What's new

.tk doman not forwarding when using DoT ?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

RejZoR

Regular Contributor
I'm having this weird problem that I can't figure out why it's happening and would appreciate explanation for it.

My domain www.rejzor.tk is not working if I'm using DoT with Cloudflare on my RT-AC87U. If I disable DoT, www.rejzor.tk resolves normally and loads up my rejzor.wordpress.com page (it's just HTTP (301) redirection, not a proper full fledged domain). I've also tried switching Strict and opportunistic modes and it's the same result. Page straight up instantly fails to resolve. Disabling DoT and everything with it works fine again.

Why is EVERYTHING else working fine, except this .tk domain?
 
Try Quad9 , your site works fine for me using DOT and Quad9. My experience of anything Cloudflare is basically terrible.
 
No problems with cleanbrowsing and your domain

Sent from my SM-T805 using Tapatalk
 
Try Quad9 , your site works fine for me using DOT and Quad9. My experience of anything Cloudflare is basically terrible.

Tried Quad9 and it's failing to resolve whole bunch of webpages randomly and when you persistently click refresh it finally loads them. The same way NextDNS behaved and Merlin said the issue is with Stubby that doesn't like it. Seems Quad9 has same problem. Cloudflare never.

Cloudflare only seems to know how to resolve rejzor.tk, and not www.rejzor.tk.

Any idea why this is? What's the catch it works with one but not the other?
 
Tried Quad9 and it's failing to resolve whole bunch of webpages randomly and when you persistently click refresh it finally loads them. ....... Seems Quad9 has same problem.

Well seems like you have a deeper problem with your setup.

DOT and Quad9 work fine here , no problems with any sites at all.
 
Any idea why this is? What's the catch it works with one but not the other?
I'm not the best person to answer about publishing DNS records, but it's something weird (to me) because dig gives a SERVFAIL not even an NXDOMAIN.
Code:
# dig rejzor.tk @1.1.1.1

; <<>> DiG 9.14.4 <<>> rejzor.tk @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41035
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;rejzor.tk.                     IN      A

;; ANSWER SECTION:
rejzor.tk.              300     IN      A       195.20.41.88

;; Query time: 112 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Nov 10 13:55:47 EST 2019
;; MSG SIZE  rcvd: 54

# dig www.rejzor.tk @1.1.1.1

; <<>> DiG 9.14.4 <<>> www.rejzor.tk @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20464
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;www.rejzor.tk.                 IN      A

;; Query time: 2706 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Nov 10 13:56:17 EST 2019
;; MSG SIZE  rcvd: 42

# dig www.rejzor.tk @9.9.9.9

; <<>> DiG 9.14.4 <<>> www.rejzor.tk @9.9.9.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 962
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.rejzor.tk.                 IN      A

;; ANSWER SECTION:
www.rejzor.tk.          300     IN      CNAME   rejzor.tk.
rejzor.tk.              300     IN      A       195.20.41.88

;; Query time: 1291 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Sun Nov 10 13:57:43 EST 2019
;; MSG SIZE  rcvd: 72
 
Two times a dig with some seconds between them, the first one fails, but the second one gives an answer. I am using DoT with Quad9.
Code:
admin@AC86U:/tmp/home/root# dig www.rejzor.tk

; <<>> DiG 9.14.4 <<>> www.rejzor.tk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 9085
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.rejzor.tk.                 IN      A

;; Query time: 290 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Nov 10 20:46:49 CET 2019
;; MSG SIZE  rcvd: 31

admin@AC86U:/tmp/home/root# dig www.rejzor.tk

; <<>> DiG 9.14.4 <<>> www.rejzor.tk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61754
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.rejzor.tk.                 IN      A

;; ANSWER SECTION:
www.rejzor.tk.          300     IN      CNAME   rejzor.tk.
rejzor.tk.              300     IN      A       195.20.41.88

;; Query time: 78 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Nov 10 20:48:16 CET 2019
;; MSG SIZE  rcvd: 103
 
Similar problem here. It's looks like its unrelated to DNS resolver and DNS query. But I never digged into this topic.
Two times a dig with some seconds between them, the first one fails, but the second one gives an answer. I am using DoT with Quad9.
Code:
admin@AC86U:/tmp/home/root# dig www.rejzor.tk

; <<>> DiG 9.14.4 <<>> www.rejzor.tk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 9085
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.rejzor.tk.                 IN      A

;; Query time: 290 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Nov 10 20:46:49 CET 2019
;; MSG SIZE  rcvd: 31

admin@AC86U:/tmp/home/root# dig www.rejzor.tk

; <<>> DiG 9.14.4 <<>> www.rejzor.tk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61754
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.rejzor.tk.                 IN      A

;; ANSWER SECTION:
www.rejzor.tk.          300     IN      CNAME   rejzor.tk.
rejzor.tk.              300     IN      A       195.20.41.88

;; Query time: 78 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Nov 10 20:48:16 CET 2019
;; MSG SIZE  rcvd: 103

Sent from my SM-T805 using Tapatalk
 
My domain www.rejzor.tk is not working if I'm using DoT with Cloudflare on my RT-AC87U. If I disable DoT, www.rejzor.tk resolves normally and loads up my rejzor.wordpress.com page (it's just HTTP (301) redirection, not a proper full fledged domain). I've also tried switching Strict and opportunistic modes and it's the same result. Page straight up instantly fails to resolve. Disabling DoT and everything with it works fine again.

Seems to work fine here...

Code:
$ dig www.rejzor.tk
; <<>> DiG 9.10.6 <<>> www.rejzor.tk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49803
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.rejzor.tk. IN A

;; ANSWER SECTION:
www.rejzor.tk. 299 IN CNAME rejzor.tk.
rejzor.tk. 299 IN A 195.20.41.88

;; Query time: 2152 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Nov 10 17:52:27 PST 2019
;; MSG SIZE  rcvd: 72
 
Something is wrong with that domain. DNSSEC Validator reports that half of its root servers have a different serial, and a separate DNS validator says that it cannot find the authoritative nameservers for the domain. This seems to be confirmed by dig - there are no NS records for that domain:

Code:
merlin@ubuntu-dev:~$ dig rejzor.tk ns

; <<>> DiG 9.11.3-1ubuntu1.9-Ubuntu <<>> rejzor.tk ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28446
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;rejzor.tk.            IN    NS

;; Query time: 856 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Nov 11 09:32:31 EST 2019
;; MSG SIZE  rcvd: 38
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top