Sonic DNS Servers are not resolving paypal.com

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
11 posts Page 1 of 2
by roughingit » Wed Apr 24, 2019 11:36 am
This is an interesting problem I've run into. We have sonic.net VDSL service, with windows machines using our pfsense router for DNS queries, which get resolved to Sonic DNS servers: 208.201.224.11 and 208.201.224.33. Our workers have not been able to reach http://www.paypal.com for the last few days, on both our Windows machines and smartphones through wifi. Tried both Chrome and Firefox. Chome fails with this message: DNS_PROBE_FINISHED_NXDOMAIN. No problem reaching over mobile data.

In windows, if I set the DNS server explicitly to google (8.8.8.8), paypal resolves without a problem. On a linode server I host, I when I do nslookup to sonic dns servers, it responds with REFUSED, but is OK for other DNS servers (see attachment).

Attachments

by drew.phillips » Wed Apr 24, 2019 12:04 pm
Are you still experiencing this issue? At the moment, I am seeing all of our DNS servers resolving paypal.com correctly.

Our DNS servers refuse queries from outside the network for domains we are not authoritative for. This means that you will not get an answer if you try to resolve paypal.com from Linode, or any other ISP.

On any of the Windows machines, does running "nslookup paypal.com 208.201.224.11" return an answer? If possible, try flushing the DNS cache on the pfSense router and see if that helps.
Drew Phillips
Programmer / System Operations, Sonic.net
by roughingit » Wed Apr 24, 2019 12:58 pm
Hi thanks for that. Looks to be a pfsense / DNSSEC issue, and not sonic issue.
by drew.phillips » Wed Apr 24, 2019 1:03 pm
You're welcome! If we can help in any other way, don't hesitate to ask.
Drew Phillips
Programmer / System Operations, Sonic.net
by roughingit » Wed Apr 24, 2019 1:11 pm
Actually, some more weirdness. When I set pfsense dns servers to google (8.8.8.8), pfsense resolves paypal without issue, running "nslookup http://www.paypal.com 192.168.1.2" (1.2 is pfsense router). When I switch back to sonic (208.201.224.11 and 33), it times out on both nameservers through pfsense. There is no problem resolving other domains, such as google/microsoft, and there is no problem resolving http://www.paypal.com directly to sonic dns, and not having pfsense attempt to resolve.
by drew.phillips » Wed Apr 24, 2019 1:23 pm
Would you mind trying these two things?

1. Test resolving verisign.com through our servers (they are also using DNSSEC)
2. SSH into pfSense and run "dig +trace paypal.com @208.201.224.11" and "dig +trace paypal.com @192.168.1.2" so we can compare and see if there are any differences

The TTL's were pretty low but just in case, I wiped the DNS cache for paypal.com on our resolvers and re-queried it on the chance that might help.
Drew Phillips
Programmer / System Operations, Sonic.net
by roughingit » Wed Apr 24, 2019 1:42 pm
Hi Drew, it looks like paypal is now resolving correctly through pfsense, so all the tests you gave me are succeeding. If the problem comes up again, I will retry the tests again and post what I find. Thanks for your help.
by drew.phillips » Wed Apr 24, 2019 2:19 pm
Awesome, glad to hear it!
Drew Phillips
Programmer / System Operations, Sonic.net
by phodient » Thu May 30, 2019 8:34 pm
Hi, sorry to jump in a month later, but I am seeing the same behavior, but for another domain (steamradiators.com). This domain was correctly resolving on May 8, but is currently not resolving with Sonic DNS. This is across multiple machines, including one that had never done a lookup on this domain until today.

Code: Select all

$ nslookup steamradiators.com 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	steamradiators.com
Address: 216.25.8.73

$ nslookup steamradiators.com 208.201.224.11
Server:		208.201.224.11
Address:	208.201.224.11#53

** server can't find steamradiators.com: SERVFAIL

$ nslookup steamradiators.com 208.201.224.33
Server:		208.201.224.33
Address:	208.201.224.33#53

** server can't find steamradiators.com: SERVFAIL
by cmeisel » Fri May 31, 2019 10:32 am
what do you get when you run this:

nslookup steamradiators.com
11 posts Page 1 of 2

Who is online

In total there are 34 users online :: 1 registered, 0 hidden and 33 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Bing [Bot] and 33 guests