Turris forwarding not working over CZ.NIC

Hi, I have tried to forward DNS over TLS by using CZ.NIC but it could not resolved any DNS query, but when I switch into Cloudflare everything works. Is CZ.NIC DNS over TLS not yet ready?

Edit: I have restarted: /etc/init.d/resolver service manually, still same.

Ah, yes, I can still reproduce this problem. I’m sorry, I’ve been busy with more urgent things. CZ thread.

For now I suggest you use some other option.

Its not a problem at all, I was just wondering, you know :grin:… As CZ.NIC server should be more close to me, I’m from Czech (ahoj), so it should be quicker I guess (in the future)?

Ahoj :slight_smile: I get DNS replies from to Prague under one millisecond. This connection failure to the cz.nic servers only happens from some networks.

Well, thats weird… Some networks are blocking it? Just curiouse…
My ISP is Poda, btw.

It is weird. I can reproduce it from my “personal” ISP (StarNet) over IPv4 – TCP SYN packets go without any reply, but with IPv6 all works and TCPv4 on different ports than 853 also works :man_shrugging:

Oops – I forgot to update this thread. Indeed the old addresses of cz.nic resolvers aren’t reachable on port 853 from some networks. In April we announced new implementation on different addresses (for other reasons; CZ blog post) and the Turris option in Foris had been switched to those (since 3.11.5, I believe). These new addresses have never been found to experience such problems.

1 Like