DNS resolve not working for myqnapcloud.com / BAD (HORIZONTAL) REFERRAL / DNS_PROBE_FINISHED_NXDOMAIN
-
Hi there,
generally speaking pfSense is working beautifully with DNS resolve set up having 127.0.0.1 as the DNS server. And I wouldn't be here if it wasn't for my new QNAP NAS which has let me to believe that pfSense does resolve everything correctly but myqnapcloud.com. For whatever reason that website just doesn't load for me. As soon as I bypass pfSense (e.g. viao NordVPN connection) the website loads.I then started to dig deeper into the problem with the command prompt:
; <<>> DiG 9.12.2-P1 <<>> myqnapcloud.com +trace ;; global options: +cmd . 10613 IN NS e.root-servers.net. . 10613 IN NS f.root-servers.net. . 10613 IN NS g.root-servers.net. . 10613 IN NS h.root-servers.net. . 10613 IN NS i.root-servers.net. . 10613 IN NS j.root-servers.net. . 10613 IN NS k.root-servers.net. . 10613 IN NS l.root-servers.net. . 10613 IN NS m.root-servers.net. . 10613 IN NS a.root-servers.net. . 10613 IN NS b.root-servers.net. . 10613 IN NS c.root-servers.net. . 10613 IN NS d.root-servers.net. . 10613 IN RRSIG NS 8 0 518400 20190513170000 20190430160000 25266 . SWF8vw5Xn/CSH2JCijdb+QY50wM379pp9U8eZ2WlxvALVa181Ct8aqD/ 1UyOkTRy1997mQOM3+m12BU+UMy7nDcLPnrjI68AGdvEm0//D8vSkk8M i1v9JDcpeW5XbrFOhcN38GtMKbHuYOSF1c/p80tkAgonTQqYR+ZqRcar Unqs46aSN83nBlJUAiRDRtn2JBVGfNoSPsj/mrCGIh9N7WEwFARyYo+k EPudcz74WOQOFseDXhD0vL1mx0AdxuQWLoBAcprnqfljCfXcKyWQL4Q5 Pe9xWy5/gMu5tuK9CgHjSdZDdg6UBwS3OF7l0268FQBsfPccJKhbgiTI /diJKg== ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 352 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 134.119.234.146#53(FWDR-251.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 134.119.234.146#53(FWDR-251.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 134.119.234.146#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-251.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 134.119.234.146#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-251.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 134.119.234.146#53(FWDR-251.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 134.119.234.146#53(FWDR-251.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-251.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 134.119.234.146#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 134.119.234.146#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 134.119.234.146#53(FWDR-251.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 134.119.234.146#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 134.119.234.146#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 134.119.234.146#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 134.119.234.146#53(FWDR-251.FWDR-16.FWDR-95.FWDR-176) in 6 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-251.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-251.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL ;; Received 199 bytes from 2a00:1158:2d:300::92#53(FWDR-210.FWDR-16.FWDR-95.FWDR-176) in 5 ms . 3600 IN NS FWDR-210.FWDR-16.FWDR-95.FWDR-176. . 3600 IN NS FWDR-251.FWDR-16.FWDR-95.FWDR-176. ;; BAD (HORIZONTAL) REFERRAL dig: too many lookups
Does anyone have a clue what might cause this prob?
Weird part for me is that the DNS lookup shows this for myqnapcloud.com
Results Result Record type 134.119.234.146 A 2a00:1158:2d:300::92 AAAA Timings Name server Query time 127.0.0.1 408 msec
So everything seems to be fine - except for the very slow lookup...
Any idea on how to get this working? Or is it my ISP that blocks this very single domain? Again - everything else seems to be working just fine...
Thanks!
-
@2malH said in DNS resolve not working for myqnapcloud.com / BAD (HORIZONTAL) REFERRAL / DNS_PROBE_FINISHED_NXDOMAIN:
BAD (HORIZONTAL) REFERRAL
That is your problem right there... their dns is Messed up!!
Tell them to fix it.
-
@johnpoz said in DNS resolve not working for myqnapcloud.com / BAD (HORIZONTAL) REFERRAL / DNS_PROBE_FINISHED_NXDOMAIN:
That is your problem right there... their dns is Messed up!!
Tell them to fix it.Ok, but how come that probably everyone of you can access the website normally? Even I don't have a problem as soon as I use a VPN or some other internet connection (e. g. at work)? Shouldn't be the problem more consistent and affect a lot of you?
Can you give it a try and dig myqnapcloud.com? Do you get the same error?
Best
-
Because they have more than just the 1 NS that is bad.. Look up what BAD (HORIZONTAL) REFERRAL is, and you will understand why it takes long to resolve. So at somepoint you will ask one that is not messed up - you hope ;)
I am not showing the bad referral currently - maybe they fixed it.
$ dig myqnapcloud.com +trace ; <<>> DiG 9.14.1 <<>> myqnapcloud.com +trace ;; global options: +cmd . 513331 IN NS a.root-servers.net. . 513331 IN NS b.root-servers.net. . 513331 IN NS c.root-servers.net. . 513331 IN NS d.root-servers.net. . 513331 IN NS e.root-servers.net. . 513331 IN NS f.root-servers.net. . 513331 IN NS g.root-servers.net. . 513331 IN NS h.root-servers.net. . 513331 IN NS i.root-servers.net. . 513331 IN NS j.root-servers.net. . 513331 IN NS k.root-servers.net. . 513331 IN NS l.root-servers.net. . 513331 IN NS m.root-servers.net. . 513331 IN RRSIG NS 8 0 518400 20190514050000 20190501040000 25266 . gWLhIIlCXy2zjctMKEaq6yMW5qqybxOyfITJyiGeIqe5JwBOpikWxAr2 UkHOt62FKx95+6NE3MAfio1TATbJBuEp8jk6efpaSzg3L67w7R2lkmuw +7v3jXMUacSneyAoPYpvYGKrFEAJYPNkMq5wC2JItrlrcdDo0gRUkqsa dX/OlLffdIqprGiA9u3vIbYHqr9d2w1N/c9OCAtya9Q47RVRvfuqLF3b HcvrxMKErUBxU/XT9vZEpB7pNjuqBtExSiXJfXGSW/UG1FPvKvFXuna0 Xsysn4ng9rdqaAo9l6Gy1csjiSewFkOE8/mbAH+JSdIz+Vl4eaPcIshH vZZ9Vw== ;; Received 525 bytes from 192.168.3.10#53(192.168.3.10) in 4 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766 com. 86400 IN RRSIG DS 8 1 86400 20190514050000 20190501040000 25266 . hqntIonG1oYwh0IBiyFMEBxXcoM4nT50RKYipJEY4Y+3choMpTTvRooM 7qjfO9Mg7igNSpDbkEkFsE5wqQVJoWAJQoaPKsLRpd/m2k4e13SGwnBj D41XnV/cuPJM7NGLkDPmXTND2Mb4LFlDfHXs/uZHMMKGq6zQ0QuTuTEu d1//gYJAjeKXg1+FA2bbVb+8XyuRuPELRLMsW8ee0mOZ6ep51rkDTz8C 8eieHg61l0mzvi5TAgSXxIm4n9yuZm3zxRfzF6Wm1gS+t2+/2/xzn1m7 0z1PFrYghjfCeCWRE1a5vuknZZf+kX8+vL/w/6zU99TQO58fo3vHXNxN PGDSgg== ;; Received 1175 bytes from 198.97.190.53#53(h.root-servers.net) in 37 ms myqnapcloud.com. 172800 IN NS ns1.myqnapcloud.com. myqnapcloud.com. 172800 IN NS ns2.myqnapcloud.com. myqnapcloud.com. 172800 IN NS ns3.myqnapcloud.com. myqnapcloud.com. 172800 IN NS ns4.myqnapcloud.com. myqnapcloud.com. 172800 IN NS ns5.myqnapcloud.com. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190507044623 20190430033623 3800 com. ZWSnZB06wOOR3wRuwQ2TxRtYLRqLVO6n8OHM7LrFAsD9DK9jt5fdQaqw IZpPVvpANnrD/9y62Bm3P2JDmkWg3LZejd+qLusIz1va1cnNOa9aP+Qt 8xQuvGfGuCQpHC0nK41HIXCywVwA2PYA5K4VFFKKywbIt5Up+LVruXiu dDM= SM01VTTAG5UUJ0SMNI2D1KV26CS81TJP.com. 86400 IN NSEC3 1 1 0 - SM0437O8K1FEEAHCU7OJAO1DOPMKQFBS NS DS RRSIG SM01VTTAG5UUJ0SMNI2D1KV26CS81TJP.com. 86400 IN RRSIG NSEC3 8 2 86400 20190505044344 20190428033344 3800 com. cIqEiKJZPinfkrpJcgBFv4jFGYq9eDdBtsfRHjxc80Rg609GVDcrZDok Lqzw1uWM80TYZH1glYV/vvqLpA5/DklbRuAkxIpnjtlgxqB97B6DHT+6 jwETBE/xHD+1Kbdorgbs58x33jdDAf9CXb52Zf+J7jqTui0dxWGUcaOU 50E= ;; Received 699 bytes from 192.42.93.30#53(g.gtld-servers.net) in 34 ms myqnapcloud.com. 3600 IN CNAME qcloud-pr-frontend-1025300009.us-east-1.elb.amazonaws.com. ;; Received 112 bytes from 96.126.116.73#53(ns5.myqnapcloud.com) in 38 ms
Here is the trace to the cname
$ dig qcloud-pr-frontend-1025300009.us-east-1.elb.amazonaws.com +trace ; <<>> DiG 9.14.1 <<>> qcloud-pr-frontend-1025300009.us-east-1.elb.amazonaws.com +trace ;; global options: +cmd . 513218 IN NS a.root-servers.net. . 513218 IN NS b.root-servers.net. . 513218 IN NS c.root-servers.net. . 513218 IN NS d.root-servers.net. . 513218 IN NS e.root-servers.net. . 513218 IN NS f.root-servers.net. . 513218 IN NS g.root-servers.net. . 513218 IN NS h.root-servers.net. . 513218 IN NS i.root-servers.net. . 513218 IN NS j.root-servers.net. . 513218 IN NS k.root-servers.net. . 513218 IN NS l.root-servers.net. . 513218 IN NS m.root-servers.net. . 513218 IN RRSIG NS 8 0 518400 20190514050000 20190501040000 25266 . gWLhIIlCXy2zjctMKEaq6yMW5qqybxOyfITJyiGeIqe5JwBOpikWxAr2 UkHOt62FKx95+6NE3MAfio1TATbJBuEp8jk6efpaSzg3L67w7R2lkmuw +7v3jXMUacSneyAoPYpvYGKrFEAJYPNkMq5wC2JItrlrcdDo0gRUkqsa dX/OlLffdIqprGiA9u3vIbYHqr9d2w1N/c9OCAtya9Q47RVRvfuqLF3b HcvrxMKErUBxU/XT9vZEpB7pNjuqBtExSiXJfXGSW/UG1FPvKvFXuna0 Xsysn4ng9rdqaAo9l6Gy1csjiSewFkOE8/mbAH+JSdIz+Vl4eaPcIshH vZZ9Vw== ;; Received 525 bytes from 192.168.3.10#53(192.168.3.10) in 2 ms com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766 com. 86400 IN RRSIG DS 8 1 86400 20190514050000 20190501040000 25266 . hqntIonG1oYwh0IBiyFMEBxXcoM4nT50RKYipJEY4Y+3choMpTTvRooM 7qjfO9Mg7igNSpDbkEkFsE5wqQVJoWAJQoaPKsLRpd/m2k4e13SGwnBj D41XnV/cuPJM7NGLkDPmXTND2Mb4LFlDfHXs/uZHMMKGq6zQ0QuTuTEu d1//gYJAjeKXg1+FA2bbVb+8XyuRuPELRLMsW8ee0mOZ6ep51rkDTz8C 8eieHg61l0mzvi5TAgSXxIm4n9yuZm3zxRfzF6Wm1gS+t2+/2/xzn1m7 0z1PFrYghjfCeCWRE1a5vuknZZf+kX8+vL/w/6zU99TQO58fo3vHXNxN PGDSgg== ;; Received 1217 bytes from 192.5.5.241#53(f.root-servers.net) in 50 ms amazonaws.com. 172800 IN NS u1.amazonaws.com. amazonaws.com. 172800 IN NS u2.amazonaws.com. amazonaws.com. 172800 IN NS r1.amazonaws.com. amazonaws.com. 172800 IN NS r2.amazonaws.com. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190507044623 20190430033623 3800 com. ZWSnZB06wOOR3wRuwQ2TxRtYLRqLVO6n8OHM7LrFAsD9DK9jt5fdQaqw IZpPVvpANnrD/9y62Bm3P2JDmkWg3LZejd+qLusIz1va1cnNOa9aP+Qt 8xQuvGfGuCQpHC0nK41HIXCywVwA2PYA5K4VFFKKywbIt5Up+LVruXiu dDM= F1RGNA383QHEJVT6VN8TMLODBHCA40FL.com. 86400 IN NSEC3 1 1 0 - F1RIDHD6MF1BTTPJS3NHNL72GAFL9FKA NS DS RRSIG F1RGNA383QHEJVT6VN8TMLODBHCA40FL.com. 86400 IN RRSIG NSEC3 8 2 86400 20190507044108 20190430033108 3800 com. NFNZJL1CsYYFz60PS2FxG/WhyZBl7K1NJqxuDn+WOoEf50XhKL5YMXcA TXQ/5wrGbiTov7+ruJJdltVFcqVerzDN0Jd4X/LDJC5ly2z0Y0AfUrNR IPOaNoF1MlX0swbTGNY23I4O0JWxDcutrNliG/DMKeYKcSoelve+U5MN 9G0= ;; Received 815 bytes from 192.42.93.30#53(g.gtld-servers.net) in 31 ms us-east-1.elb.amazonaws.com. 300 IN NS ns-1119.awsdns-11.org. us-east-1.elb.amazonaws.com. 300 IN NS ns-934.awsdns-52.net. us-east-1.elb.amazonaws.com. 300 IN NS ns-235.awsdns-29.com. us-east-1.elb.amazonaws.com. 300 IN NS ns-1793.awsdns-32.co.uk. ;; Received 223 bytes from 156.154.65.10#53(u2.amazonaws.com) in 40 ms qcloud-pr-frontend-1025300009.us-east-1.elb.amazonaws.com. 60 IN A 54.88.158.19 qcloud-pr-frontend-1025300009.us-east-1.elb.amazonaws.com. 60 IN A 34.199.119.250 qcloud-pr-frontend-1025300009.us-east-1.elb.amazonaws.com. 60 IN A 52.72.143.22 qcloud-pr-frontend-1025300009.us-east-1.elb.amazonaws.com. 60 IN A 52.87.45.75 qcloud-pr-frontend-1025300009.us-east-1.elb.amazonaws.com. 60 IN A 18.235.66.78 qcloud-pr-frontend-1025300009.us-east-1.elb.amazonaws.com. 60 IN A 54.88.230.244 us-east-1.elb.amazonaws.com. 1800 IN NS ns-1119.awsdns-11.org. us-east-1.elb.amazonaws.com. 1800 IN NS ns-1793.awsdns-32.co.uk. us-east-1.elb.amazonaws.com. 1800 IN NS ns-235.awsdns-29.com. us-east-1.elb.amazonaws.com. 1800 IN NS ns-934.awsdns-52.net. ;; Received 319 bytes from 205.251.199.1#53(ns-1793.awsdns-32.co.uk) in 12 ms
-
@johnpoz said in DNS resolve not working for myqnapcloud.com / BAD (HORIZONTAL) REFERRAL / DNS_PROBE_FINISHED_NXDOMAIN:
Because they have more than just the 1 NS that is bad.. Look up what BAD (HORIZONTAL) REFERRAL is, and you will understand why it takes long to resolve. So at somepoint you will ask one that is not messed up - you hope ;)
Last week I was working from a different office with the QNAP connected to the internet perfectly. Didn't have any problem at all. Yesterday I moved back to my office and things went back to normal - as it still couldn't connect to myqnapcloud.com ...
I've tried a couple of things: To deactivate pfBlockerNG, activated DNS forward and cloudflare / 1.1.1.1 as DNS server but had no luck. However the DNS lookup in pfSense seemed to work fine:
Result Record type 134.119.234.146 A 2a00:1158:2d:300::92 AAAA Timings Name server Query time 127.0.0.1 0 msec
A quick dig +trace request for myqnapcloud.com showed that the server now should be accessible ...
; <<>> DiG 9.12.2-P1 <<>> myqnapcloud.com +trace ;; global options: +cmd . 4110 IN NS b.root-servers.net. . 4110 IN NS c.root-servers.net. . 4110 IN NS d.root-servers.net. . 4110 IN NS e.root-servers.net. . 4110 IN NS f.root-servers.net. . 4110 IN NS g.root-servers.net. . 4110 IN NS h.root-servers.net. . 4110 IN NS i.root-servers.net. . 4110 IN NS j.root-servers.net. . 4110 IN NS k.root-servers.net. . 4110 IN NS l.root-servers.net. . 4110 IN NS m.root-servers.net. . 4110 IN NS a.root-servers.net. . 4110 IN RRSIG NS 8 0 518400 20190524050000 20190511040000 25266 . leL+o85B8ut1GEnW7WDNVsfXCu2IxLascTfkIgOGlUCwYhG/+/7SBcRq uMuJzmwu9b0OhI8qtXBqekl3JlgcL1b+ZcgHj856044HIa9xfhE2dTHq Zjgs5/mj9ya6PAScO1m56FTydsR2iB1PAAbqzOMB/XF/gADfl2R4ZKby TaXFh/YV29K4jJwRXVIGJxCLEERRkE0i8JCWc365Ttp1atxDbnwiCdfC 3I64tcIjq8b/cdLVaAL71U4ajNh8JoclKrIa3cebtvwSSriMoFffe5QD rqQsZXL+XZQ4x2KUHy8CVn29W9rf6wjn1wjrf+gzxWl6kqhq04fpKm/G RcePJw== ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms ;; Received 33 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 0 ms
But I still couldn't access it. So I looked up "RRSIG" and read some thing about DNSSEC. I then deactivated the DNSSEC support in the DNS Resolver. Now it's working but I don't really know if I like the fact that I've had to disable it. Is there any way around it? Or maybe some kind of setting that helps me to enable it for all the other websites but myqnapcloud.com?
And by the way: This is in my custom options:
server: ssl-upstream: yes do-tcp: yes forward-zone: name: "." forward-addr: 1.1.1.1@853 forward-addr: 1.0.0.1@853 forward-addr: 2606:4700:4700::1111@853 forward-addr: 2606:4700:4700::1001@853 server:include: /var/unbound/pfb_dnsbl.*conf log-queries: yes
I can't recall if 1.1.1.1 and 1.0.0.1 were in there before or if it changed while searching for an alternative approach to make it work. Basically I just want to have pfSense to resolve DNS, thus using localhost/127.0.0.1 - should I remove the forward-zone part?
Thanks a ton!
-
Dude your using tls, you can not resolve if your going to use tls
That domain is still all jacked up - its a MESS..
They got rid of the horizontal - but they still have delegation problems
amazonaws.com to us-east-1.elb.amazonaws.com: The server(s) for the parent zone (amazonaws.com) responded with a referral instead of answering authoritatively for the DS RR type. (205.251.192.27, 205.251.195.199, 2600:9000:5300:1b00::1, 2600:9000:5303:c700::1, UDP_-_EDNS0_4096_D_K)
And they have AAAA for their NS, but no glue for them.
They are still resolving and having no issues with dnssec enabled on them.. But in your setup you posted your forwarding over tls for everything. If you "forward" having dnssec enabled it is pointless.. If you forward - where you forward to is either doing dnssec or they are not, having it enabled in unbound would just cause extra queries and provide nothing.
having dnssec enabled only makes sense when you resolve..
-
@johnpoz said in DNS resolve not working for myqnapcloud.com / BAD (HORIZONTAL) REFERRAL / DNS_PROBE_FINISHED_NXDOMAIN:
They are still resolving and having no issues with dnssec enabled on them.. But in your setup you posted your forwarding over tls for everything. If you "forward" having dnssec enabled it is pointless.. If you forward - where you forward to is either doing dnssec or they are not, having it enabled in unbound would just cause extra queries and provide nothing.
having dnssec enabled only makes sense when you resolve..Hey Johnpoz,
thanks for getting back to me. Just to get this right: I didn't mean to forward everything over TLS. I just tried everything to get the domain myqnapcloud.com to work. I now hope to have the resolver back in place and working. But I'm really unsure about the "forward-zones" part in custom options. Do you mean that? Should I just delete it? Or is there anything else I have to switch to have the DNS resolver working like it should be?
Thanks!
-
You should remove everything from options - and why exactly are you using pfblocker? Remove that until you are sure resolving is working how it should... Default of the box setting are fine.
If if you have 1 bad domain that you have issues to resolve - you could always just do a domain override for that specific domain..