search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
3.84k stars 400 forks source link

unable to resolve mxb-0052bf01.gslb.pphosted.com #786

Closed Trapulo closed 7 months ago

Trapulo commented 7 months ago

Hi, I've a strange problem that maybe is caused from a bug.

I'm not able to solve mxb-0052bf01.gslb.pphosted.com If I perform the query using other resolvers (also from the same subnet/site/public IP address), it seems working. Using Technitium it reports { "Code": "EXTENDED_DNS_ERROR", "Length": "72 bytes", "Data": { "InfoCode": "NoReachableAuthority", "ExtraText": "No response from name servers for mxb-0052bf01.gslb.pphosted.com. A IN" }

any idea? thanks

ShreyasZare commented 7 months ago

Thanks for the feedback. The domain is resolving without any issues. You can check it with DNS Client website too which uses the same codebase.

It could be just temporary operational issue which will go away in some time.

You can also check the DNS logs from the admin web panel and see if there are any errors logged corresponding to this issue and post them here.

Trapulo commented 7 months ago

` [2023-11-22 00:14:39 UTC] DNS Server failed to resolve the request 'mxb-0052bf01.gslb.pphosted.com. A IN' using forwarders: 1.1.1.1, 1.0.0.1.

TechnitiumLibrary.Net.Dns.DnsClientNoResponseException: DnsClient failed to resolve the request 'pphosted.com. DNSKEY IN': request timed out. at TechnitiumLibrary.Net.Dns.DnsClient.InternalResolveAsync(DnsDatagram request, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4423 at TechnitiumLibrary.Net.Dns.DnsClient.InternalResolveAsync(DnsDatagram request, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4423 at TechnitiumLibrary.Net.Dns.DnsClient.GetDnsKeyForAsync(IReadOnlyList1 lastDSRecords, DnsClient dnsClient, IDnsCache cache, UInt16 udpPayloadSize, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 3031 at TechnitiumLibrary.Net.Dns.DnsClient.FindDnsKeyForAsync(String ownerName, DnsClass class, IReadOnlyList1 currentDnsKeyRecords, DnsClient dnsClient, IDnsCache cache, UInt16 udpPayloadSize, DnsDatagram originalResponse, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 2922 at TechnitiumLibrary.Net.Dns.DnsClient.DnssecValidateResponseAsync(DnsDatagram response, IReadOnlyList1 lastDSRecords, DnsClient dnsClient, IDnsCache cache, UInt16 udpPayloadSize, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 2628 at TechnitiumLibrary.Net.Dns.DnsClient.InternalDnssecResolveAsync(DnsQuestionRecord question, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4479 at TechnitiumLibrary.Net.Dns.DnsClient.<>c__DisplayClass77_0.<<InternalCachedResolveQueryAsync>b__0>d.MoveNext() in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4644 --- End of stack trace from previous location --- at TechnitiumLibrary.Net.Dns.DnsClient.ResolveQueryAsync(DnsQuestionRecord question, Func2 resolveAsync) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4001 at TechnitiumLibrary.Net.Dns.DnsClient.InternalCachedResolveQueryAsync(DnsQuestionRecord question, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4645 at DnsServerCore.Dns.DnsServer.RecursiveResolveAsync(DnsQuestionRecord question, NetworkAddress eDnsClientSubnet, Boolean conditionalForwardingClientSubnet, IReadOnlyList1 conditionalForwarders, Boolean dnssecValidation, Boolean cachePrefetchOperation, Boolean cacheRefreshOperation, Boolean skipDnsAppAuthoritativeRequestHandlers, TaskCompletionSource1 taskCompletionSource) in Z:\Technitium\Projects\DnsServer\DnsServerCore\Dns\DnsServer.cs:line 3079 [2023-11-22 00:14:41 UTC] DNS Server failed to resolve the request 'mxa-0052bf01.gslb.pphosted.com. AAAA IN' using forwarders: 1.1.1.1, 1.0.0.1.

TechnitiumLibrary.Net.Dns.DnsClientNoResponseException: DnsClient failed to resolve the request 'pphosted.com. DNSKEY IN': request timed out. at TechnitiumLibrary.Net.Dns.DnsClient.InternalResolveAsync(DnsDatagram request, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4423 at TechnitiumLibrary.Net.Dns.DnsClient.InternalResolveAsync(DnsDatagram request, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4423 at TechnitiumLibrary.Net.Dns.DnsClient.GetDnsKeyForAsync(IReadOnlyList1 lastDSRecords, DnsClient dnsClient, IDnsCache cache, UInt16 udpPayloadSize, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 3031 at TechnitiumLibrary.Net.Dns.DnsClient.FindDnsKeyForAsync(String ownerName, DnsClass class, IReadOnlyList1 currentDnsKeyRecords, DnsClient dnsClient, IDnsCache cache, UInt16 udpPayloadSize, DnsDatagram originalResponse, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 2922 at TechnitiumLibrary.Net.Dns.DnsClient.DnssecValidateResponseAsync(DnsDatagram response, IReadOnlyList1 lastDSRecords, DnsClient dnsClient, IDnsCache cache, UInt16 udpPayloadSize, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 2628 at TechnitiumLibrary.Net.Dns.DnsClient.InternalDnssecResolveAsync(DnsQuestionRecord question, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4479 at TechnitiumLibrary.Net.Dns.DnsClient.<>c__DisplayClass77_0.<<InternalCachedResolveQueryAsync>b__0>d.MoveNext() in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4644 --- End of stack trace from previous location --- at TechnitiumLibrary.Net.Dns.DnsClient.ResolveQueryAsync(DnsQuestionRecord question, Func2 resolveAsync) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4001 at TechnitiumLibrary.Net.Dns.DnsClient.InternalCachedResolveQueryAsync(DnsQuestionRecord question, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4645 at DnsServerCore.Dns.DnsServer.RecursiveResolveAsync(DnsQuestionRecord question, NetworkAddress eDnsClientSubnet, Boolean conditionalForwardingClientSubnet, IReadOnlyList1 conditionalForwarders, Boolean dnssecValidation, Boolean cachePrefetchOperation, Boolean cacheRefreshOperation, Boolean skipDnsAppAuthoritativeRequestHandlers, TaskCompletionSource1 taskCompletionSource) in Z:\Technitium\Projects\DnsServer\DnsServerCore\Dns\DnsServer.cs:line 3079

`

My 2 cents: that domain is managed by Proofpoint, and I'm forwarding requests to Cloudflare, and Proofpoint has blocked Cloudflare? I tried a conditional forward to an other internal DNS Resolve (Windows Server's DNS) and it works, so I think that is not a problem with Technitium but with DNS owner

ShreyasZare commented 7 months ago

It seems to be an issue with your network itself.

TechnitiumLibrary.Net.Dns.DnsClientNoResponseException: DnsClient failed to resolve the request 'pphosted.com. DNSKEY IN': request timed out.

From the above log, its clear that the DNS server is unable to resolve the DNSKEY record which is required for DNSSEC validation.

[2023-11-22 00:14:39 UTC] DNS Server failed to resolve the request 'mxb-0052bf01.gslb.pphosted.com. A IN' using forwarders: 1.1.1.1, 1.0.0.1.

You also seem to use Cloudflare as forwarders. The issue could be that since you are using UDP transport protocol, your request is not really reaching Cloudflare but being intercepted by your ISP and the response you get is from the ISP DNS servers itself. And since your ISP DNS servers are blocking DNSSEC requests, the DNSKEY queries are failing.

I would suggest that you switch to encrypted DNS protocols for Cloudflare and see if that issue goes away.

Trapulo commented 7 months ago

my network was filtering TCP/53, only UDP/53 was opened. I think this caused the DNSSEC problem. With TCP/53 is works, and also forward to Cloudflare using DNS over TLS is working.

thank you for your assistance and for this great software

ShreyasZare commented 7 months ago

my network was filtering TCP/53, only UDP/53 was opened. I think this caused the DNSSEC problem. With TCP/53 is works, and also forward to Cloudflare using DNS over TLS is working.

Good to know that you fixed the issue. Filtering TCP will definitely cause issue with DNSSEC requests but will also cause issue with some TXT record requests too.

thank you for your assistance and for this great software

You're welcome.