[DNS Resolver] Cannot resolve t.co

doktornotor · Feb 8, 2015, 4:38 PM


nslookup - 10.0.0.1
set querytype=soa
co.

Post the output of the above. This is what I get:


Non-authoritative answer:
co
        primary name server = ns1.cctld.co
        responsible mail addr = hostmaster.neustar.biz
        serial  = 2018084018
        refresh = 900 (15 mins)
        retry   = 900 (15 mins)
        expire  = 604800 (7 days)
        default TTL = 86400 (1 day)

co      nameserver = ns5.cctld.co
co      nameserver = ns4.cctld.co
co      nameserver = ns2.cctld.co
co      nameserver = ns6.cctld.co
co      nameserver = ns1.cctld.co
co      nameserver = ns3.cctld.co
ns1.cctld.co    internet address = 156.154.100.25
ns1.cctld.co    AAAA IPv6 address = 2001:502:2eda::21
ns2.cctld.co    internet address = 156.154.101.25
ns2.cctld.co    AAAA IPv6 address = 2001:502:ad09::21
ns3.cctld.co    internet address = 156.154.102.25
ns3.cctld.co    AAAA IPv6 address = 2610:a1:1009::21
ns4.cctld.co    internet address = 156.154.103.25
ns4.cctld.co    AAAA IPv6 address = 2610:a1:1010::21
ns5.cctld.co    internet address = 156.154.104.25
ns5.cctld.co    AAAA IPv6 address = 2610:a1:1011::21
ns6.cctld.co    internet address = 156.154.105.25
ns6.cctld.co    AAAA IPv6 address = 2610:a1:1012::21

fab1330 · Feb 8, 2015, 4:44 PM

@doktornotor:


nslookup - 10.0.0.1
set querytype=soa
co.

nslookup co

C:\Users\Fab>nslookup
Address:  10.0.0.1
> set type=soa
> co.
Server :   UnKnown
Address:  10.0.0.1

*** UnKnown ne parvient pas à trouver co. : Server failed

For .com, it's work :

C:\Users\Fab>nslookup
Address:  10.0.0.1
> set type=soa
> com.
Serveur :   UnKnown
Address:  10.0.0.1

Réponse ne faisant pas autorité :
com
        primary name server = a.gtld-servers.net
        responsible mail addr = nstld.verisign-grs.com
        serial  = 1423413582
        refresh = 1800 (30 mins)
        retry   = 900 (15 mins)
        expire  = 604800 (7 days)
        default TTL = 86400 (1 day)

com     nameserver = a.gtld-servers.net
com     nameserver = b.gtld-servers.net
com     nameserver = m.gtld-servers.net
com     nameserver = g.gtld-servers.net
com     nameserver = k.gtld-servers.net
com     nameserver = f.gtld-servers.net
com     nameserver = c.gtld-servers.net
com     nameserver = d.gtld-servers.net
com     nameserver = j.gtld-servers.net
com     nameserver = l.gtld-servers.net
com     nameserver = h.gtld-servers.net
com     nameserver = i.gtld-servers.net
com     nameserver = e.gtld-servers.net

doktornotor · Feb 8, 2015, 4:50 PM

What does


set querytype=soa
root
co.

produce?

fab1330 · Feb 8, 2015, 6:02 PM

@doktornotor:

What does
set querytype=soa
root
co.
produce?

C:\Users\Fab>nslookup
Address:  10.0.0.1
> set querytype=soa
> root
Default server :   A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

> co.
Server :   A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

DNS request timed out.
    timeout was 2 seconds.
*** Request time out A.ROOT-SERVERS.NET.

doktornotor · Feb 8, 2015, 6:20 PM

Talk to your ISP about what they are doing with DNS.


Default Server:  A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

> co.
Server:  A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

co      nameserver = ns1.cctld.co
co      nameserver = ns2.cctld.co
co      nameserver = ns3.cctld.co
co      nameserver = ns4.cctld.co
co      nameserver = ns5.cctld.co
co      nameserver = ns6.cctld.co
ns1.cctld.co    internet address = 156.154.100.25
ns2.cctld.co    internet address = 156.154.101.25
ns3.cctld.co    internet address = 156.154.102.25
ns4.cctld.co    internet address = 156.154.103.25
ns5.cctld.co    internet address = 156.154.104.25
ns6.cctld.co    internet address = 156.154.105.25
ns1.cctld.co    AAAA IPv6 address = 2001:502:2eda::21
ns2.cctld.co    AAAA IPv6 address = 2001:502:ad09::21
ns3.cctld.co    AAAA IPv6 address = 2610:a1:1009::21
ns4.cctld.co    AAAA IPv6 address = 2610:a1:1010::21
ns5.cctld.co    AAAA IPv6 address = 2610:a1:1011::21
ns6.cctld.co    AAAA IPv6 address = 2610:a1:1012::21

fab1330 · Feb 8, 2015, 7:12 PM

@doktornotor:

Talk to your ISP about what they are doing with DNS.

Why would my ISP be the problem?
If I use the DNS Forwarder it works

doktornotor · Feb 8, 2015, 7:15 PM

@fab1330:

Why would my ISP be the problem?

Because it's clearly blocking/hijacking UDP/53 DNS traffic. When you cannot talk to root servers, you've got a problem.

fab1330 · Feb 8, 2015, 9:55 PM

@doktornotor:

Because it's clearly blocking/hijacking UDP/53 DNS traffic. When you cannot talk to root servers, you've got a problem.

It's strange, I haven't changed anything and now it works. Maybe it is a routing problem at my ISP?

Now :

C:\Users\Fab>nslookup t.co
Address:  10.0.0.1

Non-authoritative response :
Name :    t.co
Addresses:  199.16.156.11
          199.16.156.75

I monitor in the coming days. thank you

doktornotor · Feb 8, 2015, 10:02 PM

Well if it breaks again… check you can resolve stuff via root nameservers. Unbound cannot work without those unless forwarding is enabled. Also, extremely weird why it'd be limited to .co TLD

fab1330 · Feb 14, 2015, 9:56 PM

@doktornotor:

Well if it breaks again… check you can resolve stuff via root nameservers. Unbound cannot work without those unless forwarding is enabled. Also, extremely weird why it'd be limited to .co TLD

The problem comes back randomly :-(

And I have changed ISP meantime. So this is not an ISP problem.

C:\Users\Fab>dig t.co

; <<>> DiG 9.10.1-P1 <<>> t.co
;; global options: +cmd
;; connection timed out; no servers could be reached

C:\Users\Fab>dig co

; <<>> DiG 9.10.1-P1 <<>> co
;; global options: +cmd
;; connection timed out; no servers could be reached

C:\Users\Fab>dig co. NS

; <<>> DiG 9.10.1-P1 <<>> co. NS
;; global options: +cmd
;; connection timed out; no servers could be reached

C:\Users\Fab>dig co. SOA

; <<>> DiG 9.10.1-P1 <<>> co. SOA
;; global options: +cmd
;; connection timed out; no servers could be reached

C:\Users\Fab>nslookup
Address:  10.0.0.1

> set querytype=soa
> root
Default server :   A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

> co.
Serveur :   A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

co      nameserver = ns1.cctld.co
co      nameserver = ns2.cctld.co
co      nameserver = ns3.cctld.co
co      nameserver = ns4.cctld.co
co      nameserver = ns5.cctld.co
co      nameserver = ns6.cctld.co
ns1.cctld.co    internet address = 156.154.100.25
ns2.cctld.co    internet address = 156.154.101.25
ns3.cctld.co    internet address = 156.154.102.25
ns4.cctld.co    internet address = 156.154.103.25
ns5.cctld.co    internet address = 156.154.104.25
ns6.cctld.co    internet address = 156.154.105.25
ns1.cctld.co    AAAA IPv6 address = 2001:502:2eda::21
ns2.cctld.co    AAAA IPv6 address = 2001:502:ad09::21
ns3.cctld.co    AAAA IPv6 address = 2610:a1:1009::21
ns4.cctld.co    AAAA IPv6 address = 2610:a1:1010::21
ns5.cctld.co    AAAA IPv6 address = 2610:a1:1011::21
ns6.cctld.co    AAAA IPv6 address = 2610:a1:1012::21

Any idea?

thanks :)

cmb · Feb 14, 2015, 10:07 PM

Make sure you have "harden glue" enabled on the Advanced tab. If you don't, it might be possible for some malicious query reply to break a TLD.

fab1330 · Feb 14, 2015, 10:22 PM

@cmb:

Make sure you have "harden glue" enabled on the Advanced tab. If you don't, it might be possible for some malicious query reply to break a TLD.

I just activate "harden glue", and it works:-) Thanks!
But I do not understand what is this option. You can tell me more?