkLYUX6tBx4KZhSkRUqn3G1k1EVCEHNUy k5gKTd7j2efg4gxjpZRsEMXuewt0YiI7EBblmXTffus5wNFTmYh3BUKR E+2goA==
;; Received 708 bytes from 192.5.5.241#53(f.root-servers.net) in 4 ms

# Then it stuck here, no response at all

But query using dns over https successfully resolve it:

maple3142:/mnt/c/Users/maple3142 $ curl -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=www.coinbase.com&type=A'
{"Status": 0,"TC": false,"RD": true, "RA": true, "AD": false,"CD": false,"Question":[{"name": "www.coinbase.com.", "type": 1}],"Answer":[{"name": "www.coinbase.com.", "type": 1, "TTL": 300, "data": "104.16.8.251"},{"name": "www.coinbase.com.", "type": 1, "TTL": 300, "data": "104.16.9.251"}]}

1.1.1.1 debug info: https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiTm8iLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiTm8iLCJkYXRhY2VudGVyTG9jYXRpb24iOiJUUEUiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJDbG91ZGZsYXJlIiwiaXNwQXNuIjoiMTMzMzUifQ==

sandro · December 3, 2019, 11:59am

What does this return?

dig A 1.1.1.1 www.coinbase.com

kirby741852963 · December 3, 2019, 12:14pm

maple3142:/mnt/c/Users/maple3142 $ dig A 1.1.1.1 www.coinbase.com

; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> A 1.1.1.1 www.coinbase.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4444
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;1.1.1.1.                       IN      A

;; AUTHORITY SECTION:
.                       6402    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2019120300 1800 900 604800 86400

;; Query time: 4 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Dec 03 20:10:54 CST 2019
;; MSG SIZE  rcvd: 111

;; connection timed out; no servers could be reached

sandro · December 3, 2019, 12:18pm

Considering that DoH appears to work but plain DNS not, my guess would be your ISP blocks requests regular DNS requests to Cloudflare.

What does this return?

dig A 8.8.8.8 www.coinbase.com

kirby741852963 · December 3, 2019, 12:38pm

; <<>> DiG 9.14.6 <<>> A 8.8.8.8 www.coinbase.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29614
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;8.8.8.8.                       IN      A

;; AUTHORITY SECTION:
.                       82700   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2019120300 1800 900 604800 86400

;; Query time: 5 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec 03 20:36:47 CST 2019
;; MSG SIZE  rcvd: 111

;; connection timed out; no servers could be reached

Yeah, maybe my ISP is really blocking some dns request to some specific domain.

sandro · December 3, 2019, 12:43pm

So this works?

dig A 1.1.1.1 www.example.com
dig A 8.8.8.8 www.example.com

kirby741852963 · December 3, 2019, 12:48pm

Yeah, they do.

$ dig A 1.1.1.1 www.example.com

; <<>> DiG 9.14.6 <<>> A 1.1.1.1 www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 724
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;1.1.1.1.                       IN      A

;; AUTHORITY SECTION:
.                       86393   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2019120300 1800 900 604800 86400

;; Query time: 22 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec 03 20:46:22 CST 2019
;; MSG SIZE  rcvd: 111

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8101
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.example.com.               IN      A

;; ANSWER SECTION:
www.example.com.        17320   IN      A       93.184.216.34

;; Query time: 5 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec 03 20:46:22 CST 2019
;; MSG SIZE  rcvd: 60

$ dig A 8.8.8.8 www.example.com

; <<>> DiG 9.14.6 <<>> A 8.8.8.8 www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30892
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;8.8.8.8.                       IN      A

;; AUTHORITY SECTION:
.                       69348   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2019120300 1800 900 604800 86400

;; Query time: 17 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec 03 20:46:22 CST 2019
;; MSG SIZE  rcvd: 111

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12368
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.example.com.               IN      A

;; ANSWER SECTION:
www.example.com.        8916    IN      A       93.184.216.34

;; Query time: 5 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec 03 20:46:22 CST 2019
;; MSG SIZE  rcvd: 60

mvavrusa · December 10, 2019, 8:11pm

Hi, you need to add ‘@’ symbol before the server address otherwise it will query default local resolver.

e.g. ```
dig @1.1.1.1 www.example.com A
dig @8.8.8.8 www.example.com A


You can see who you actually queried at the end of the dig log:

;; Query time: 4 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)

kirby741852963 · December 11, 2019, 7:09am

Has same problem even if query using 1.1.1.1 or 8.8.8.8

maple3142:/mnt/c/Users/maple3142 $ dig @1.1.1.1 www.example.com A

; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> @1.1.1.1 www.example.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29822
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;www.example.com.               IN      A

;; ANSWER SECTION:
www.example.com.        1994    IN      A       93.184.216.34

;; Query time: 4 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Dec 11 15:03:34 CST 2019
;; MSG SIZE  rcvd: 60

maple3142:/mnt/c/Users/maple3142 $ dig @1.1.1.1 www.coinbase.com A

; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> @1.1.1.1 www.coinbase.com A
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
maple3142:/mnt/c/Users/maple3142 $ dig @8.8.8.8 www.coinbase.com A

; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> @8.8.8.8 www.coinbase.com A
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

sandro · December 11, 2019, 7:13am

What if you run

curl -v 'https://1.1.1.1/dns-query?ct=application/dns-json&name=www.coinbase.com'

kirby741852963 · December 11, 2019, 7:26am

maple3142:/mnt/c/Users/maple3142 $ curl -v 'https://1.1.1.1/dns-query?ct=application/dns-json&name=www.coinbase.com'
*   Trying 1.1.1.1...
* TCP_NODELAY set
* Connected to 1.1.1.1 (1.1.1.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS Unknown, Certificate Status (22):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS change cipher, Client hello (1):
* (304) (OUT), TLS Unknown, Certificate Status (22):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using unknown / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=cloudflare-dns.com
*  start date: Jan 28 00:00:00 2019 GMT
*  expire date: Feb  1 12:00:00 2021 GMT
*  subjectAltName: host "1.1.1.1" matched cert's IP address!
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert ECC Secure Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* (304) (OUT), TLS Unknown, Unknown (23):
* (304) (OUT), TLS Unknown, Unknown (23):
* (304) (OUT), TLS Unknown, Unknown (23):
* Using Stream ID: 1 (easy handle 0x7fffea081580)
* (304) (OUT), TLS Unknown, Unknown (23):
> GET /dns-query?ct=application/dns-json&name=www.coinbase.com HTTP/2
> Host: 1.1.1.1
> User-Agent: curl/7.58.0
> Accept: */*
>
* (304) (IN), TLS Unknown, Certificate Status (22):
* (304) (IN), TLS handshake, Newsession Ticket (4):
* (304) (IN), TLS handshake, Newsession Ticket (4):
* (304) (IN), TLS Unknown, Unknown (23):
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* (304) (OUT), TLS Unknown, Unknown (23):
* (304) (IN), TLS Unknown, Unknown (23):
* (304) (IN), TLS Unknown, Unknown (23):
< HTTP/2 200
< date: Wed, 11 Dec 2019 07:24:51 GMT
< content-type: application/dns-json
< content-length: 292
< access-control-allow-origin: *
< cache-control: max-age=300
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< server: cloudflare
< cf-ray: 5435b8a7e8b2459a-TPE
<
* (304) (IN), TLS Unknown, Unknown (23):
* Connection #0 to host 1.1.1.1 left intact
{"Status": 0,"TC": false,"RD": true, "RA": true, "AD": false,"CD": false,"Question":[{"name": "www.coinbase.com.", "type": 1}],"Answer":[{"name": "www.coinbase.com.", "type": 1, "TTL": 300, "data": "104.16.8.251"},{"name": "www.coinbase.com.", "type": 1, "TTL": 300, "data": "104.16.9.251"}]}

DoH works, so it seems like my college ISP is blocking some website through dns.

sandro · December 11, 2019, 7:27am

It would seem so. School networks often have additional network measures in place. In this case they seem to run DPI on plain DNS requests.

system · January 10, 2020, 7:28am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to resolve kuaikanmanhua.com 1.1.1.1 dns	2	2345	June 18, 2021
1.1.1.1 not resolving spiesschilderwerken.nl 1.1.1.1 dns	6	2438	June 18, 2021
Can't resolve trade.taobao.com 1.1.1.1 dns	7	2751	April 19, 2018
1.1.1.1 not resolving leidos.com 1.1.1.1	7	2588	June 18, 2021
Have problems with 1.1.1.1? Read Me First 1.1.1.1 dns , ExpertReply , dns-resolver , dash-troubleshooting	3	106724	March 30, 2023

Unable to resolve www.coinbase.com with 1.1.1.1

Related topics