none
*** Request to Unknown timed-out RRS feed

  • Question

  • Hi,

    We are unable to resolve a handful of domain names via Windows 2016 DNS using root hints. An example would be:

    us-central1-sharedgeographydatabase.cloudfunctions.net

    Using nslookup for a portion of the hostname successfully resolves the query (e.g. without the "us-" at the beginning - central1-sharedgeographydatabase.cloudfunctions.net), although the full host name is never resolved.

    The send request fails:

    > us-central1-sharedgeographydatabase.cloudfunctions.net
    Server:  UnKnown
    Address:  ::1

    ------------
    SendRequest(), len 91
        HEADER:
            opcode = QUERY, id = 42, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            us-central1-sharedgeographydatabase.cloudfunctions.net.midlandheart.local, type = A, class = IN

    ------------
    ------------
    Got answer (167 bytes):
        HEADER:
            opcode = QUERY, id = 42, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            us-central1-sharedgeographydatabase.cloudfunctions.net.midlandheart.local, type = A, class = IN
        AUTHORITY RECORDS:
        ->  {local domain name}
            type = SOA, class = IN, dlen = 46
            ttl = 3600 (1 hour)
            primary name server = {local DNS server}
            responsible mail addr = administrator
            serial  = 1334298
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    SendRequest(), len 91
        HEADER:
            opcode = QUERY, id = 43, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            us-central1-sharedgeographydatabase.cloudfunctions.net.midlandheart.local, type = AAAA, class = IN

    ------------
    ------------
    Got answer (167 bytes):
        HEADER:
            opcode = QUERY, id = 43, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            us-central1-sharedgeographydatabase.cloudfunctions.net.midlandheart.local, type = AAAA, class = IN
        AUTHORITY RECORDS:
        ->  {local domain name}
            type = SOA, class = IN, dlen = 46
            ttl = 3600 (1 hour)
            primary name server = {local dns server}
            responsible mail addr = administrator
            serial  = 1334298
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    SendRequest(), len 72
        HEADER:
            opcode = QUERY, id = 44, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            us-central1-sharedgeographydatabase.cloudfunctions.net, type = A, class = IN

    ------------
    DNS request timed out.
        timeout was 2 seconds.
    timeout (2 secs)
    SendRequest failed
    ------------
    SendRequest(), len 72
        HEADER:
            opcode = QUERY, id = 45, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            us-central1-sharedgeographydatabase.cloudfunctions.net, type = AAAA, class = IN

    ------------
    DNS request timed out.
        timeout was 2 seconds.
    timeout (2 secs)
    SendRequest failed

    Looking at the DNS debug logs the following is seen:

    08/08/2018 14:53:36 0B84 PACKET  000001FE219E4530 UDP Snd 192.168.5.170   28f3 R Q [8281   DR SERVFAIL] A      (35)us-central1-sharedgeographydatabase(14)cloudfunctions(3)net(0)

    In case of an issue with our Cisco ASA firewall blocking UDP packets larger than 512 bytes, I've modified the the dns filter to increase the size but this has not resolved the issue.

    Does anyone have an idea of what could be the issue here?

    Thanks,

    John

    Thursday, August 9, 2018 11:10 AM

Answers

  • Unfortunately we could not find a solution to this issue using root hints. We decided to add forwarders to our ISP instead of solely using the root hints. After making this change DNS resolution consistently worked for the previously problematic names.
    • Marked as answer by JohnHunt Thursday, August 16, 2018 3:17 PM
    Thursday, August 16, 2018 3:17 PM