All,
Could someone from Google public DNS and from GoDaddy contact me off-list?
I'm getting SERVFAIL when trying to resolve any record in any domain whose NSs are pdns01.domaincontrol.com/pdns02.domaincontrol.com/pdns05.domaincontrol.com/pdns06.domaincontrol.com (GoDaddy premium DNS), only when using Google's 8.8.8.8 / 8.8.4.4 resolvers, from multiple locations/networks.
Resolution is normal using various other public and non-public resolvers, as well as by querying the authoritative name servers directly.
You can look at targetly.co as one example (should be just an A record to 184.168.221.38 but getting SERVFAIL when querying 8.8.8.8).
Thanks
a message of 25 lines which said:
I'm getting SERVFAIL when trying to resolve any record in any domain
whose NSs are pdns01.domaincontrol.com/pdns02.domaincontrol.com/pdns05.domaincontrol.com/pdns06.domaincontrol.com
(GoDaddy premium DNS), only when using Google's 8.8.8.8 / 8.8.4.4
resolvers, from multiple locations/networks.
Since Google Public DNS validates, and Go Daddy supports DNSSEC, it
would be useful to test with dig +cd (Checking Disabled) to determine
if it is a DNSSEC problem or not.
You can look at targetly.co as one example (should be just an A
record to 184.168.221.38 but getting SERVFAIL when querying
8.8.8.8).
Works for me
% dig @8.8.8.8 a targetly.co
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @8.8.8.8 a targetly.co
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4056
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;targetly.co. IN A
;; ANSWER SECTION:
targetly.co. 242 IN A 184.168.221.38
;; Query time: 67 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Dec 7 18:07:58 2014
;; MSG SIZE rcvd: 56
Agree on blendive.com and blendedperspectives.com
Not sure how to identify which chunk of google is failing, but here's a trace
for a nonworking query on the above domains:
5. 209.85.241.127
6. google-public-dns-a.google.com
(thru TorIX thus the short path).
EC2 east is succesful (but I cant trace easily, client restrictions in place
grumble).
blendive.com name server pdns04.domaincontrol.com.
blendive.com name server pdns03.domaincontrol.com.
/kc
Since Google Public DNS validates, and Go Daddy supports DNSSEC, it
would be useful to test with dig +cd (Checking Disabled) to determine
if it is a DNSSEC problem or not.
Tried, still SERVFAIL. I succeeds with +trace though...
You can look at targetly.co as one example (should be just an A
record to 184.168.221.38 but getting SERVFAIL when querying
8.8.8.8).
Works for me
Maybe a geo-specific issue then, which is even more weird, because it's still not working for me from two different ASs, though both in Toronto, and a traceroute makes it appear like they're not hitting the same nodes (but maybe they are).
What's even more weird is I can actually resolve one domain, startupong.com, but still not targetly.co and others.
Maybe a geo-specific issue then, which is even more weird, because it's
still not working for me from two different ASs, though both in Toronto,
and a traceroute makes it appear like they're not hitting the same nodes
(but maybe they are).
What's even more weird is I can actually resolve one domain,
startupong.com, but still not targetly.co and others.
Last time we had weird DNS issues with GoDaddy, it was dependent on the
querying IP address due to load-balancing issues on their side. Try issuing
queries from even and odd IP addresses to see if that makes any difference.
Rubens
it just started working properly I think. yes, tested from 6 even and odd ips
on 3 different AS's (that all go through Torix though).
/kc
Nope, it's just super intermittent now...it resolved once and cached it apparently, but still SERVFAIL most of the time if you try repeatedly...
Try uberflip.net too.
Just failed for me, too. Traceroute suggests I'm testing against Google in
Chicago.
10 27 ms 24 ms 24 ms ae5.cr1.ord2.us.above.net [64.125.30.89]
11 29 ms 49 ms 25 ms ae4.er1.ord7.us.above.net [64.125.28.50]
12 30 ms 25 ms 25 ms 72.14.217.53
13 34 ms 32 ms 26 ms 209.85.243.99
14 26 ms 25 ms 25 ms google-public-dns-a.google.com [8.8.8.8]
C:\Users\Frank Bulk>dig @8.8.8.8 a targetly.co
; <<>> DiG 9.8.0-P1 <<>> @8.8.8.8 a targetly.co
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47892
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;targetly.co. IN A
;; Query time: 2077 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Dec 07 12:10:22 2014
;; MSG SIZE rcvd: 29
C:\Users\Frank Bulk>
Heh...when it succeeds for me sometimes now, if I do it repeatedly, I can see two different TTL sets each time, so I know I'm hitting at least two nodes / sets of nodes...
One of my traceroutes from 151 Front suggests the node is in the building, as the latency is well under 1ms.
FWIW, in the past GoDaddy has periodically blocked queries from Google
Public DNS infrastructure. Heavily discussed and documented here:
https://groups.google.com/forum/#!searchin/public-dns-discuss/godaddy
-Jim P.
from that, if this is to be believed:
"GoDaddy's two nameservers ns29.domaincontrol.com and ns30.domaincontrol.com
have been blocking Google Public DNS. We contacted GoDaddy and they have
lifted the blockage. The issue has resolved."
then it's godaddy.
Godaddy: comments?
/kc