DNS Resolver cant find ip of one domain
-
Recently I have noticed that using DNS Resolver in non forwarding mode I cannot obtain an IP for the domain "bt.com" , who actually are my ISP.
If I enable forwarding then there is no issue but it used to work with forwarding disabled.
-
@mikemod not having any issues here.
;; QUESTION SECTION: ;bt.com. IN A ;; ANSWER SECTION: bt.com. 3600 IN A 213.121.43.135 bt.com. 3600 IN A 213.121.43.1 bt.com. 3600 IN A 213.121.43.136 bt.com. 3600 IN A 213.121.43.3 bt.com. 3600 IN A 213.121.43.2 bt.com. 3600 IN A 213.121.43.137I would do a trace on pfsense what do you see in the trace?
[23.09.1-RELEASE][admin@sg4860.home.arpa]/root: dig bt.com +trace ; <<>> DiG 9.18.16 <<>> bt.com +trace ;; global options: +cmd . 67948 IN NS i.root-servers.net. . 67948 IN NS j.root-servers.net. . 67948 IN NS k.root-servers.net. . 67948 IN NS l.root-servers.net. . 67948 IN NS m.root-servers.net. . 67948 IN NS a.root-servers.net. . 67948 IN NS b.root-servers.net. . 67948 IN NS c.root-servers.net. . 67948 IN NS d.root-servers.net. . 67948 IN NS e.root-servers.net. . 67948 IN NS f.root-servers.net. . 67948 IN NS g.root-servers.net. . 67948 IN NS h.root-servers.net. . 67948 IN RRSIG NS 8 0 518400 20240130050000 20240117040000 30903 . 3UGfMmYAGBezyUTAir+TH1swje4FUz2dT6OkIbTzpcOHx/AUjndw/SKz y8BCTgaIltIwF0I6SOQYNe4vi22rVsfGGcVO+qTnTERKIUFS7VHP3cNw sCoXHvVASZMuhO2CLofz0YqnrEdmSG9jM2V/HYWEvTzmbPRZC2C+nz8a 8MuW666wyPH1Uum5iUPoz2Fouwfk0cT42mJ1X3I0exXazFkGeJGB7Sfv zP6irEH7WURZcLoDP3rY9DpIGCSsaKTy6bGvf8Muns4lPWSvFw92pFBr XrsKBCSNhr7wrBTOg1UM14P/c4ggUYLP35V4mp/K5RlKOfh3pd8+uoc2 B/nSww== ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 86400 IN DS 19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A com. 86400 IN RRSIG DS 8 1 86400 20240130050000 20240117040000 30903 . VN9+owxUHo3DfRhwSMVkI0e3Qqrwzvqq4Cn/IF1J+1GIRRpRk54m+94Y CQSpHzwgLZxqboxopgm8qWyTt1ghQX0q0IhZdpI3hG8ssiwID0oBBKer 0HgZXRFVmlsuI/6nm9h7XjB8oqmdx93jOhHmTdunTgbKq1xImrWydgt4 h3RKe5K7BYJZDOPuOhtJWFwR2zgsHw3UVZ/AwQJ45HnTD1r6EdjpaRN5 +LAs+vlRPC8G3gq47umjKnwENVMrcLQIZogr+WFrsnL0xVoOLlrcH6af 9Gonc5c4OV/2C+69oWitcIW3QqYbL3zlqGWMhG46sCU8+9lpZyjTjtUB nTFSNQ== ;; Received 1194 bytes from 192.36.148.17#53(i.root-servers.net) in 111 ms bt.com. 172800 IN NS dydns0.bt.com. bt.com. 172800 IN NS eddns0.bt.com. bt.com. 172800 IN NS eddns1.bt.com. bt.com. 172800 IN NS dydns1.bt.com. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 13 2 86400 20240121052619 20240114041619 46171 com. DBANPdeIUsydaUZpyTuxMq58//eu9Q3V2rkoU/PIPksDGoF7/t3VvpB4 l5HatkMxZjL4S4yjH5BupWjxfq8aYw== 7M4CPB082V3HDM3RS2J4DPHOB3SPENLP.com. 86400 IN NSEC3 1 1 0 - 7M4D3J3GNF3MK64R9U2CFDC9JKVDMVTN NS DS RRSIG 7M4CPB082V3HDM3RS2J4DPHOB3SPENLP.com. 86400 IN RRSIG NSEC3 13 2 86400 20240122080503 20240115065503 46171 com. QvKPEm0lU2KDJdqCpAphcMItexyOzcLUg/yhXFLxyIHBjlu7/a1lH1Ar 6gNMX0i0Wqb9FJjRMw7trpTY1EIeng== ;; Received 540 bytes from 192.26.92.30#53(c.gtld-servers.net) in 38 ms bt.com. 600 IN A 213.121.43.1 bt.com. 600 IN A 213.121.43.136 bt.com. 600 IN A 213.121.43.2 bt.com. 600 IN A 213.121.43.137 bt.com. 600 IN A 213.121.43.3 bt.com. 600 IN A 213.121.43.135 bt.com. 86400 IN NS EDDNS0.BT.COM. bt.com. 86400 IN NS EDDNS1.BT.COM. bt.com. 86400 IN NS DYDNS1.BT.COM. bt.com. 86400 IN NS DYDNS0.BT.COM. ;; Received 341 bytes from 193.113.32.157#53(dydns1.bt.com) in 109 ms [23.09.1-RELEASE][admin@sg4860.home.arpa]/root:The +trace will show you exactly how resolving works, or where your failing.. Maybe problem talking to name servers for that domain.
you can see at the end, exactly who talked to get that info
Received 341 bytes from 193.113.32.157#53(dydns1.bt.com) in 109 ms
-
traceroute for bt.com gives the following
traceroute: Warning: bt.com has multiple addresses; using 213.121.43.1 traceroute to bt.com (213.121.43.1), 64 hops max, 40 byte packets 1 * * * 2 * * * 3 31.55.185.188 (31.55.185.188) 13.198 ms 12.252 ms 13.384 ms 4 213.121.192.140 (213.121.192.140) 13.327 ms core1-hu0-12-0-1.colindale.ukcore.bt.net (195.99.127.214) 13.438 ms core2-hu0-6-0-8.colindale.ukcore.bt.net (213.121.192.28) 12.017 ms 5 * core6-hu0-4-0-15.faraday.ukcore.bt.net (109.159.252.138) 13.233 ms core6-hu0-3-0-15.faraday.ukcore.bt.net (109.159.252.134) 13.386 ms 6 core5-hu0-7-0-35.faraday.ukcore.bt.net (62.6.201.246) 12.937 ms core5-hu0-0-0-35.faraday.ukcore.bt.net (62.6.201.244) 14.668 ms core5-hu0-4-0-15.faraday.ukcore.bt.net (109.159.252.136) 13.342 ms 7 194.72.7.101 (194.72.7.101) 17.733 ms acc3-hu0-0-0-0.manchester.ukcore.bt.net (62.6.201.249) 20.228 ms 194.72.7.101 (194.72.7.101) 18.286 ms 8 194.72.7.101 (194.72.7.101) 17.947 ms 19.111 ms * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * *[2.7.2-RELEASE][admin@homeRouter.home.arpa]/root: dig bt.com +trace ; <<>> DiG 9.18.19 <<>> bt.com +trace ;; global options: +cmd . 77488 IN NS d.root-servers.net. . 77488 IN NS e.root-servers.net. . 77488 IN NS f.root-servers.net. . 77488 IN NS g.root-servers.net. . 77488 IN NS h.root-servers.net. . 77488 IN NS i.root-servers.net. . 77488 IN NS j.root-servers.net. . 77488 IN NS k.root-servers.net. . 77488 IN NS l.root-servers.net. . 77488 IN NS m.root-servers.net. . 77488 IN NS a.root-servers.net. . 77488 IN NS b.root-servers.net. . 77488 IN NS c.root-servers.net. . 77488 IN RRSIG NS 8 0 518400 20240130050000 20240117040000 30903 . 3UGfMmYAGBezyUTAir+TH1swje4FUz2dT6OkIbTzpcOHx/AUjndw/SKz y8BCTgaIltIwF0I6SOQYNe4vi22rVsfGGcVO+qTnTERKIUFS7VHP3cNw sCoXHvVASZMuhO2CLofz0YqnrEdmSG9jM2V/HYWEvTzmbPRZC2C+nz8a 8MuW666wyPH1Uum5iUPoz2Fouwfk0cT42mJ1X3I0exXazFkGeJGB7Sfv zP6irEH7WURZcLoDP3rY9DpIGCSsaKTy6bGvf8Muns4lPWSvFw92pFBr XrsKBCSNhr7wrBTOg1UM14P/c4ggUYLP35V4mp/K5RlKOfh3pd8+uoc2 B/nSww== ;; Received 1097 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 86400 IN DS 19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A com. 86400 IN RRSIG DS 8 1 86400 20240130050000 20240117040000 30903 . VN9+owxUHo3DfRhwSMVkI0e3Qqrwzvqq4Cn/IF1J+1GIRRpRk54m+94Y CQSpHzwgLZxqboxopgm8qWyTt1ghQX0q0IhZdpI3hG8ssiwID0oBBKer 0HgZXRFVmlsuI/6nm9h7XjB8oqmdx93jOhHmTdunTgbKq1xImrWydgt4 h3RKe5K7BYJZDOPuOhtJWFwR2zgsHw3UVZ/AwQJ45HnTD1r6EdjpaRN5 +LAs+vlRPC8G3gq47umjKnwENVMrcLQIZogr+WFrsnL0xVoOLlrcH6af 9Gonc5c4OV/2C+69oWitcIW3QqYbL3zlqGWMhG46sCU8+9lpZyjTjtUB nTFSNQ== ;; Received 1166 bytes from 170.247.170.2#53(b.root-servers.net) in 19 ms bt.com. 172800 IN NS dydns0.bt.com. bt.com. 172800 IN NS eddns0.bt.com. bt.com. 172800 IN NS eddns1.bt.com. bt.com. 172800 IN NS dydns1.bt.com. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 13 2 86400 20240121052619 20240114041619 46171 com. DBANPdeIUsydaUZpyTuxMq58//eu9Q3V2rkoU/PIPksDGoF7/t3VvpB4 l5HatkMxZjL4S4yjH5BupWjxfq8aYw== 7M4CPB082V3HDM3RS2J4DPHOB3SPENLP.com. 86400 IN NSEC3 1 1 0 - 7M4D3J3GNF3MK64R9U2CFDC9JKVDMVTN NS DS RRSIG 7M4CPB082V3HDM3RS2J4DPHOB3SPENLP.com. 86400 IN RRSIG NSEC3 13 2 86400 20240122080503 20240115065503 46171 com. QvKPEm0lU2KDJdqCpAphcMItexyOzcLUg/yhXFLxyIHBjlu7/a1lH1Ar 6gNMX0i0Wqb9FJjRMw7trpTY1EIeng== ;; Received 540 bytes from 192.31.80.30#53(d.gtld-servers.net) in 14 ms ;; communications error to 193.113.32.156#53: timed out ;; communications error to 193.113.32.156#53: timed out ;; communications error to 193.113.32.156#53: timed out ;; communications error to 193.113.57.242#53: timed out ;; communications error to 193.113.32.157#53: timed out ;; communications error to 193.113.57.243#53: timed out ;; no servers could be reached -
@mikemod said in DNS Resolver cant find ip of one domain:
;; communications error to 193.113.32.156#53: timed out
;; communications error to 193.113.32.156#53: timed out
;; communications error to 193.113.32.156#53: timed out
;; communications error to 193.113.57.242#53: timed out
;; communications error to 193.113.32.157#53: timed out
;; communications error to 193.113.57.243#53: timed outWell clearly you can not talk to the NS.. Its possible maybe they block their own IPs from talking to their NS for their domain?? Would be odd sort of setup, but might be an error, or just how they route stuff on their internal network.
A simple work around for such a problem is to setup a domain override so when unbound tries to lookup bt.com it asks say googledns or cloudflare, etc. vs resolving.
edit: you could open a ticket with them on why your not able to ask their NS while your on their network.. But you prob need a level 3 guy to get involved.. Normal helpdesk most likely not have a clue to what your talking about.. But show that dig trace to any level 3 tech and he will know exactly what the problem is. Or he should ;)
-
@johnpoz
One of the ISPs who resell this ISP's services under another name (Plusnet) are having issues at the moment with some users down for a couple of days,
Maybe the issue I am having is part of their problem, -
@mikemod possibility sure.. Maybe whatever issue they are having is causing you not to be able to talk to the NS for that domain. I would put in a domain override as a quick work around.. Check on it in a few days, if your dig trace works, you could remove the override
-
@johnpoz
Thanks for the advice, have done that and working again for now
-
@johnpoz I had a power cut last night and when it all came back on my public IP changed from a 147.xxx.xxx.xxx range to a 86.xxx.xxx.xxx .
Now DNS Resolver is working again, I had tried to power cycle the router before to see if I could pick up a different IP but it always got the old 147.xxx.xxx.xxx one.
; <<>> DiG 9.18.19 <<>> bt.com +trace ;; global options: +cmd . 83668 IN NS d.root-servers.net. . 83668 IN NS c.root-servers.net. . 83668 IN NS b.root-servers.net. . 83668 IN NS j.root-servers.net. . 83668 IN NS k.root-servers.net. . 83668 IN NS g.root-servers.net. . 83668 IN NS m.root-servers.net. . 83668 IN NS f.root-servers.net. . 83668 IN NS e.root-servers.net. . 83668 IN NS h.root-servers.net. . 83668 IN NS l.root-servers.net. . 83668 IN NS i.root-servers.net. . 83668 IN NS a.root-servers.net. . 83668 IN RRSIG NS 8 0 518400 20240204050000 20240122040000 30903 . 49l3acwkuUAzVVh/dvfW3zd942HbuaJ7igbxdGSgVeIVdDssB4aeYYaG 7WRgAaj/ex18QKbeSIM6wxDl3AtXO9InX6zggQApb/s/a+OmGflzD2UR /21i0sRUlUfe99gv97uqx6R2ZxZ57uGX+Xn+JcQNhM5qB0rF7SGnasOK QrmY+dhqL7bVrcHFHPWQnMLg41w2p1Nu9P5Ap20MvHY5LNNKD/EX8N/F evbW7lJWe+pUYuUiG1gTiTKsbM+Lbb8fTcRQ3v+O+x2aKa8qXH7pDIiP Xj2xOgMw42LZaotJ65mb7TlzbEbb7Y+k0SDxvO6EDOUGvtyLyNMa23sf nH8nLA== ;; Received 1097 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 86400 IN DS 19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A com. 86400 IN RRSIG DS 8 1 86400 20240204050000 20240122040000 30903 . zkqJsxgANUiv8T75MDFzC2JPnJedZ6UoNgxMwX5cfucxdJmsxMuzX1bM MoVrTdXsT7578n8+0lKN0ua+KH97VSM3+txd0IfSVW7zcV4BQxqr4MsT oSDdOrrZe6AEQSlaZC9uZYDHEyxUeR4Gi9S9zB19oECziclPi3cHDpOK ivlqgBbX5LDXNQXFJlzNGzKBY3/Iy05/Hi7nUbvX+Myx2y11Wmb83K9i QH/3fksWUkQi4xDpknwwVFMnXQ9qn0ifw3C8vxSgCq8+KVWsJNkaOJyY qHvUYdg0Upz56IvJ62RGQm2Y+D13eVo3I0MOY0Nspq9bSCHlFFuqOTi0 IltdCw== ;; Received 1166 bytes from 192.58.128.30#53(j.root-servers.net) in 13 ms bt.com. 172800 IN NS dydns0.bt.com. bt.com. 172800 IN NS eddns0.bt.com. bt.com. 172800 IN NS eddns1.bt.com. bt.com. 172800 IN NS dydns1.bt.com. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 13 2 86400 20240129052620 20240122041620 4534 com. P2Vu4yQYsnTVEaqBtMvNDg5/rjLeE+slBwzolEDi1s2e8EzdsfsShwhG hpZzZl0zoeEYh5cs429PGN33MIbVAA== 7M4CPB082V3HDM3RS2J4DPHOB3SPENLP.com. 86400 IN NSEC3 1 1 0 - 7M4D3J3GNF3MK64R9U2CFDC9JKVDMVTN NS DS RRSIG 7M4CPB082V3HDM3RS2J4DPHOB3SPENLP.com. 86400 IN RRSIG NSEC3 13 2 86400 20240126080512 20240119065512 4534 com. +Jgpkygpp+VkbjAXRhPf9EbTUw6J73JHHS2Y8P+zKoz6WhOCbNnGe0+5 zXdm1YLgZp1qfH3D9P9OuX5AYSpPAA== ;; Received 540 bytes from 2001:502:1ca1::30#53(e.gtld-servers.net) in 13 ms bt.com. 600 IN A 213.121.43.1 bt.com. 600 IN A 213.121.43.2 bt.com. 600 IN A 213.121.43.3 bt.com. 600 IN A 213.121.43.136 bt.com. 600 IN A 213.121.43.135 bt.com. 600 IN A 213.121.43.137 bt.com. 86400 IN NS EDDNS1.BT.COM. bt.com. 86400 IN NS EDDNS0.BT.COM. bt.com. 86400 IN NS DYDNS0.BT.COM. bt.com. 86400 IN NS DYDNS1.BT.COM. ;; Received 341 bytes from 193.113.32.156#53(dydns0.bt.com) in 21 ms -
@mikemod said in DNS Resolver cant find ip of one domain:
cycle the router before to see if I could pick up a different IP but it always got the old 147.xxx.xxx.xxx one.
Well if your dhcp, just a power cycle wouldn't normally do it, since you would normally just get the same lease. If you were down for extended period that your lease expired then yeah you could get a new one.
its possible the cable modem (if that is what your on) got a firmware update or a change to its config when it rebooted with the power outage and got new dhcp servers, etc.
Glad to hear your back in business without having to need the domain override..
