Some DNS queries fail

Mjanssen · June 8, 2024, 3:25pm

I have a very strange issue with my Turris.

DNS queries for some domains, always fail, even though my upstream DNS servers (8.8.8.8 and 1.1.1.1) resolve them without issues.

See example below:

root@turris:~# dig swr.cloud.blackmagicdesign.com.cdn.cloudflare.net
;; communications error to 127.0.0.1#53: timed out

; <<>> DiG 9.18.24 <<>> swr.cloud.blackmagicdesign.com.cdn.cloudflare.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20199
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 12 (NSEC Missing): (V5T7: forwarded EDE code)
;; QUESTION SECTION:
;swr.cloud.blackmagicdesign.com.cdn.cloudflare.net. IN A

;; Query time: 3190 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 08 17:01:54 CEST 2024
;; MSG SIZE  rcvd: 108

root@turris:~# dig @8.8.8.8 swr.cloud.blackmagicdesign.com.cdn.cloudflare.net

; <<>> DiG 9.18.24 <<>> @8.8.8.8 swr.cloud.blackmagicdesign.com.cdn.cloudflare.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54971
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;swr.cloud.blackmagicdesign.com.cdn.cloudflare.net. IN A

;; ANSWER SECTION:
swr.cloud.blackmagicdesign.com.cdn.cloudflare.net. 300 IN A 104.18.37.140
swr.cloud.blackmagicdesign.com.cdn.cloudflare.net. 300 IN A 172.64.150.116

;; Query time: 40 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Sat Jun 08 17:02:14 CEST 2024
;; MSG SIZE  rcvd: 110

Other DNS queries do not time out.

root@turris:~# dig turris.cz

; <<>> DiG 9.18.24 <<>> turris.cz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15318
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;turris.cz.                     IN      A

;; ANSWER SECTION:
turris.cz.              1800    IN      A       217.31.192.69

;; Query time: 130 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jun 08 17:13:30 CEST 2024
;; MSG SIZE  rcvd: 54

This is not temporary and it’s always the same hosts, Even restarting the Turris doesn’t solve it. Not even temporary.

I do have a specifc DNS setup, which resolves my home network over a VPN tunnel, which still works great (Using DNS server at home over WireGuard when abroad)

I can’t seem to find anything in the logs, or I am looking in the wrong place.

All software packages are up-to-date and I am running TurrisOS 7.0.0 3547565f245479dc1643ea66828f.

Hopefully one of you is able to help me troubleshoot and fix this.

Regards,

Martijn

vcunat · June 8, 2024, 5:02pm

Please don’t use Google as target for forwarding from Turris / Knot Resolver. They have a bug that’s affecting us, breaking many names (e.g. probably all Cloudflare-hosted names): Google Issue Tracker

Mjanssen · June 9, 2024, 11:42am

Wow. Didn’t think that such an issue would exist, but changing my DNS forwarders to Cloudflare, fixed the issue.

Thanks!

ljelinek · June 10, 2024, 7:26am

This has been already mentioned in our documentation.

Mjanssen · June 12, 2024, 9:12am

I see that now. But it has been working well for a long time and as I use the router only when travelling, I didn’t notice earlier.

system · June 15, 2024, 9:12am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.