Www.postbank.de is not resolving whereas e.g. Google DNS is

dig @1.1.1.1 www.postbank.de

; <<>> DiG 9.10.6 <<>> @1.1.1.1 www.postbank.de

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29533

;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1452

;; QUESTION SECTION:

;www.postbank.de. IN A

;; AUTHORITY SECTION:

postbank.de. 10169 IN SOA ns1.postbank.de. webmaster.postbank.de. 2010023733 86400 7200 604800 86400

;; Query time: 111 msec

;; SERVER: 1.1.1.1#53(1.1.1.1)

;; WHEN: Tue Jun 18 19:20:49 CEST 2019

;; MSG SIZE rcvd: 94

---------------------

dig @8.8.8.8 www.postbank.de

; <<>> DiG 9.10.6 <<>> @8.8.8.8 www.postbank.de

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53451

;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;www.postbank.de. IN A

;; ANSWER SECTION:

www.postbank.de. 55 IN A 160.83.8.182

;; Query time: 118 msec

;; SERVER: 8.8.8.8#53(8.8.8.8)

;; WHEN: Tue Jun 18 19:26:37 CEST 2019

;; MSG SIZE rcvd: 60

This is a known issue with postbank.de’s authoritative DNS servers.

They create NSEC3 records saying that certain record types don’t exist, even when they do.

Most other resolvers don’t implement aggressive NSEC3, so the buggy records don’t cause much harm for them.

3 Likes