[DNS Resolver] Cannot resolve t.co
-
Hello,
Since I use the DNS resolver of pfSense, I no longer have access to simplified url "t.co". Example, impossible to access to http://t.co/zLf5XQQPdn.
C:\Users\Fab>nslookup co Serveur : UnKnown Address: 10.0.0.1 (pfSense) *** UnKnown to find co : Non-existent domainWhat do you do?
There are not any root DNS servers in pfSense?
Thanks :-)
-
You don't resolve TLDs. t.co resolves just fine.
-
You don't resolve TLDs. t.co resolves just fine.
No, impossible to resolve t.co. By using DNS Forwarder, no problem
C:\Users\Fab>nslookup t.co Serveur : UnKnown Address: 10.0.0.1 DNS request timed out. timeout was 2 seconds. -
Yeah, your DNS configuration is broken. No information provided to debug anything here.
-
Yeah, your DNS configuration is broken. No information provided to debug anything here.
Configuration :
General settings: ------------------ Enable : checked Listen port : empty Network Interfaces : LAN Outgoing Network Interfaces : WAN DNSSEC : checked DNS Query Forwarding : unchecked DHCP Registration : checked Static DHCP : checked TXT Comment Support : checked On the other tabs, everything is defaultInterfaces configuration:
LAN : Static IPv4 Configuation : 10.0.0.1/24 WAN : PPPoE Internet AccessNothing to report in the log of resolver. And no problem to solve other TLDs that "co"
What I can provide such other information?
thanks :)
-
nslookup - 10.0.0.1 set querytype=soa co.Post the output of the above. This is what I get:
Non-authoritative answer: co primary name server = ns1.cctld.co responsible mail addr = hostmaster.neustar.biz serial = 2018084018 refresh = 900 (15 mins) retry = 900 (15 mins) expire = 604800 (7 days) default TTL = 86400 (1 day) co nameserver = ns5.cctld.co co nameserver = ns4.cctld.co co nameserver = ns2.cctld.co co nameserver = ns6.cctld.co co nameserver = ns1.cctld.co co nameserver = ns3.cctld.co ns1.cctld.co internet address = 156.154.100.25 ns1.cctld.co AAAA IPv6 address = 2001:502:2eda::21 ns2.cctld.co internet address = 156.154.101.25 ns2.cctld.co AAAA IPv6 address = 2001:502:ad09::21 ns3.cctld.co internet address = 156.154.102.25 ns3.cctld.co AAAA IPv6 address = 2610:a1:1009::21 ns4.cctld.co internet address = 156.154.103.25 ns4.cctld.co AAAA IPv6 address = 2610:a1:1010::21 ns5.cctld.co internet address = 156.154.104.25 ns5.cctld.co AAAA IPv6 address = 2610:a1:1011::21 ns6.cctld.co internet address = 156.154.105.25 ns6.cctld.co AAAA IPv6 address = 2610:a1:1012::21 -
nslookup - 10.0.0.1 set querytype=soa co.nslookup co
C:\Users\Fab>nslookup Address: 10.0.0.1 > set type=soa > co. Server : UnKnown Address: 10.0.0.1 *** UnKnown ne parvient pas à trouver co. : Server failedFor .com, it's work :
C:\Users\Fab>nslookup Address: 10.0.0.1 > set type=soa > com. Serveur : UnKnown Address: 10.0.0.1 Réponse ne faisant pas autorité : com primary name server = a.gtld-servers.net responsible mail addr = nstld.verisign-grs.com serial = 1423413582 refresh = 1800 (30 mins) retry = 900 (15 mins) expire = 604800 (7 days) default TTL = 86400 (1 day) com nameserver = a.gtld-servers.net com nameserver = b.gtld-servers.net com nameserver = m.gtld-servers.net com nameserver = g.gtld-servers.net com nameserver = k.gtld-servers.net com nameserver = f.gtld-servers.net com nameserver = c.gtld-servers.net com nameserver = d.gtld-servers.net com nameserver = j.gtld-servers.net com nameserver = l.gtld-servers.net com nameserver = h.gtld-servers.net com nameserver = i.gtld-servers.net com nameserver = e.gtld-servers.net -
What does
set querytype=soa root co.produce?
-
What does
set querytype=soa root co.produce?
C:\Users\Fab>nslookup Address: 10.0.0.1 > set querytype=soa > root Default server : A.ROOT-SERVERS.NET Addresses: 2001:503:ba3e::2:30 198.41.0.4 > co. Server : A.ROOT-SERVERS.NET Addresses: 2001:503:ba3e::2:30 198.41.0.4 DNS request timed out. timeout was 2 seconds. *** Request time out A.ROOT-SERVERS.NET. -
Talk to your ISP about what they are doing with DNS.
Default Server: A.ROOT-SERVERS.NET Addresses: 2001:503:ba3e::2:30 198.41.0.4 > co. Server: A.ROOT-SERVERS.NET Addresses: 2001:503:ba3e::2:30 198.41.0.4 co nameserver = ns1.cctld.co co nameserver = ns2.cctld.co co nameserver = ns3.cctld.co co nameserver = ns4.cctld.co co nameserver = ns5.cctld.co co nameserver = ns6.cctld.co ns1.cctld.co internet address = 156.154.100.25 ns2.cctld.co internet address = 156.154.101.25 ns3.cctld.co internet address = 156.154.102.25 ns4.cctld.co internet address = 156.154.103.25 ns5.cctld.co internet address = 156.154.104.25 ns6.cctld.co internet address = 156.154.105.25 ns1.cctld.co AAAA IPv6 address = 2001:502:2eda::21 ns2.cctld.co AAAA IPv6 address = 2001:502:ad09::21 ns3.cctld.co AAAA IPv6 address = 2610:a1:1009::21 ns4.cctld.co AAAA IPv6 address = 2610:a1:1010::21 ns5.cctld.co AAAA IPv6 address = 2610:a1:1011::21 ns6.cctld.co AAAA IPv6 address = 2610:a1:1012::21 -
Talk to your ISP about what they are doing with DNS.
Why would my ISP be the problem?
If I use the DNS Forwarder it works -
Why would my ISP be the problem?
Because it's clearly blocking/hijacking UDP/53 DNS traffic. When you cannot talk to root servers, you've got a problem.
-
Because it's clearly blocking/hijacking UDP/53 DNS traffic. When you cannot talk to root servers, you've got a problem.
It's strange, I haven't changed anything and now it works. Maybe it is a routing problem at my ISP?
Now :
C:\Users\Fab>nslookup t.co Address: 10.0.0.1 Non-authoritative response : Name : t.co Addresses: 199.16.156.11 199.16.156.75I monitor in the coming days. thank you
-
Well if it breaks again… check you can resolve stuff via root nameservers. Unbound cannot work without those unless forwarding is enabled. Also, extremely weird why it'd be limited to .co TLD
-
Well if it breaks again… check you can resolve stuff via root nameservers. Unbound cannot work without those unless forwarding is enabled. Also, extremely weird why it'd be limited to .co TLD
The problem comes back randomly :-(
And I have changed ISP meantime. So this is not an ISP problem.
C:\Users\Fab>dig t.co ; <<>> DiG 9.10.1-P1 <<>> t.co ;; global options: +cmd ;; connection timed out; no servers could be reached C:\Users\Fab>dig co ; <<>> DiG 9.10.1-P1 <<>> co ;; global options: +cmd ;; connection timed out; no servers could be reached C:\Users\Fab>dig co. NS ; <<>> DiG 9.10.1-P1 <<>> co. NS ;; global options: +cmd ;; connection timed out; no servers could be reached C:\Users\Fab>dig co. SOA ; <<>> DiG 9.10.1-P1 <<>> co. SOA ;; global options: +cmd ;; connection timed out; no servers could be reached C:\Users\Fab>nslookup Address: 10.0.0.1 > set querytype=soa > root Default server : A.ROOT-SERVERS.NET Addresses: 2001:503:ba3e::2:30 198.41.0.4 > co. Serveur : A.ROOT-SERVERS.NET Addresses: 2001:503:ba3e::2:30 198.41.0.4 co nameserver = ns1.cctld.co co nameserver = ns2.cctld.co co nameserver = ns3.cctld.co co nameserver = ns4.cctld.co co nameserver = ns5.cctld.co co nameserver = ns6.cctld.co ns1.cctld.co internet address = 156.154.100.25 ns2.cctld.co internet address = 156.154.101.25 ns3.cctld.co internet address = 156.154.102.25 ns4.cctld.co internet address = 156.154.103.25 ns5.cctld.co internet address = 156.154.104.25 ns6.cctld.co internet address = 156.154.105.25 ns1.cctld.co AAAA IPv6 address = 2001:502:2eda::21 ns2.cctld.co AAAA IPv6 address = 2001:502:ad09::21 ns3.cctld.co AAAA IPv6 address = 2610:a1:1009::21 ns4.cctld.co AAAA IPv6 address = 2610:a1:1010::21 ns5.cctld.co AAAA IPv6 address = 2610:a1:1011::21 ns6.cctld.co AAAA IPv6 address = 2610:a1:1012::21Any idea?
thanks :)
-
Make sure you have "harden glue" enabled on the Advanced tab. If you don't, it might be possible for some malicious query reply to break a TLD.
-
@cmb:
Make sure you have "harden glue" enabled on the Advanced tab. If you don't, it might be possible for some malicious query reply to break a TLD.
I just activate "harden glue", and it works:-) Thanks!
But I do not understand what is this option. You can tell me more?