[DNS Resolver] Cannot resolve t.co

doktornotor

What does

set querytype=soa
root
co.

produce?

fab1330

@doktornotor:

What does

set querytype=soa
root
co.

produce?

C:\Users\Fab>nslookup
Address:  10.0.0.1
> set querytype=soa
> root
Default server :   A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

> co.
Server :   A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

DNS request timed out.
    timeout was 2 seconds.
*** Request time out A.ROOT-SERVERS.NET.

doktornotor

Talk to your ISP about what they are doing with DNS.

Default Server:  A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

> co.
Server:  A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

co      nameserver = ns1.cctld.co
co      nameserver = ns2.cctld.co
co      nameserver = ns3.cctld.co
co      nameserver = ns4.cctld.co
co      nameserver = ns5.cctld.co
co      nameserver = ns6.cctld.co
ns1.cctld.co    internet address = 156.154.100.25
ns2.cctld.co    internet address = 156.154.101.25
ns3.cctld.co    internet address = 156.154.102.25
ns4.cctld.co    internet address = 156.154.103.25
ns5.cctld.co    internet address = 156.154.104.25
ns6.cctld.co    internet address = 156.154.105.25
ns1.cctld.co    AAAA IPv6 address = 2001:502:2eda::21
ns2.cctld.co    AAAA IPv6 address = 2001:502:ad09::21
ns3.cctld.co    AAAA IPv6 address = 2610:a1:1009::21
ns4.cctld.co    AAAA IPv6 address = 2610:a1:1010::21
ns5.cctld.co    AAAA IPv6 address = 2610:a1:1011::21
ns6.cctld.co    AAAA IPv6 address = 2610:a1:1012::21

fab1330

@doktornotor:

Talk to your ISP about what they are doing with DNS.

Why would my ISP be the problem?
If I use the DNS Forwarder it works

doktornotor

@fab1330:

Why would my ISP be the problem?

Because it's clearly blocking/hijacking UDP/53 DNS traffic. When you cannot talk to root servers, you've got a problem.

fab1330

@doktornotor:

Because it's clearly blocking/hijacking UDP/53 DNS traffic. When you cannot talk to root servers, you've got a problem.

It's strange, I haven't changed anything and now it works. Maybe it is a routing problem at my ISP?

Now :

C:\Users\Fab>nslookup t.co
Address:  10.0.0.1

Non-authoritative response :
Name :    t.co
Addresses:  199.16.156.11
          199.16.156.75

I monitor in the coming days. thank you

doktornotor

Well if it breaks again… check you can resolve stuff via root nameservers. Unbound cannot work without those unless forwarding is enabled. Also, extremely weird why it'd be limited to .co TLD

fab1330

@doktornotor:

Well if it breaks again… check you can resolve stuff via root nameservers. Unbound cannot work without those unless forwarding is enabled. Also, extremely weird why it'd be limited to .co TLD

The problem comes back randomly :-(

And I have changed ISP meantime. So this is not an ISP problem.

C:\Users\Fab>dig t.co

; <<>> DiG 9.10.1-P1 <<>> t.co
;; global options: +cmd
;; connection timed out; no servers could be reached

C:\Users\Fab>dig co

; <<>> DiG 9.10.1-P1 <<>> co
;; global options: +cmd
;; connection timed out; no servers could be reached

C:\Users\Fab>dig co. NS

; <<>> DiG 9.10.1-P1 <<>> co. NS
;; global options: +cmd
;; connection timed out; no servers could be reached

C:\Users\Fab>dig co. SOA

; <<>> DiG 9.10.1-P1 <<>> co. SOA
;; global options: +cmd
;; connection timed out; no servers could be reached

C:\Users\Fab>nslookup
Address:  10.0.0.1

> set querytype=soa
> root
Default server :   A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

> co.
Serveur :   A.ROOT-SERVERS.NET
Addresses:  2001:503:ba3e::2:30
          198.41.0.4

co      nameserver = ns1.cctld.co
co      nameserver = ns2.cctld.co
co      nameserver = ns3.cctld.co
co      nameserver = ns4.cctld.co
co      nameserver = ns5.cctld.co
co      nameserver = ns6.cctld.co
ns1.cctld.co    internet address = 156.154.100.25
ns2.cctld.co    internet address = 156.154.101.25
ns3.cctld.co    internet address = 156.154.102.25
ns4.cctld.co    internet address = 156.154.103.25
ns5.cctld.co    internet address = 156.154.104.25
ns6.cctld.co    internet address = 156.154.105.25
ns1.cctld.co    AAAA IPv6 address = 2001:502:2eda::21
ns2.cctld.co    AAAA IPv6 address = 2001:502:ad09::21
ns3.cctld.co    AAAA IPv6 address = 2610:a1:1009::21
ns4.cctld.co    AAAA IPv6 address = 2610:a1:1010::21
ns5.cctld.co    AAAA IPv6 address = 2610:a1:1011::21
ns6.cctld.co    AAAA IPv6 address = 2610:a1:1012::21

Any idea?

thanks :)

cmb

Make sure you have "harden glue" enabled on the Advanced tab. If you don't, it might be possible for some malicious query reply to break a TLD.

fab1330

@cmb:

Make sure you have "harden glue" enabled on the Advanced tab. If you don't, it might be possible for some malicious query reply to break a TLD.

I just activate "harden glue", and it works:-) Thanks!
But I do not understand what is this option. You can tell me more?