[plug] Strange DNS issue for AU domains

plug at thegeezer.net plug at thegeezer.net
Mon Sep 18 16:16:26 AWST 2023 

On 2023-09-18 11:43, Onno Benschop wrote:
> Could be that your ISP is filtering port 53, either on purpose or
> accidentally.
> 
> --
> finger painting on glass is an inexact art - apologies for any errors
> in this scra^Hibble
> 
> ()/)/)() ..ASCII for Onno..
> 
> On Mon, 18 Sept 2023, 10:02 Alex H, <alex at spottedmouse.com> wrote:
> 
>> What has me really confused is that even when specifying the dns
>> server using @8.8.8.8 [3] etc, it still did not resolve.
>> 
>> I am also on iinet.
>> 
>> On 18 Sept 2023 09:04, William Kenworthy <billk at iinet.net.au> wrote:
>> 
>>> and looks back now.
>>> 
>>> BillK
>>> 
>>> On 18/9/23 08:56, Alex wrote:
>>>> I am no longer able to resolved AU domains and a little stuck
>>> with
>>>> diagnosing the issue.
>>>> 
>>>> goldberry ~ # dig google.com.au [1]
>>>> 
>>>> ; <<>> DiG 9.16.41 <<>> google.com.au [1]
>>>> ;; global options: +cmd
>>>> ;; Got answer:
>>>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 14548
>>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
>>> ADDITIONAL: 1
>>>> 
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags:; udp: 1232
>>>> ; COOKIE: f7c4f09b033fe6ff0100000065079ee2206067b69b541459
>>> (good)
>>>> ;; QUESTION SECTION:
>>>> ;google.com.au [1].                 IN      A
>>>> 
>>>> ;; Query time: 211 msec
>>>> ;; SERVER: 192.168.0.3#53(192.168.0.3)
>>>> ;; WHEN: Mon Sep 18 08:50:42 AWST 2023
>>>> ;; MSG SIZE  rcvd: 70
>>>> 
>>>> While .com domains resolve just fine
>>>> 
>>>> goldberry ~ # dig google.com [2]
>>>> 
>>>> ; <<>> DiG 9.16.41 <<>> google.com [2]
>>>> ;; global options: +cmd
>>>> ;; Got answer:
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38334
>>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
>>> ADDITIONAL: 1
>>>> 
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags:; udp: 1232
>>>> ; COOKIE: a9ea8850e0e3a21b0100000065079eedeaf9099608081f6c
>>> (good)
>>>> ;; QUESTION SECTION:
>>>> ;google.com [2].                    IN      A
>>>> 
>>>> ;; ANSWER SECTION:
>>>> google.com [2].             169     IN      A
>>> 142.250.70.142
>>>> 
>>>> ;; Query time: 0 msec
>>>> ;; SERVER: 192.168.0.3#53(192.168.0.3)
>>>> ;; WHEN: Mon Sep 18 08:50:53 AWST 2023
>>>> ;; MSG SIZE  rcvd: 83
>>>> 
>>>> 
>>>> Using dig +trace I get the following error:
>>>> 
>>>> couldn't get address for 't.au': failure
>>>> couldn't get address for 'c.au': failure
>>>> couldn't get address for 'd.au': failure
>>>> couldn't get address for 'q.au': failure
>>>> couldn't get address for 'r.au': failure
>>>> couldn't get address for 's.au': failure
>>>> dig: couldn't get address for 't.au': no more
>>>> 
>>>> The strange thing is that even when specifying other public DNS
>>>> servers using @8.8.8.8 [3] or @1.1.1.1 [4] it still shows the
>>> same errors.
>>>> 
>>>> As it happens the issues just resolved itself a minute ago, but
>>> it
>>>> seems a little strange.
>>>> 
>>>> Any pointers or thoughts what might have happened ?
>>>> 
>>>> 
>>>> _______________________________________________
>>>> PLUG discussion list: plug at plug.org.au
>>>> http://lists.plug.org.au/mailman/listinfo/plug
>>>> Committee e-mail: committee at plug.org.au
>>>> PLUG Membership: http://www.plug.org.au/membership
>>> _______________________________________________
>>> PLUG discussion list: plug at plug.org.au
>>> http://lists.plug.org.au/mailman/listinfo/plug
>>> Committee e-mail: committee at plug.org.au
>>> PLUG Membership: http://www.plug.org.au/membership
>> 
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://lists.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.org.au
>> PLUG Membership: http://www.plug.org.au/membership
> 
> 
> Links:
> ------
> [1] http://google.com.au
> [2] http://google.com
> [3] http://8.8.8.8
> [4] http://1.1.1.1
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://lists.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.org.au
> PLUG Membership: http://www.plug.org.au/membership

I had the unhappy feeling when i got SERVFAIL against my own hosted DNS. 
   At home I use OpenDNS and i was only getting SERVFAIL against their 
DNS, dig direct to my hosted DNS everythig was OK

thought I'd share what their support team advised,

" We just wanted to provide an update, an issue has been identified on 
the .AU zone delegation causing failure due to DNSSEC validation. 
Umbrella engineering has temporary disabled DNSSEC validation on 
Umbrella/OpenDNS Resolvers while allowing .AU zone owners to address the 
root issue."

More information about the plug mailing list