::query() failed: DNS request failed: The name server was unable to process this query due to a problem with the name server.

mikepultz / netdns2

Native PHP DNS Resolver and Updater

https://netdns2.com/

Other

119 stars 64 forks source link

::query() failed: DNS request failed: The name server was unable to process this query due to a problem with the name server. #87

Closed elijahpaul closed 6 years ago

elijahpaul commented 6 years ago

I'm using the following to query TXT records for a domain using route53 nameservers:

$ns = array('8.8.8.8', '8.8.4.4');
            $domain = 'mydomain.co.uk';
            try {
                    $r = new Net_DNS2_Resolver(array('nameservers' => $ns));
                    $result = $r->query($domain, 'TXT');

                    foreach($result->answer as $record)
                    {
                        print_r($record->text[0]);
                        echo "\n";
                    }

            } catch(Net_DNS2_Exception $e) {

                    echo "::query() failed: ", $e->getMessage(), "\n";
            }

I'm getting ::query() failed: DNS request failed: The name server was unable to process this query due to a problem with the name server. despite a TXT (TTL:300) record being present.

Any idea what is causing this?

mikepultz commented 6 years ago

Hey @elijahpaul,

So are you literally trying to look up the domain "mydomain.co.uk", or was that just an sample domain you put in?

mydomain.co.uk doesn't appear to have functioning DNS servers- at least- when queried via 8.8.8.8

[root@rotting net_dns]# host -t txt mydomain.co.uk
Host mydomain.co.uk not found: 3(NXDOMAIN)

Your code works fine when I change the domain to mine:

$ns = array('8.8.8.8', '8.8.4.4');
            $domain = 'mikepultz.com'; 
            try {
                    $r = new Net_DNS2_Resolver(array('nameservers' => $ns));
                    $result = $r->query($domain, 'TXT');

                    foreach($result->answer as $record)
                    {
                        print_r($record->text[0]);
                        echo "\n";
                    }

            } catch(Net_DNS2_Exception $e) {

                    echo "::query() failed: ", $e->getMessage(), "\n";
            }

This returns:

[root@rotting net_dns]# ./dns0.php 
v=spf1 ip4:76.9.192.64/26 -all

So is that the right domain?

Mike

elijahpaul commented 6 years ago

Sorry mydomain.co.uk was an example. (auto-redacted).

the domain I'm trying this with is asops.co.uk

mikepultz commented 6 years ago

Got it-

So there is definitely something going on, but it's beyond the netdns2 library-

It works fine using a local DNS server I have:

[root@rotting net_dns]# nslookup - 64.71.255.204
> set type=txt
> asops.co.uk
Server:         64.71.255.204
Address:        64.71.255.204#53

Non-authoritative answer:
asops.co.uk     text = "google-site-verification=18FrAolAaN7iUoDZJbN0Zjpx_D07xOZMdCJcY3ImAIA"

But fails when I look it up using 8.8.8.8 or 9.9.9.9

[root@rotting net_dns]# nslookup - 8.8.8.8
> set type=txt
> asops.co.uk
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find asops.co.uk: NXDOMAIN

and the OpenDNS servers work:

[root@rotting net_dns]# nslookup - 208.67.222.222
> set type=txt
> asops.co.uk
Server:         208.67.222.222
Address:        208.67.222.222#53

Non-authoritative answer:
asops.co.uk     text = "google-site-verification=18FrAolAaN7iUoDZJbN0Zjpx_D07xOZMdCJcY3ImAIA"

Is the domain newly set up on AWS? Could it just be a TTL cache issue on the Google DNS?

Mike

elijahpaul commented 6 years ago

The domain was setup about a week ago now. Shouldn't be any issues relating to caching.

I'm seeing varied results too. I can't figure out why it works with some DNS servers an fails with others. :(

elijahpaul commented 6 years ago

Just tried some other public DNS Servers:

Level 3 - success
FreeDNS - success
DNS.WATCH - fail
Dyn - fail

mikepultz commented 6 years ago

yeah- this seems like something you need to reach out to AWS about;

I have some domains on route 53 that work fine looking them up through google and others, so it's likely limited to your domain.

Mike

elijahpaul commented 6 years ago

Will do that. Thanks for you assistance.

elijahpaul commented 6 years ago

Update: Was a DNSSEC issue!

From amazon forums https://forums.aws.amazon.com/message.jspa?messageID=838347:

The domain has a DS record at the registry, indicating it uses DNSSEC. Route 53 does not support DNSSEC. Validating resolvers will consider the zone invalid and return SERVFAIL.

asops.co.uk.            3600    IN      DS      29885 8 2 24E89664105C7943AB364F94C1520F552DC4062DECBE315ACB4D0640 37B4DA02

You need to remove the DS at the registrar.