Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [DNS Resolver] Cannot resolve t.co

    Scheduled Pinned Locked Moved DHCP and DNS
    17 Posts 3 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doktornotor Banned
      last edited by 

      
nslookup - 10.0.0.1
set querytype=soa
co.

      Post the output of the above. This is what I get:

      
Non-authoritative answer:
co
        primary name server = ns1.cctld.co
        responsible mail addr = hostmaster.neustar.biz
        serial  = 2018084018
        refresh = 900 (15 mins)
        retry   = 900 (15 mins)
        expire  = 604800 (7 days)
        default TTL = 86400 (1 day)

co      nameserver = ns5.cctld.co
co      nameserver = ns4.cctld.co
co      nameserver = ns2.cctld.co
co      nameserver = ns6.cctld.co
co      nameserver = ns1.cctld.co
co      nameserver = ns3.cctld.co
ns1.cctld.co    internet address = 156.154.100.25
ns1.cctld.co    AAAA IPv6 address = 2001:502:2eda::21
ns2.cctld.co    internet address = 156.154.101.25
ns2.cctld.co    AAAA IPv6 address = 2001:502:ad09::21
ns3.cctld.co    internet address = 156.154.102.25
ns3.cctld.co    AAAA IPv6 address = 2610:a1:1009::21
ns4.cctld.co    internet address = 156.154.103.25
ns4.cctld.co    AAAA IPv6 address = 2610:a1:1010::21
ns5.cctld.co    internet address = 156.154.104.25
ns5.cctld.co    AAAA IPv6 address = 2610:a1:1011::21
ns6.cctld.co    internet address = 156.154.105.25
ns6.cctld.co    AAAA IPv6 address = 2610:a1:1012::21
      1 Reply Last reply Reply Quote 0
      • F
        fab1330
        last edited by

        @doktornotor:

        
nslookup - 10.0.0.1
set querytype=soa
co.

        nslookup co

        C:\Users\Fab>nslookup
Address:  10.0.0.1
> set type=soa
> co.
Server :   UnKnown
Address:  10.0.0.1

*** UnKnown ne parvient pas à trouver co. : Server failed

        For .com, it's work :

        C:\Users\Fab>nslookup
Address:  10.0.0.1
> set type=soa
> com.
Serveur :   UnKnown
Address:  10.0.0.1

Réponse ne faisant pas autorité :
com
        primary name server = a.gtld-servers.net
        responsible mail addr = nstld.verisign-grs.com
        serial  = 1423413582
        refresh = 1800 (30 mins)
        retry   = 900 (15 mins)
        expire  = 604800 (7 days)
        default TTL = 86400 (1 day)

com     nameserver = a.gtld-servers.net
com     nameserver = b.gtld-servers.net
com     nameserver = m.gtld-servers.net
com     nameserver = g.gtld-servers.net
com     nameserver = k.gtld-servers.net
com     nameserver = f.gtld-servers.net
com     nameserver = c.gtld-servers.net
com     nameserver = d.gtld-servers.net
com     nameserver = j.gtld-servers.net
com     nameserver = l.gtld-servers.net
com     nameserver = h.gtld-servers.net
com     nameserver = i.gtld-servers.net
com     nameserver = e.gtld-servers.net
        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          What does

          
set querytype=soa
root
co.

          produce?

          1 Reply Last reply Reply Quote 0
          • F
            fab1330
            last edited by

            @doktornotor:

            What does

            
set querytype=soa
root
co.

            produce?

            C:\Users\Fab>nslookup
Address:  10.0.0.1
> set querytype=soa
> root
Default server :   A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

> co.
Server :   A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

DNS request timed out.
    timeout was 2 seconds.
*** Request time out A.ROOT-SERVERS.NET.
            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              Talk to your ISP about what they are doing with DNS.

              
Default Server:  A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

> co.
Server:  A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

co      nameserver = ns1.cctld.co
co      nameserver = ns2.cctld.co
co      nameserver = ns3.cctld.co
co      nameserver = ns4.cctld.co
co      nameserver = ns5.cctld.co
co      nameserver = ns6.cctld.co
ns1.cctld.co    internet address = 156.154.100.25
ns2.cctld.co    internet address = 156.154.101.25
ns3.cctld.co    internet address = 156.154.102.25
ns4.cctld.co    internet address = 156.154.103.25
ns5.cctld.co    internet address = 156.154.104.25
ns6.cctld.co    internet address = 156.154.105.25
ns1.cctld.co    AAAA IPv6 address = 2001:502:2eda::21
ns2.cctld.co    AAAA IPv6 address = 2001:502:ad09::21
ns3.cctld.co    AAAA IPv6 address = 2610:a1:1009::21
ns4.cctld.co    AAAA IPv6 address = 2610:a1:1010::21
ns5.cctld.co    AAAA IPv6 address = 2610:a1:1011::21
ns6.cctld.co    AAAA IPv6 address = 2610:a1:1012::21
              1 Reply Last reply Reply Quote 0
              • F
                fab1330
                last edited by

                @doktornotor:

                Talk to your ISP about what they are doing with DNS.

                Why would my ISP be the problem?
                If I use the DNS Forwarder it works

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  @fab1330:

                  Why would my ISP be the problem?

                  Because it's clearly blocking/hijacking UDP/53 DNS traffic. When you cannot talk to root servers, you've got a problem.

                  1 Reply Last reply Reply Quote 0
                  • F
                    fab1330
                    last edited by

                    @doktornotor:

                    Because it's clearly blocking/hijacking UDP/53 DNS traffic. When you cannot talk to root servers, you've got a problem.

                    It's strange, I haven't changed anything and now it works. Maybe it is a routing problem at my ISP?

                    Now :

                    C:\Users\Fab>nslookup t.co
Address:  10.0.0.1

Non-authoritative response :
Name :    t.co
Addresses:  199.16.156.11
          199.16.156.75

                    I monitor in the coming days. thank you

                    1 Reply Last reply Reply Quote 0
                    • D
                      doktornotor Banned
                      last edited by

                      Well if it breaks again… check you can resolve stuff via root nameservers. Unbound cannot work without those unless forwarding is enabled. Also, extremely weird why it'd be limited to .co TLD

                      1 Reply Last reply Reply Quote 0
                      • F
                        fab1330
                        last edited by

                        @doktornotor:

                        Well if it breaks again… check you can resolve stuff via root nameservers. Unbound cannot work without those unless forwarding is enabled. Also, extremely weird why it'd be limited to .co TLD

                        The problem comes back randomly :-(

                        And I have changed ISP meantime. So this is not an ISP problem.

                        C:\Users\Fab>dig t.co

; <<>> DiG 9.10.1-P1 <<>> t.co
;; global options: +cmd
;; connection timed out; no servers could be reached

C:\Users\Fab>dig co

; <<>> DiG 9.10.1-P1 <<>> co
;; global options: +cmd
;; connection timed out; no servers could be reached

C:\Users\Fab>dig co. NS

; <<>> DiG 9.10.1-P1 <<>> co. NS
;; global options: +cmd
;; connection timed out; no servers could be reached

C:\Users\Fab>dig co. SOA

; <<>> DiG 9.10.1-P1 <<>> co. SOA
;; global options: +cmd
;; connection timed out; no servers could be reached

C:\Users\Fab>nslookup
Address:  10.0.0.1

> set querytype=soa
> root
Default server :   A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

> co.
Serveur :   A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

co      nameserver = ns1.cctld.co
co      nameserver = ns2.cctld.co
co      nameserver = ns3.cctld.co
co      nameserver = ns4.cctld.co
co      nameserver = ns5.cctld.co
co      nameserver = ns6.cctld.co
ns1.cctld.co    internet address = 156.154.100.25
ns2.cctld.co    internet address = 156.154.101.25
ns3.cctld.co    internet address = 156.154.102.25
ns4.cctld.co    internet address = 156.154.103.25
ns5.cctld.co    internet address = 156.154.104.25
ns6.cctld.co    internet address = 156.154.105.25
ns1.cctld.co    AAAA IPv6 address = 2001:502:2eda::21
ns2.cctld.co    AAAA IPv6 address = 2001:502:ad09::21
ns3.cctld.co    AAAA IPv6 address = 2610:a1:1009::21
ns4.cctld.co    AAAA IPv6 address = 2610:a1:1010::21
ns5.cctld.co    AAAA IPv6 address = 2610:a1:1011::21
ns6.cctld.co    AAAA IPv6 address = 2610:a1:1012::21

                        Any idea?

                        thanks :)

                        1 Reply Last reply Reply Quote 0
                        • C
                          cmb
                          last edited by

                          Make sure you have "harden glue" enabled on the Advanced tab. If you don't, it might be possible for some malicious query reply to break a TLD.

                          1 Reply Last reply Reply Quote 0
                          • F
                            fab1330
                            last edited by

                            @cmb:

                            Make sure you have "harden glue" enabled on the Advanced tab. If you don't, it might be possible for some malicious query reply to break a TLD.

                            I just activate "harden glue", and it works:-) Thanks!
                            But I do not understand what is this option. You can tell me more?

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.