Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [DNS Resolver] Cannot resolve t.co

    Scheduled Pinned Locked Moved DHCP and DNS
    17 Posts 3 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fab1330
      last edited by

      Hello,

      Since I use the DNS resolver of pfSense, I no longer have access to simplified url "t.co". Example, impossible to access to http://t.co/zLf5XQQPdn.

      C:\Users\Fab>nslookup co
      Serveur :   UnKnown
      Address:  10.0.0.1 (pfSense)
      
      *** UnKnown to find co : Non-existent domain
      

      What do you do?

      There are not any root DNS servers in pfSense?

      Thanks :-)

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        You don't resolve TLDs. t.co resolves just fine.

        1 Reply Last reply Reply Quote 0
        • F
          fab1330
          last edited by

          @doktornotor:

          You don't resolve TLDs. t.co resolves just fine.

          No, impossible to resolve t.co. By using DNS Forwarder, no problem

          C:\Users\Fab>nslookup t.co
          Serveur :   UnKnown
          Address:  10.0.0.1
          
          DNS request timed out.
              timeout was 2 seconds.
          
          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Yeah, your DNS configuration is broken. No information provided to debug anything here.

            1 Reply Last reply Reply Quote 0
            • F
              fab1330
              last edited by

              @doktornotor:

              Yeah, your DNS configuration is broken. No information provided to debug anything here.

              Configuration :

              General settings:
              ------------------
              
              Enable : checked
              Listen port : empty
              Network Interfaces : LAN
              Outgoing Network Interfaces : WAN
              DNSSEC : checked
              DNS Query Forwarding : unchecked
              DHCP Registration : checked
              Static DHCP : checked
              TXT Comment Support : checked
              
              On the other tabs, everything is default
              
              

              Interfaces configuration:

              
              LAN : Static IPv4 Configuation : 10.0.0.1/24
              WAN : PPPoE Internet Access
              
              

              Nothing to report in the log of resolver. And no problem to solve other TLDs that "co"

              What I can provide such other information?

              thanks :)

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                
                nslookup - 10.0.0.1
                set querytype=soa
                co.
                
                

                Post the output of the above. This is what I get:

                
                Non-authoritative answer:
                co
                        primary name server = ns1.cctld.co
                        responsible mail addr = hostmaster.neustar.biz
                        serial  = 2018084018
                        refresh = 900 (15 mins)
                        retry   = 900 (15 mins)
                        expire  = 604800 (7 days)
                        default TTL = 86400 (1 day)
                
                co      nameserver = ns5.cctld.co
                co      nameserver = ns4.cctld.co
                co      nameserver = ns2.cctld.co
                co      nameserver = ns6.cctld.co
                co      nameserver = ns1.cctld.co
                co      nameserver = ns3.cctld.co
                ns1.cctld.co    internet address = 156.154.100.25
                ns1.cctld.co    AAAA IPv6 address = 2001:502:2eda::21
                ns2.cctld.co    internet address = 156.154.101.25
                ns2.cctld.co    AAAA IPv6 address = 2001:502:ad09::21
                ns3.cctld.co    internet address = 156.154.102.25
                ns3.cctld.co    AAAA IPv6 address = 2610:a1:1009::21
                ns4.cctld.co    internet address = 156.154.103.25
                ns4.cctld.co    AAAA IPv6 address = 2610:a1:1010::21
                ns5.cctld.co    internet address = 156.154.104.25
                ns5.cctld.co    AAAA IPv6 address = 2610:a1:1011::21
                ns6.cctld.co    internet address = 156.154.105.25
                ns6.cctld.co    AAAA IPv6 address = 2610:a1:1012::21
                
                
                1 Reply Last reply Reply Quote 0
                • F
                  fab1330
                  last edited by

                  @doktornotor:

                  
                  nslookup - 10.0.0.1
                  set querytype=soa
                  co.
                  
                  

                  nslookup co

                  C:\Users\Fab>nslookup
                  Address:  10.0.0.1
                  > set type=soa
                  > co.
                  Server :   UnKnown
                  Address:  10.0.0.1
                  
                  *** UnKnown ne parvient pas à trouver co. : Server failed
                  
                  

                  For .com, it's work :

                  C:\Users\Fab>nslookup
                  Address:  10.0.0.1
                  > set type=soa
                  > com.
                  Serveur :   UnKnown
                  Address:  10.0.0.1
                  
                  Réponse ne faisant pas autorité :
                  com
                          primary name server = a.gtld-servers.net
                          responsible mail addr = nstld.verisign-grs.com
                          serial  = 1423413582
                          refresh = 1800 (30 mins)
                          retry   = 900 (15 mins)
                          expire  = 604800 (7 days)
                          default TTL = 86400 (1 day)
                  
                  com     nameserver = a.gtld-servers.net
                  com     nameserver = b.gtld-servers.net
                  com     nameserver = m.gtld-servers.net
                  com     nameserver = g.gtld-servers.net
                  com     nameserver = k.gtld-servers.net
                  com     nameserver = f.gtld-servers.net
                  com     nameserver = c.gtld-servers.net
                  com     nameserver = d.gtld-servers.net
                  com     nameserver = j.gtld-servers.net
                  com     nameserver = l.gtld-servers.net
                  com     nameserver = h.gtld-servers.net
                  com     nameserver = i.gtld-servers.net
                  com     nameserver = e.gtld-servers.net
                  
                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    What does

                    
                    set querytype=soa
                    root
                    co.
                    
                    

                    produce?

                    1 Reply Last reply Reply Quote 0
                    • F
                      fab1330
                      last edited by

                      @doktornotor:

                      What does

                      
                      set querytype=soa
                      root
                      co.
                      
                      

                      produce?

                      C:\Users\Fab>nslookup
                      Address:  10.0.0.1
                      > set querytype=soa
                      > root
                      Default server :   A.ROOT-SERVERS.NET
                      Addresses:  2001:503:ba3e::2:30
                                198.41.0.4
                      
                      > co.
                      Server :   A.ROOT-SERVERS.NET
                      Addresses:  2001:503:ba3e::2:30
                                198.41.0.4
                      
                      DNS request timed out.
                          timeout was 2 seconds.
                      *** Request time out A.ROOT-SERVERS.NET.
                      
                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        Talk to your ISP about what they are doing with DNS.

                        
                        Default Server:  A.ROOT-SERVERS.NET
                        Addresses:  2001:503:ba3e::2:30
                                  198.41.0.4
                        
                        > co.
                        Server:  A.ROOT-SERVERS.NET
                        Addresses:  2001:503:ba3e::2:30
                                  198.41.0.4
                        
                        co      nameserver = ns1.cctld.co
                        co      nameserver = ns2.cctld.co
                        co      nameserver = ns3.cctld.co
                        co      nameserver = ns4.cctld.co
                        co      nameserver = ns5.cctld.co
                        co      nameserver = ns6.cctld.co
                        ns1.cctld.co    internet address = 156.154.100.25
                        ns2.cctld.co    internet address = 156.154.101.25
                        ns3.cctld.co    internet address = 156.154.102.25
                        ns4.cctld.co    internet address = 156.154.103.25
                        ns5.cctld.co    internet address = 156.154.104.25
                        ns6.cctld.co    internet address = 156.154.105.25
                        ns1.cctld.co    AAAA IPv6 address = 2001:502:2eda::21
                        ns2.cctld.co    AAAA IPv6 address = 2001:502:ad09::21
                        ns3.cctld.co    AAAA IPv6 address = 2610:a1:1009::21
                        ns4.cctld.co    AAAA IPv6 address = 2610:a1:1010::21
                        ns5.cctld.co    AAAA IPv6 address = 2610:a1:1011::21
                        ns6.cctld.co    AAAA IPv6 address = 2610:a1:1012::21
                        
                        
                        1 Reply Last reply Reply Quote 0
                        • F
                          fab1330
                          last edited by

                          @doktornotor:

                          Talk to your ISP about what they are doing with DNS.

                          Why would my ISP be the problem?
                          If I use the DNS Forwarder it works

                          1 Reply Last reply Reply Quote 0
                          • D
                            doktornotor Banned
                            last edited by

                            @fab1330:

                            Why would my ISP be the problem?

                            Because it's clearly blocking/hijacking UDP/53 DNS traffic. When you cannot talk to root servers, you've got a problem.

                            1 Reply Last reply Reply Quote 0
                            • F
                              fab1330
                              last edited by

                              @doktornotor:

                              Because it's clearly blocking/hijacking UDP/53 DNS traffic. When you cannot talk to root servers, you've got a problem.

                              It's strange, I haven't changed anything and now it works. Maybe it is a routing problem at my ISP?

                              Now :

                              C:\Users\Fab>nslookup t.co
                              Address:  10.0.0.1
                              
                              Non-authoritative response :
                              Name :    t.co
                              Addresses:  199.16.156.11
                                        199.16.156.75
                              

                              I monitor in the coming days. thank you

                              1 Reply Last reply Reply Quote 0
                              • D
                                doktornotor Banned
                                last edited by

                                Well if it breaks again… check you can resolve stuff via root nameservers. Unbound cannot work without those unless forwarding is enabled. Also, extremely weird why it'd be limited to .co TLD

                                1 Reply Last reply Reply Quote 0
                                • F
                                  fab1330
                                  last edited by

                                  @doktornotor:

                                  Well if it breaks again… check you can resolve stuff via root nameservers. Unbound cannot work without those unless forwarding is enabled. Also, extremely weird why it'd be limited to .co TLD

                                  The problem comes back randomly :-(

                                  And I have changed ISP meantime. So this is not an ISP problem.

                                  C:\Users\Fab>dig t.co
                                  
                                  ; <<>> DiG 9.10.1-P1 <<>> t.co
                                  ;; global options: +cmd
                                  ;; connection timed out; no servers could be reached
                                  
                                  C:\Users\Fab>dig co
                                  
                                  ; <<>> DiG 9.10.1-P1 <<>> co
                                  ;; global options: +cmd
                                  ;; connection timed out; no servers could be reached
                                  
                                  C:\Users\Fab>dig co. NS
                                  
                                  ; <<>> DiG 9.10.1-P1 <<>> co. NS
                                  ;; global options: +cmd
                                  ;; connection timed out; no servers could be reached
                                  
                                  C:\Users\Fab>dig co. SOA
                                  
                                  ; <<>> DiG 9.10.1-P1 <<>> co. SOA
                                  ;; global options: +cmd
                                  ;; connection timed out; no servers could be reached
                                  
                                  C:\Users\Fab>nslookup
                                  Address:  10.0.0.1
                                  
                                  > set querytype=soa
                                  > root
                                  Default server :   A.ROOT-SERVERS.NET
                                  Addresses:  2001:503:ba3e::2:30
                                            198.41.0.4
                                  
                                  > co.
                                  Serveur :   A.ROOT-SERVERS.NET
                                  Addresses:  2001:503:ba3e::2:30
                                            198.41.0.4
                                  
                                  co      nameserver = ns1.cctld.co
                                  co      nameserver = ns2.cctld.co
                                  co      nameserver = ns3.cctld.co
                                  co      nameserver = ns4.cctld.co
                                  co      nameserver = ns5.cctld.co
                                  co      nameserver = ns6.cctld.co
                                  ns1.cctld.co    internet address = 156.154.100.25
                                  ns2.cctld.co    internet address = 156.154.101.25
                                  ns3.cctld.co    internet address = 156.154.102.25
                                  ns4.cctld.co    internet address = 156.154.103.25
                                  ns5.cctld.co    internet address = 156.154.104.25
                                  ns6.cctld.co    internet address = 156.154.105.25
                                  ns1.cctld.co    AAAA IPv6 address = 2001:502:2eda::21
                                  ns2.cctld.co    AAAA IPv6 address = 2001:502:ad09::21
                                  ns3.cctld.co    AAAA IPv6 address = 2610:a1:1009::21
                                  ns4.cctld.co    AAAA IPv6 address = 2610:a1:1010::21
                                  ns5.cctld.co    AAAA IPv6 address = 2610:a1:1011::21
                                  ns6.cctld.co    AAAA IPv6 address = 2610:a1:1012::21
                                  

                                  Any idea?

                                  thanks :)

                                  1 Reply Last reply Reply Quote 0
                                  • C
                                    cmb
                                    last edited by

                                    Make sure you have "harden glue" enabled on the Advanced tab. If you don't, it might be possible for some malicious query reply to break a TLD.

                                    1 Reply Last reply Reply Quote 0
                                    • F
                                      fab1330
                                      last edited by

                                      @cmb:

                                      Make sure you have "harden glue" enabled on the Advanced tab. If you don't, it might be possible for some malicious query reply to break a TLD.

                                      I just activate "harden glue", and it works:-) Thanks!
                                      But I do not understand what is this option. You can tell me more?

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.