0

I am facing the issue of domain not resolving. below output explains the issue

username@username-nuc:~$ host mydomain.com
Host mydomain.com not found: 2(SERVFAIL)

username@username-nuc:~$ dig  mydomain.com

; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1345
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;mydomain.com.          IN  A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Feb 09 01:25:10 IST 2019
;; MSG SIZE  rcvd: 41

username@username-nuc:~$ dig +trace  mydomain.com

; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> +trace mydomain.com
;; global options: +cmd
;; Received 28 bytes from 127.0.0.53#53(127.0.0.53) in 0 ms

username@username-nuc:~$ dig +trace  mydomain.com A

; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> +trace mydomain.com A
;; global options: +cmd
;; Received 28 bytes from 127.0.0.53#53(127.0.0.53) in 0 ms

username@username-nuc:~$ nslookup mydomain.com
Server:     127.0.0.53
Address:    127.0.0.53#53

** server can't find mydomain.com: SERVFAIL

username@username-nuc:~$

Followings are the DNS configuration in aws Router 53. Please note that this domain was earlier hosted on godaddy and I transferred to aws (therefore now the domain is registered on aws Router 53).

aws Router 53 config

username@username-nuc:~$ dig mydomain.com +trace @1.1.1.1

; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> mydomain.com +trace @1.1.1.1
;; global options: +cmd
.           3601    IN  NS  i.root-servers.net.
.....
.           3601    IN  NS  h.root-servers.net.
.           3601    IN  RRSIG   NS 8 0 518400 20190221050000 20190208040000 16749 . <Some base64>
;; Received 717 bytes from 1.1.1.1#53(1.1.1.1) in 5 ms

com.            172800  IN  NS  a.gtld-servers.net.
......
com.            172800  IN  NS  m.gtld-servers.net.
com.            86400   IN  DS  30909 8 2 <SOME HEX> C41A5766
com.            86400   IN  RRSIG   DS 8 1 86400 20190221170000 20190208160000 16749 . <Some base64>
;; Received 1172 bytes from 193.0.14.129#53(k.root-servers.net) in 266 ms

mydomain.com.       172800  IN  NS  ns57.domaincontrol.com.
mydomain.com.       172800  IN  NS  ns58.domaincontrol.com.
<SOME HEX>.com. 86400 IN NSEC3 1 1 0 - <SOME HEX>  NS SOA RRSIG DNSKEY NSEC3PARAM
<SOME HEX>.com. 86400 IN RRSIG NSEC3 8 2 86400 20190212213240 20190205202240 16883 com. <Some base64>
<SOME HEX>.com. 86400 IN NSEC3 1 1 0 - <SOME HEX>  NS DS RRSIG
<SOME HEX>.com. 86400 IN RRSIG NSEC3 8 2 86400 20190215053919 20190208042919 16883 com. <Some base64>
;; Received 666 bytes from 192.52.178.30#53(k.gtld-servers.net) in 276 ms

;; Received 41 bytes from 97.74.108.29#53(ns57.domaincontrol.com) in 327 ms

username@username-nuc:~$
Mozaffar
  • 147
  • 2
  • 5
  • can you do `dig example.com +trace @1.1.1.1` – Dusan Bajic Feb 08 '19 at 20:32
  • @DusanBajic Added the output in the question itself. – Mozaffar Feb 08 '19 at 20:48
  • check if https://stackoverflow.com/a/35970555/1145196 helps – Dusan Bajic Feb 08 '19 at 21:00
  • 1) Use the true names, stop useless obfuscating that will just create a flow of back in forth in comments 2) Use online tools to troubleshoot: Zonemaster and DNSViz and 3) Since this is not related to programming, this is offtopic here. Look at [su] or [sf] but read their online help first to find if it is ontopic there. After a change of DNS hosting company the most probable cause is a lame delegation. – Patrick Mevzek Feb 08 '19 at 21:17
  • Also, `+trace` and `@` are mutually incompatible in dig: `+trace` starts from the root nameserver and does all the iteration one by one like any recursive nameserver would do, where `@` specifically ask a given (recursive or authoritative) nameserver for a question, and does no go further than that. – Patrick Mevzek Feb 08 '19 at 21:19
  • That is one bold statement... – Dusan Bajic Feb 08 '19 at 23:12
  • Thanks @DusanBajic stackoverflow.com/a/35970555/1145196 helped! – Mozaffar Feb 09 '19 at 04:02

1 Answers1

0

the workaround that worked for me: On Chrome settings>privacy and security> down to "Use secure DNS" select: "With your current service provider"

(originally it was set: "with google (public DNS)" apparently, for some reason google (public DNS) did not like my dot.ga domains

By the way, I had no problem with Android or fire-fox

Some further research reveals that the domain is not registered properly by the registrar

Raphael Wiener
  • 11
  • 3