Debugging DNS resolution error
Clash Royale CLAN TAG#URR8PPP
up vote
6
down vote
favorite
I'm debugging a DNS resolution error for the domain auth.otc.t-systems.com with Cloudflare's server, but got stuck. The strange thing is that the lookup succeeds/fails depending on the machine that runs the query, but I can't figure out where the configuration differs.
The failure is always with following message: server can't find auth.otc.t-systems.com: SERVFAIL
1.1.1.1 is Cloudflare's DNS.
What I've tried so far:
- Running
nslookup auth.otc.t-systems.com 1.1.1.1on various machines:- It fails on my machine with work & home internet (however it succeeds with Google's DNS in both cases).
- It fails on a colleagues machine with work internet.
- It succeeds in a ssh session to a remote server.
- Now I would assume that there is some strange configuration on our work internet, that causes the lookup to fail. However I don't know what I should look for and I've also found some online nslookup services that fail as well:
- Fails:
https://network-tools.com/nslook/Default.asp?domain=auth.otc.t-systems.com&type=1&server=1.1.1.1&class=1&port=53&timeout=5000&go.x=21&go.y=13 - Works: http://www.kloth.net/services/nslookup.php
- Fails:
Any hints how I can further debug this?
networking domain-name-system
asked 13 hours ago
Thomas Obermüller
1312
New contributor
Thomas Obermüller is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
6
down vote
favorite
I'm debugging a DNS resolution error for the domain auth.otc.t-systems.com with Cloudflare's server, but got stuck. The strange thing is that the lookup succeeds/fails depending on the machine that runs the query, but I can't figure out where the configuration differs.
The failure is always with following message: server can't find auth.otc.t-systems.com: SERVFAIL
1.1.1.1 is Cloudflare's DNS.
What I've tried so far:
- Running
nslookup auth.otc.t-systems.com 1.1.1.1on various machines:- It fails on my machine with work & home internet (however it succeeds with Google's DNS in both cases).
- It fails on a colleagues machine with work internet.
- It succeeds in a ssh session to a remote server.
- Now I would assume that there is some strange configuration on our work internet, that causes the lookup to fail. However I don't know what I should look for and I've also found some online nslookup services that fail as well:
- Fails:
https://network-tools.com/nslook/Default.asp?domain=auth.otc.t-systems.com&type=1&server=1.1.1.1&class=1&port=53&timeout=5000&go.x=21&go.y=13 - Works: http://www.kloth.net/services/nslookup.php
- Fails:
Any hints how I can further debug this?
networking domain-name-system
asked 13 hours ago
Thomas Obermüller
1312
New contributor
Thomas Obermüller is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
6
down vote
favorite
up vote
6
down vote
favorite
I'm debugging a DNS resolution error for the domain auth.otc.t-systems.com with Cloudflare's server, but got stuck. The strange thing is that the lookup succeeds/fails depending on the machine that runs the query, but I can't figure out where the configuration differs.
The failure is always with following message: server can't find auth.otc.t-systems.com: SERVFAIL
1.1.1.1 is Cloudflare's DNS.
What I've tried so far:
- Running
nslookup auth.otc.t-systems.com 1.1.1.1on various machines:- It fails on my machine with work & home internet (however it succeeds with Google's DNS in both cases).
- It fails on a colleagues machine with work internet.
- It succeeds in a ssh session to a remote server.
- Now I would assume that there is some strange configuration on our work internet, that causes the lookup to fail. However I don't know what I should look for and I've also found some online nslookup services that fail as well:
- Fails:
https://network-tools.com/nslook/Default.asp?domain=auth.otc.t-systems.com&type=1&server=1.1.1.1&class=1&port=53&timeout=5000&go.x=21&go.y=13 - Works: http://www.kloth.net/services/nslookup.php
- Fails:
Any hints how I can further debug this?
networking domain-name-system
asked 13 hours ago
Thomas Obermüller
1312
New contributor
Thomas Obermüller is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I'm debugging a DNS resolution error for the domain auth.otc.t-systems.com with Cloudflare's server, but got stuck. The strange thing is that the lookup succeeds/fails depending on the machine that runs the query, but I can't figure out where the configuration differs.
The failure is always with following message: server can't find auth.otc.t-systems.com: SERVFAIL
1.1.1.1 is Cloudflare's DNS.
What I've tried so far:
- Running
nslookup auth.otc.t-systems.com 1.1.1.1on various machines:- It fails on my machine with work & home internet (however it succeeds with Google's DNS in both cases).
- It fails on a colleagues machine with work internet.
- It succeeds in a ssh session to a remote server.
- Now I would assume that there is some strange configuration on our work internet, that causes the lookup to fail. However I don't know what I should look for and I've also found some online nslookup services that fail as well:
- Fails:
https://network-tools.com/nslook/Default.asp?domain=auth.otc.t-systems.com&type=1&server=1.1.1.1&class=1&port=53&timeout=5000&go.x=21&go.y=13 - Works: http://www.kloth.net/services/nslookup.php
- Fails:
Any hints how I can further debug this?
networking domain-name-system
networking domain-name-system
asked 13 hours ago
Thomas Obermüller
1312
New contributor
Thomas Obermüller is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 13 hours ago
Thomas Obermüller
1312
New contributor
Thomas Obermüller is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 13 hours ago
Thomas Obermüller
1312
New contributor
Thomas Obermüller is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 13 hours ago
Thomas Obermüller
1312
asked 13 hours ago
Thomas Obermüller
1312
1312
New contributor
Thomas Obermüller is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Thomas Obermüller is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Thomas Obermüller is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
4
down vote
Try using dig. Twenty years ago they tried to deprecate nslookup, but its firmly ingrained into muscle memory now and impossible to get rid of, but dig is far superior. For example.
dig +trace auth.otc.t-systems.com @1.1.1.1
Will trace the resolution fully for you, and you can see where they differ.
answered 13 hours ago
Sirch
4,40131530
Thanks, I didn't know that about nslookup. I've now tried the dig command and strangely it returns the correct ip on my machine. I've posted the output from the command on both my machine and the local machine here gist.github.com/thomas88/600d367387505a13223a5270c89eedda. Whatever dig does different, my browser (Chrome on Mac) seems to be more in line with nslookup - it can't resolve the address.
– Thomas Obermüller
13 hours ago
2
There isn't any reason to expect different results betweendigandnslookupfor this query. However since1.1.1.1is an anycast address the result can differ depending on which server the query end up being served by.
– kasperd
13 hours ago
Chrome, being a web client might be redirecting you. Does the http header ... curl -I <the web page youre trying to get to> reveal anything about forwarding?
– Sirch
12 hours ago
What's the point of using both+traceand@1.1.1.1? Are you sure you understand how these options work together?
– Barmar
6 hours ago
add a comment |Â
up vote
1
down vote
Network people have used for ages 1.1.1.1 as a replacement to another private address in random interfaces of switches/routers APs. (I am myself on a location at this moment where the public facing IP adress of the hundreds of wireless APs is 1.1.1.1 )
I bet my money in the machines you are not able to talk to Cloufare's 1.1.1.1 that you have an (imtermediate) route there for such interface.
For instance, in my case, 1.1.1.1 is giving me my IP address:
$ sudo tcpdump -i any -n host 1.1.1.1 and port 67
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
13:11:51.037186 IP 1.1.1.1.67 > 10.x.x.x.68: BOOTP/DHCP, Reply, length 296
13:11:51.037250 IP 1.1.1.1.67 > 10.x.x.x.68: BOOTP/DHCP, Reply, length 296
answered 10 hours ago
Rui F Ribeiro
17418
2
This is why RFC 3849 and RFC 5737 have to be rigorously enforced.
– kasperd
10 hours ago
1
"Too low" is a tricky basis for determining anything, though. Cloudflare have a lot of PoPs.64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=1.30 msis my RTT to the real thing.
– Håkan Lindqvist
10 hours ago
@HÃ¥kanLindqvist Your value does seem a too low delay for an external connection....but yeah, not a reliable metric.
– Rui F Ribeiro
10 hours ago
@RuiFRibeiro Latency seems about right for same-city connectivity with no high-latency link involved. (Traceroute shows 4 addresses within my ISP, a Cloudflare address at an internet exchange in my city, then 1.1.1.1.)
– Håkan Lindqvist
9 hours ago
It seems that I can reach the Cloudflare DNS, only it fails for the domain for me. I've run nslookup forauth.otc.t-systems.comandserverfault.com. Here's the result from tcpdump: gist.github.com/thomas88/03acc781f45c9427863b1876c75acb4d
– Thomas Obermüller
9 hours ago
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
Try using dig. Twenty years ago they tried to deprecate nslookup, but its firmly ingrained into muscle memory now and impossible to get rid of, but dig is far superior. For example.
dig +trace auth.otc.t-systems.com @1.1.1.1
Will trace the resolution fully for you, and you can see where they differ.
answered 13 hours ago
Sirch
4,40131530
Thanks, I didn't know that about nslookup. I've now tried the dig command and strangely it returns the correct ip on my machine. I've posted the output from the command on both my machine and the local machine here gist.github.com/thomas88/600d367387505a13223a5270c89eedda. Whatever dig does different, my browser (Chrome on Mac) seems to be more in line with nslookup - it can't resolve the address.
– Thomas Obermüller
13 hours ago
2
There isn't any reason to expect different results betweendigandnslookupfor this query. However since1.1.1.1is an anycast address the result can differ depending on which server the query end up being served by.
– kasperd
13 hours ago
Chrome, being a web client might be redirecting you. Does the http header ... curl -I <the web page youre trying to get to> reveal anything about forwarding?
– Sirch
12 hours ago
What's the point of using both+traceand@1.1.1.1? Are you sure you understand how these options work together?
– Barmar
6 hours ago
add a comment |Â
up vote
4
down vote
Try using dig. Twenty years ago they tried to deprecate nslookup, but its firmly ingrained into muscle memory now and impossible to get rid of, but dig is far superior. For example.
dig +trace auth.otc.t-systems.com @1.1.1.1
Will trace the resolution fully for you, and you can see where they differ.
answered 13 hours ago
Sirch
4,40131530
Thanks, I didn't know that about nslookup. I've now tried the dig command and strangely it returns the correct ip on my machine. I've posted the output from the command on both my machine and the local machine here gist.github.com/thomas88/600d367387505a13223a5270c89eedda. Whatever dig does different, my browser (Chrome on Mac) seems to be more in line with nslookup - it can't resolve the address.
– Thomas Obermüller
13 hours ago
2
There isn't any reason to expect different results betweendigandnslookupfor this query. However since1.1.1.1is an anycast address the result can differ depending on which server the query end up being served by.
– kasperd
13 hours ago
Chrome, being a web client might be redirecting you. Does the http header ... curl -I <the web page youre trying to get to> reveal anything about forwarding?
– Sirch
12 hours ago
What's the point of using both+traceand@1.1.1.1? Are you sure you understand how these options work together?
– Barmar
6 hours ago
add a comment |Â
up vote
4
down vote
up vote
4
down vote
Try using dig. Twenty years ago they tried to deprecate nslookup, but its firmly ingrained into muscle memory now and impossible to get rid of, but dig is far superior. For example.
dig +trace auth.otc.t-systems.com @1.1.1.1
Will trace the resolution fully for you, and you can see where they differ.
answered 13 hours ago
Sirch
4,40131530
Try using dig. Twenty years ago they tried to deprecate nslookup, but its firmly ingrained into muscle memory now and impossible to get rid of, but dig is far superior. For example.
dig +trace auth.otc.t-systems.com @1.1.1.1
Will trace the resolution fully for you, and you can see where they differ.
answered 13 hours ago
Sirch
4,40131530
answered 13 hours ago
Sirch
4,40131530
answered 13 hours ago
Sirch
4,40131530
answered 13 hours ago
Sirch
4,40131530
4,40131530
Thanks, I didn't know that about nslookup. I've now tried the dig command and strangely it returns the correct ip on my machine. I've posted the output from the command on both my machine and the local machine here gist.github.com/thomas88/600d367387505a13223a5270c89eedda. Whatever dig does different, my browser (Chrome on Mac) seems to be more in line with nslookup - it can't resolve the address.
– Thomas Obermüller
13 hours ago
2
There isn't any reason to expect different results betweendigandnslookupfor this query. However since1.1.1.1is an anycast address the result can differ depending on which server the query end up being served by.
– kasperd
13 hours ago
Chrome, being a web client might be redirecting you. Does the http header ... curl -I <the web page youre trying to get to> reveal anything about forwarding?
– Sirch
12 hours ago
What's the point of using both+traceand@1.1.1.1? Are you sure you understand how these options work together?
– Barmar
6 hours ago
add a comment |Â
Thanks, I didn't know that about nslookup. I've now tried the dig command and strangely it returns the correct ip on my machine. I've posted the output from the command on both my machine and the local machine here gist.github.com/thomas88/600d367387505a13223a5270c89eedda. Whatever dig does different, my browser (Chrome on Mac) seems to be more in line with nslookup - it can't resolve the address.
– Thomas Obermüller
13 hours ago
2
There isn't any reason to expect different results betweendigandnslookupfor this query. However since1.1.1.1is an anycast address the result can differ depending on which server the query end up being served by.
– kasperd
13 hours ago
Chrome, being a web client might be redirecting you. Does the http header ... curl -I <the web page youre trying to get to> reveal anything about forwarding?
– Sirch
12 hours ago
What's the point of using both+traceand@1.1.1.1? Are you sure you understand how these options work together?
– Barmar
6 hours ago
Thanks, I didn't know that about nslookup. I've now tried the dig command and strangely it returns the correct ip on my machine. I've posted the output from the command on both my machine and the local machine here gist.github.com/thomas88/600d367387505a13223a5270c89eedda. Whatever dig does different, my browser (Chrome on Mac) seems to be more in line with nslookup - it can't resolve the address.
– Thomas Obermüller
13 hours ago
Thanks, I didn't know that about nslookup. I've now tried the dig command and strangely it returns the correct ip on my machine. I've posted the output from the command on both my machine and the local machine here gist.github.com/thomas88/600d367387505a13223a5270c89eedda. Whatever dig does different, my browser (Chrome on Mac) seems to be more in line with nslookup - it can't resolve the address.
– Thomas Obermüller
13 hours ago
2
2
There isn't any reason to expect different results between
dig and nslookup for this query. However since 1.1.1.1 is an anycast address the result can differ depending on which server the query end up being served by.– kasperd
13 hours ago
There isn't any reason to expect different results between
dig and nslookup for this query. However since 1.1.1.1 is an anycast address the result can differ depending on which server the query end up being served by.– kasperd
13 hours ago
Chrome, being a web client might be redirecting you. Does the http header ... curl -I <the web page youre trying to get to> reveal anything about forwarding?
– Sirch
12 hours ago
Chrome, being a web client might be redirecting you. Does the http header ... curl -I <the web page youre trying to get to> reveal anything about forwarding?
– Sirch
12 hours ago
What's the point of using both
+trace and @1.1.1.1? Are you sure you understand how these options work together?– Barmar
6 hours ago
What's the point of using both
+trace and @1.1.1.1? Are you sure you understand how these options work together?– Barmar
6 hours ago
add a comment |Â
up vote
1
down vote
Network people have used for ages 1.1.1.1 as a replacement to another private address in random interfaces of switches/routers APs. (I am myself on a location at this moment where the public facing IP adress of the hundreds of wireless APs is 1.1.1.1 )
I bet my money in the machines you are not able to talk to Cloufare's 1.1.1.1 that you have an (imtermediate) route there for such interface.
For instance, in my case, 1.1.1.1 is giving me my IP address:
$ sudo tcpdump -i any -n host 1.1.1.1 and port 67
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
13:11:51.037186 IP 1.1.1.1.67 > 10.x.x.x.68: BOOTP/DHCP, Reply, length 296
13:11:51.037250 IP 1.1.1.1.67 > 10.x.x.x.68: BOOTP/DHCP, Reply, length 296
answered 10 hours ago
Rui F Ribeiro
17418
2
This is why RFC 3849 and RFC 5737 have to be rigorously enforced.
– kasperd
10 hours ago
1
"Too low" is a tricky basis for determining anything, though. Cloudflare have a lot of PoPs.64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=1.30 msis my RTT to the real thing.
– Håkan Lindqvist
10 hours ago
@HÃ¥kanLindqvist Your value does seem a too low delay for an external connection....but yeah, not a reliable metric.
– Rui F Ribeiro
10 hours ago
@RuiFRibeiro Latency seems about right for same-city connectivity with no high-latency link involved. (Traceroute shows 4 addresses within my ISP, a Cloudflare address at an internet exchange in my city, then 1.1.1.1.)
– Håkan Lindqvist
9 hours ago
It seems that I can reach the Cloudflare DNS, only it fails for the domain for me. I've run nslookup forauth.otc.t-systems.comandserverfault.com. Here's the result from tcpdump: gist.github.com/thomas88/03acc781f45c9427863b1876c75acb4d
– Thomas Obermüller
9 hours ago
add a comment |Â
up vote
1
down vote
Network people have used for ages 1.1.1.1 as a replacement to another private address in random interfaces of switches/routers APs. (I am myself on a location at this moment where the public facing IP adress of the hundreds of wireless APs is 1.1.1.1 )
I bet my money in the machines you are not able to talk to Cloufare's 1.1.1.1 that you have an (imtermediate) route there for such interface.
For instance, in my case, 1.1.1.1 is giving me my IP address:
$ sudo tcpdump -i any -n host 1.1.1.1 and port 67
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
13:11:51.037186 IP 1.1.1.1.67 > 10.x.x.x.68: BOOTP/DHCP, Reply, length 296
13:11:51.037250 IP 1.1.1.1.67 > 10.x.x.x.68: BOOTP/DHCP, Reply, length 296
answered 10 hours ago
Rui F Ribeiro
17418
2
This is why RFC 3849 and RFC 5737 have to be rigorously enforced.
– kasperd
10 hours ago
1
"Too low" is a tricky basis for determining anything, though. Cloudflare have a lot of PoPs.64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=1.30 msis my RTT to the real thing.
– Håkan Lindqvist
10 hours ago
@HÃ¥kanLindqvist Your value does seem a too low delay for an external connection....but yeah, not a reliable metric.
– Rui F Ribeiro
10 hours ago
@RuiFRibeiro Latency seems about right for same-city connectivity with no high-latency link involved. (Traceroute shows 4 addresses within my ISP, a Cloudflare address at an internet exchange in my city, then 1.1.1.1.)
– Håkan Lindqvist
9 hours ago
It seems that I can reach the Cloudflare DNS, only it fails for the domain for me. I've run nslookup forauth.otc.t-systems.comandserverfault.com. Here's the result from tcpdump: gist.github.com/thomas88/03acc781f45c9427863b1876c75acb4d
– Thomas Obermüller
9 hours ago
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Network people have used for ages 1.1.1.1 as a replacement to another private address in random interfaces of switches/routers APs. (I am myself on a location at this moment where the public facing IP adress of the hundreds of wireless APs is 1.1.1.1 )
I bet my money in the machines you are not able to talk to Cloufare's 1.1.1.1 that you have an (imtermediate) route there for such interface.
For instance, in my case, 1.1.1.1 is giving me my IP address:
$ sudo tcpdump -i any -n host 1.1.1.1 and port 67
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
13:11:51.037186 IP 1.1.1.1.67 > 10.x.x.x.68: BOOTP/DHCP, Reply, length 296
13:11:51.037250 IP 1.1.1.1.67 > 10.x.x.x.68: BOOTP/DHCP, Reply, length 296
answered 10 hours ago
Rui F Ribeiro
17418
Network people have used for ages 1.1.1.1 as a replacement to another private address in random interfaces of switches/routers APs. (I am myself on a location at this moment where the public facing IP adress of the hundreds of wireless APs is 1.1.1.1 )
I bet my money in the machines you are not able to talk to Cloufare's 1.1.1.1 that you have an (imtermediate) route there for such interface.
For instance, in my case, 1.1.1.1 is giving me my IP address:
$ sudo tcpdump -i any -n host 1.1.1.1 and port 67
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
13:11:51.037186 IP 1.1.1.1.67 > 10.x.x.x.68: BOOTP/DHCP, Reply, length 296
13:11:51.037250 IP 1.1.1.1.67 > 10.x.x.x.68: BOOTP/DHCP, Reply, length 296
answered 10 hours ago
Rui F Ribeiro
17418
edited 10 hours ago
answered 10 hours ago
Rui F Ribeiro
17418
answered 10 hours ago
Rui F Ribeiro
17418
answered 10 hours ago
Rui F Ribeiro
17418
17418
2
This is why RFC 3849 and RFC 5737 have to be rigorously enforced.
– kasperd
10 hours ago
1
"Too low" is a tricky basis for determining anything, though. Cloudflare have a lot of PoPs.64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=1.30 msis my RTT to the real thing.
– Håkan Lindqvist
10 hours ago
@HÃ¥kanLindqvist Your value does seem a too low delay for an external connection....but yeah, not a reliable metric.
– Rui F Ribeiro
10 hours ago
@RuiFRibeiro Latency seems about right for same-city connectivity with no high-latency link involved. (Traceroute shows 4 addresses within my ISP, a Cloudflare address at an internet exchange in my city, then 1.1.1.1.)
– Håkan Lindqvist
9 hours ago
It seems that I can reach the Cloudflare DNS, only it fails for the domain for me. I've run nslookup forauth.otc.t-systems.comandserverfault.com. Here's the result from tcpdump: gist.github.com/thomas88/03acc781f45c9427863b1876c75acb4d
– Thomas Obermüller
9 hours ago
add a comment |Â
2
This is why RFC 3849 and RFC 5737 have to be rigorously enforced.
– kasperd
10 hours ago
1
"Too low" is a tricky basis for determining anything, though. Cloudflare have a lot of PoPs.64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=1.30 msis my RTT to the real thing.
– Håkan Lindqvist
10 hours ago
@HÃ¥kanLindqvist Your value does seem a too low delay for an external connection....but yeah, not a reliable metric.
– Rui F Ribeiro
10 hours ago
@RuiFRibeiro Latency seems about right for same-city connectivity with no high-latency link involved. (Traceroute shows 4 addresses within my ISP, a Cloudflare address at an internet exchange in my city, then 1.1.1.1.)
– Håkan Lindqvist
9 hours ago
It seems that I can reach the Cloudflare DNS, only it fails for the domain for me. I've run nslookup forauth.otc.t-systems.comandserverfault.com. Here's the result from tcpdump: gist.github.com/thomas88/03acc781f45c9427863b1876c75acb4d
– Thomas Obermüller
9 hours ago
2
2
This is why RFC 3849 and RFC 5737 have to be rigorously enforced.
– kasperd
10 hours ago
This is why RFC 3849 and RFC 5737 have to be rigorously enforced.
– kasperd
10 hours ago
1
1
"Too low" is a tricky basis for determining anything, though. Cloudflare have a lot of PoPs.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=1.30 ms is my RTT to the real thing.– Håkan Lindqvist
10 hours ago
"Too low" is a tricky basis for determining anything, though. Cloudflare have a lot of PoPs.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=1.30 ms is my RTT to the real thing.– Håkan Lindqvist
10 hours ago
@HÃ¥kanLindqvist Your value does seem a too low delay for an external connection....but yeah, not a reliable metric.
– Rui F Ribeiro
10 hours ago
@HÃ¥kanLindqvist Your value does seem a too low delay for an external connection....but yeah, not a reliable metric.
– Rui F Ribeiro
10 hours ago
@RuiFRibeiro Latency seems about right for same-city connectivity with no high-latency link involved. (Traceroute shows 4 addresses within my ISP, a Cloudflare address at an internet exchange in my city, then 1.1.1.1.)
– Håkan Lindqvist
9 hours ago
@RuiFRibeiro Latency seems about right for same-city connectivity with no high-latency link involved. (Traceroute shows 4 addresses within my ISP, a Cloudflare address at an internet exchange in my city, then 1.1.1.1.)
– Håkan Lindqvist
9 hours ago
It seems that I can reach the Cloudflare DNS, only it fails for the domain for me. I've run nslookup for
auth.otc.t-systems.com and serverfault.com. Here's the result from tcpdump: gist.github.com/thomas88/03acc781f45c9427863b1876c75acb4d– Thomas Obermüller
9 hours ago
It seems that I can reach the Cloudflare DNS, only it fails for the domain for me. I've run nslookup for
auth.otc.t-systems.com and serverfault.com. Here's the result from tcpdump: gist.github.com/thomas88/03acc781f45c9427863b1876c75acb4d– Thomas Obermüller
9 hours ago
add a comment |Â
Thomas Obermüller is a new contributor. Be nice, and check out our Code of Conduct.
Â
draft saved
draft discarded
Thomas Obermüller is a new contributor. Be nice, and check out our Code of Conduct.
Thomas Obermüller is a new contributor. Be nice, and check out our Code of Conduct.
Thomas Obermüller is a new contributor. Be nice, and check out our Code of Conduct.
Â
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f934624%2fdebugging-dns-resolution-error%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
