search

dns-sb / dns.sb

https://dns.sb/
MIT License
109 stars 9 forks source link

The serveers don't respond correctly for some domains #14

Closed mistakster closed 1 year ago

mistakster commented 1 year ago

Hi. I'm getting an empty response from time to time for the particular domain. Here is an example:

$ dig @45.11.45.11 a habr.com

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> @45.11.45.11 a habr.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22520
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;habr.com.          IN  A

;; Query time: 76 msec
;; SERVER: 45.11.45.11#53(45.11.45.11) (UDP)
;; WHEN: Sat May 06 04:49:59 UTC 2023
;; MSG SIZE  rcvd: 37

Also, here is the request to another server:

$ dig @185.222.222.222 a habr.com

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> @185.222.222.222 a habr.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37797
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;habr.com.          IN  A

;; Query time: 88 msec
;; SERVER: 185.222.222.222#53(185.222.222.222) (UDP)
;; WHEN: Sat May 06 04:53:17 UTC 2023
;; MSG SIZE  rcvd: 37

And DoT gives me the same results:

$ kdig @185.222.222.222 a habr.com +tls
;; TLS session (TLS1.3)-(ECDHE-SECP256R1)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 47405
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 512 B; ext-rcode: NOERROR

;; QUESTION SECTION:
;; habr.com.                IN  A

;; Received 37 B
;; Time 2023-05-06 04:54:46 UTC
;; From 185.222.222.222@853(TCP) in 185.8 ms

The domain harb.com is configured properly and your DNS servers return the correct information for some requests. Other public DNS servers like 1.1.1.1 or 8.8.8.8 return correct information all the time.

I made the requests from Europe, the USA, and Australia. The results are identical — sometimes servers respond correctly, sometimes not.

Could you look into this problem, please?

Showfom commented 1 year ago

Incorrect DNSSEC configuration for the domain habr.com:

https://dnssec-analyzer.verisignlabs.com/habr.com

Kindly ask the hostmaster to fix the DNSSEC problem.

image