unbound does not resolve domains in the .dev tld

pox · May 28, 2019, 8:03 AM

I am using unbound as recursive dns, and when I try to lookup .dev domains, like get.dev I get a SERVFAIL as response:

$ dig get.dev @192.168.0.1

; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> get.dev @192.168.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44540
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;get.dev.                       IN      A

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue May 28 09:50:01 CEST 2019
;; MSG SIZE  rcvd: 36

Can someone help me? Everything else works as expected, just .dev is not working. What could be wrong? Can I somehow debug dns errors?

Thanks!

jimp · May 28, 2019, 6:05 PM

I can't reproduce that here, it responds as expected:

$ host git.dev
git.dev has address 18.234.32.196
git.dev has address 18.234.32.194
git.dev has address 18.234.32.195

Do you have custom features active in the DNS resolver? pfBlocker/DNSBL or anything like that which might interfere with responses?

johnpoz · May 28, 2019, 6:33 PM

yeah working here as well..

He is looking up get.dev not git.dev ;)

$ dig get.dev

; <<>> DiG 9.14.1 <<>> get.dev
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52739
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;get.dev.                       IN      A

;; ANSWER SECTION:
get.dev.                3600    IN      A       216.239.32.29

;; Query time: 295 msec
;; SERVER: 192.168.3.10#53(192.168.3.10)
;; WHEN: Tue May 28 13:31:53 Central Daylight Time 2019
;; MSG SIZE  rcvd: 52

jimp · May 28, 2019, 6:34 PM

Have git on the brain, I guess. Comes from using it all day most every day :-)

Though the other one works, too.

$ host get.dev
get.dev has address 216.239.32.29

johnpoz · May 28, 2019, 6:36 PM

if he is saying NOTHING at .dev resolves he prob having a hard time talking to the NS for that .tld

;; QUESTION SECTION:
;dev. IN NS

;; ANSWER SECTION:
dev. 21600 IN NS ns-tld1.charlestonroadregistry.com.
dev. 21600 IN NS ns-tld2.charlestonroadregistry.com.
dev. 21600 IN NS ns-tld3.charlestonroadregistry.com.
dev. 21600 IN NS ns-tld4.charlestonroadregistry.com.
dev. 21600 IN NS ns-tld5.charlestonroadregistry.com.

You would need to be able to talk to them to find the NS for git or get.dev

Do a simple dig +trace to validate where its failing in your resolving.

[2.4.4-RELEASE][admin@sg4860.local.lan]/: dig get.dev +trace

; <<>> DiG 9.12.2-P1 <<>> get.dev +trace
;; global options: +cmd
.                       66288   IN      NS      c.root-servers.net.
.                       66288   IN      NS      k.root-servers.net.
.                       66288   IN      NS      g.root-servers.net.
.                       66288   IN      NS      i.root-servers.net.
.                       66288   IN      NS      f.root-servers.net.
.                       66288   IN      NS      j.root-servers.net.
.                       66288   IN      NS      a.root-servers.net.
.                       66288   IN      NS      e.root-servers.net.
.                       66288   IN      NS      b.root-servers.net.
.                       66288   IN      NS      d.root-servers.net.
.                       66288   IN      NS      m.root-servers.net.
.                       66288   IN      NS      l.root-servers.net.
.                       66288   IN      NS      h.root-servers.net.
.                       66288   IN      RRSIG   NS 8 0 518400 20190610050000 20190528040000 25266 . 0H4mdqwNzsPc9zj1uE2ibA5aq7uQfushwBzqoGyZ8xfdo6TvP/QOOdLr JDd5mOKyAPxcSE3BbzmrXehBGma2NtXLKtfj3lrJskAU6N0EFPUcuVzr fAlv0SoB2XiE5Edt804/3xAaplTzHFpBcrZ55yJAmC74R1F0M7EDlJva 6qcPdbY8gatOdKgEbERfhic5JPqMd3MbVkCOnuddfbABCKXBmT/UqRDQ yHAF8sgBsQVC0AjDKXA40lazzJL4G66fBFDWYCox4bUuI6hECgOvR9DQ 8rSqkrDfiJLGSzjlSwBEjL2We3jrPZBsEF6c+VgZCsNh4F/BuEJDrR9p zgjYtw==
;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

dev.                    172800  IN      NS      ns-tld3.charlestonroadregistry.com.
dev.                    172800  IN      NS      ns-tld4.charlestonroadregistry.com.
dev.                    172800  IN      NS      ns-tld5.charlestonroadregistry.com.
dev.                    172800  IN      NS      ns-tld1.charlestonroadregistry.com.
dev.                    172800  IN      NS      ns-tld2.charlestonroadregistry.com.
dev.                    86400   IN      DS      60074 8 2 B942E2CE5AEBF62FCA59D05707E6DBB795211D540D8ADBA02E9E89E8 33424785
dev.                    86400   IN      RRSIG   DS 8 1 86400 20190610170000 20190528160000 25266 . oJCQxMsllCe0xNwvMe7/5iBx/iLMufP+n4mwf11MDmgOcme/Eb9a2/Xe NWkpUqnTWHkZgNapX5bTDQv0Yjn4FFL4z68nM/Y9+8xeJnPB9s5ILogL AkJSVEA9dR9WM/AdMdZljg8YztIckFrrIdYoO6f+AZICV60hvOPtPZ9w OCGhMn9Y972OcON1R3eYqchLrftJN+mX6yer+DYR3vUP5PU6Syh9rUYy dNFbRD0VAK2kntM46iNv/QnC2IjaM6Lz6DnuMiWuTzLqNZkxF8UDOmDG mHFj3dfJFCRFUg6H7scvJD4q9ZJqz5ed8XYJw8PBzFVe3aCVeT6JnqA0 4b6Wlg==
;; Received 727 bytes from 2001:dc3::35#53(m.root-servers.net) in 78 ms

get.dev.                180     IN      NS      ns1.zdns.google.
get.dev.                180     IN      NS      ns2.zdns.google.
get.dev.                180     IN      NS      ns3.zdns.google.
get.dev.                180     IN      NS      ns4.zdns.google.
;; Received 119 bytes from 216.239.34.105#53(ns-tld2.charlestonroadregistry.com) in 116 ms

get.dev.                300     IN      A       216.239.32.29
get.dev.                300     IN      RRSIG   A 8 2 300 20190627160939 20190528160939 18228 get.dev. g2I2US1nIcPKuadX58qSW5O1RKTKRGxh8xIyFS/EdYFbktjSytQmWgbc 4s0IbkWmkFvYYpIchd2UdaOYz+NoImEaztC9pTy6ohXRId1EmPIzkK4R sCGE7Y7zEtLUmYSB7B6EzQGKTEsXL3n//74NI05CNUHQu9Dpz8q1Zhx5 gWA=
;; Received 219 bytes from 216.239.38.114#53(ns4.zdns.google) in 23 ms

[2.4.4-RELEASE][admin@sg4860.local.lan]/: