search

getdnsapi / stubby

Stubby is the name given to a mode of using getdns which enables it to act as a local DNS Privacy stub resolver (using DNS-over-TLS).
https://dnsprivacy.org/dns_privacy_daemon_-_stubby/
BSD 3-Clause "New" or "Revised" License
1.2k stars 100 forks source link

Stubby 0.2.6 no answer from cloudflare #238

Open tkd4444 opened 4 years ago

tkd4444 commented 4 years ago

Hey Guys,

I'm using the latest and greatest release of stubby (0.2.6).

Since yesterday I'm partially getting answers for *.amazonaws.com so lets say from 10 requests 6 are blank. I'm using cloudflare 1.1.1.1 and 1.0.0.1 it happens with DNSSEC enabled or disabled. I had to change the recursive resolver to different provider so now all works fine, but any ideas why cloudflare would have such a problem ?

Thanks !

wtoorop commented 4 years ago

Hi, yes this is quite interesting. I think it has something to do with the combination of asking the same name (but different types, for example A and AAAA) after each other on the same stream and Amazon's CNAME redirection to the rewrite.amazon.com domain... I can reproduce reliably with:

getdns_query -sL @1.1.1.1 aws.amazonaws.com -y 7 +return_call_reporting

That sometimes returns the AAAA NODATA response only and has the A query timed out. Which never happened with 8.8.8.8, 9.9.9.9 or 185.49.141.38