[plug] Strange DNS issue for AU domains
Joe Kane
joe at josephkaneit.com
Mon Sep 18 15:17:49 AWST 2023
On 2023-09-18 11:43, Onno Benschop wrote:
> Could be that your ISP is filtering port 53, either on purpose or
> accidentally.
>
> --
> finger painting on glass is an inexact art - apologies for any errors
> in this scra^Hibble
>
> ()/)/)() ..ASCII for Onno..
>
> On Mon, 18 Sept 2023, 10:02 Alex H, <alex at spottedmouse.com> wrote:
>
>> What has me really confused is that even when specifying the dns
>> server using @8.8.8.8 [3] etc, it still did not resolve.
>>
>> I am also on iinet.
>>
>> On 18 Sept 2023 09:04, William Kenworthy <billk at iinet.net.au> wrote:
>>
>>> and looks back now.
>>>
>>> BillK
>>>
>>> On 18/9/23 08:56, Alex wrote:
>>>> I am no longer able to resolved AU domains and a little stuck
>>> with
>>>> diagnosing the issue.
>>>>
>>>> goldberry ~ # dig google.com.au [1]
>>>>
>>>> ; <<>> DiG 9.16.41 <<>> google.com.au [1]
>>>> ;; global options: +cmd
>>>> ;; Got answer:
>>>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 14548
>>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
>>> ADDITIONAL: 1
>>>>
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags:; udp: 1232
>>>> ; COOKIE: f7c4f09b033fe6ff0100000065079ee2206067b69b541459
>>> (good)
>>>> ;; QUESTION SECTION:
>>>> ;google.com.au [1]. IN A
>>>>
>>>> ;; Query time: 211 msec
>>>> ;; SERVER: 192.168.0.3#53(192.168.0.3)
>>>> ;; WHEN: Mon Sep 18 08:50:42 AWST 2023
>>>> ;; MSG SIZE rcvd: 70
>>>>
>>>> While .com domains resolve just fine
>>>>
>>>> goldberry ~ # dig google.com [2]
>>>>
>>>> ; <<>> DiG 9.16.41 <<>> google.com [2]
>>>> ;; global options: +cmd
>>>> ;; Got answer:
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38334
>>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
>>> ADDITIONAL: 1
>>>>
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags:; udp: 1232
>>>> ; COOKIE: a9ea8850e0e3a21b0100000065079eedeaf9099608081f6c
>>> (good)
>>>> ;; QUESTION SECTION:
>>>> ;google.com [2]. IN A
>>>>
>>>> ;; ANSWER SECTION:
>>>> google.com [2]. 169 IN A
>>> 142.250.70.142
>>>>
>>>> ;; Query time: 0 msec
>>>> ;; SERVER: 192.168.0.3#53(192.168.0.3)
>>>> ;; WHEN: Mon Sep 18 08:50:53 AWST 2023
>>>> ;; MSG SIZE rcvd: 83
>>>>
>>>>
>>>> Using dig +trace I get the following error:
>>>>
>>>> couldn't get address for 't.au': failure
>>>> couldn't get address for 'c.au': failure
>>>> couldn't get address for 'd.au': failure
>>>> couldn't get address for 'q.au': failure
>>>> couldn't get address for 'r.au': failure
>>>> couldn't get address for 's.au': failure
>>>> dig: couldn't get address for 't.au': no more
>>>>
>>>> The strange thing is that even when specifying other public DNS
>>>> servers using @8.8.8.8 [3] or @1.1.1.1 [4] it still shows the
>>> same errors.
>>>>
>>>> As it happens the issues just resolved itself a minute ago, but
>>> it
>>>> seems a little strange.
>>>>
>>>> Any pointers or thoughts what might have happened ?
>>>>
>>>>
>>>> _______________________________________________
>>>> PLUG discussion list: plug at plug.org.au
>>>> http://lists.plug.org.au/mailman/listinfo/plug
>>>> Committee e-mail: committee at plug.org.au
>>>> PLUG Membership: http://www.plug.org.au/membership
>>> _______________________________________________
>>> PLUG discussion list: plug at plug.org.au
>>> http://lists.plug.org.au/mailman/listinfo/plug
>>> Committee e-mail: committee at plug.org.au
>>> PLUG Membership: http://www.plug.org.au/membership
>>
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://lists.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.org.au
>> PLUG Membership: http://www.plug.org.au/membership
>
>
> Links:
> ------
> [1] http://google.com.au
> [2] http://google.com
> [3] http://8.8.8.8
> [4] http://1.1.1.1
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://lists.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.org.au
> PLUG Membership: http://www.plug.org.au/membership
I had the unhappy feeling when i got SERVFAIL against my own hosted DNS.
At home I use OpenDNS and i was only getting SERVFAIL against their
DNS, dig direct to my hosted DNS everythig was OK
thought I'd share what their support team advised,
" We just wanted to provide an update, an issue has been identified on
the .AU zone delegation causing failure due to DNSSEC validation.
Umbrella engineering has temporary disabled DNSSEC validation on
Umbrella/OpenDNS Resolvers while allowing .AU zone owners to address the
root issue."
More information about the plug
mailing list