Cloudflare Developers•9mo ago

TXT DNS lookup only works with cloudflare (1.1.1.1), while the other like 8.8.8.8 doesn't work

Hello, For some reason, only cloudflare could dig up the TXT record, resulting in DNS Challenge failing, it used to work, a few months ago.

$ dig +short TXT 22d62b56-4c18-4113-8f3b-6a4de90237cc.auth.example.com @8.8.8.8
$ dig +short TXT 22d62b56-4c18-4113-8f3b-6a4de90237cc.auth.example.com @1.1.1.1
"UpGkwV-P3D_lQ_67-UyYvftIKkbeWVS8n66ufYn1EWg"
"70TIIi3Fnhbt1tewuce3m60GqWbpoX5ifX8jQ_VzxSY"

$ dig +short TXT 22d62b56-4c18-4113-8f3b-6a4de90237cc.auth.example.com @8.8.8.8
$ dig +short TXT 22d62b56-4c18-4113-8f3b-6a4de90237cc.auth.example.com @1.1.1.1
"UpGkwV-P3D_lQ_67-UyYvftIKkbeWVS8n66ufYn1EWg"
"70TIIi3Fnhbt1tewuce3m60GqWbpoX5ifX8jQ_VzxSY"

Related records:

NS
auth
ns1.auth.example.com

NS
auth
ns1.auth.example.com

A
ns1.auth
xxx.xxx.xxx.xxx

A
ns1.auth
xxx.xxx.xxx.xxx

- NS gwen.ns.cloudflare.com - NS zod.ns.cloudflare.com Please help. What shoul I do?

17 Replies

PatiphanOP•9mo ago

dig +short TXT 22d62b56-4c18-4113-8f3b-6a4de90237cc.auth.oxygenci.com @8.8.8.8

dig +short TXT 22d62b56-4c18-4113-8f3b-6a4de90237cc.auth.oxygenci.com @8.8.8.8

dig +short TXT 22d62b56-4c18-4113-8f3b-6a4de90237cc.auth.oxygenci.com @1.1.1.1

dig +short TXT 22d62b56-4c18-4113-8f3b-6a4de90237cc.auth.oxygenci.com @1.1.1.1

1.1.1.1•9mo ago

DNS over Discord: TXT records

22d62b56-4c18-4113-8f3b-6a4de90237cc.auth.oxygenci.com TXT @1.1.1.1 +noall +answer An unexpected server failure [2 - ServFail] occurred when looking up the domain

diggy diggy hole

PatiphanOP•9mo ago

PatiphanOP•9mo ago

I found it to be working on my phone and on the pc With cellular network May be my problem is country based? Yes, other wise, how could it work on cellular network What if you doesn't use short, could you let me know which part of the DNS fail?

PatiphanOP•9mo ago

Strangely, I found it to be working only half of the time

PatiphanOP•9mo ago

And based on the log on the DNS server, only the successful answer was answer from my DNS server. So, somehow, 1.1.1.1 only asked for the TXT record on my server sometime.

PatiphanOP•9mo ago

But the record does exist? Did I configure it wrong

PatiphanOP•9mo ago

So, maybe, cloudflare 1.1.1.1 only able to reach my server sometime?

$ dig auth.oxygenci.com NS

; <<>> DiG 9.18.24 <<>> auth.oxygenci.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7215
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;auth.oxygenci.com.        IN    NS

;; ANSWER SECTION:
auth.oxygenci.com.    3600    IN    NS    ns1.auth.oxygenci.com.

;; Query time: 4 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Mon Mar 18 17:18:39 +07 2024
;; MSG SIZE  rcvd: 64

$ dig auth.oxygenci.com NS

; <<>> DiG 9.18.24 <<>> auth.oxygenci.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7215
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;auth.oxygenci.com.        IN    NS

;; ANSWER SECTION:
auth.oxygenci.com.    3600    IN    NS    ns1.auth.oxygenci.com.

;; Query time: 4 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Mon Mar 18 17:18:39 +07 2024
;; MSG SIZE  rcvd: 64

$ dig auth.oxygenci.com NS @1.1.1.1

; <<>> DiG 9.18.24 <<>> auth.oxygenci.com NS @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61979
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 22 (No Reachable Authority): (at delegation auth.oxygenci.com.)
;; QUESTION SECTION:
;auth.oxygenci.com.        IN    NS

;; Query time: 2255 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Mon Mar 18 17:18:46 +07 2024
;; MSG SIZE  rcvd: 84

$ dig auth.oxygenci.com NS @1.1.1.1

; <<>> DiG 9.18.24 <<>> auth.oxygenci.com NS @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61979
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 22 (No Reachable Authority): (at delegation auth.oxygenci.com.)
;; QUESTION SECTION:
;auth.oxygenci.com.        IN    NS

;; Query time: 2255 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Mon Mar 18 17:18:46 +07 2024
;; MSG SIZE  rcvd: 84

1.1.1.1•9mo ago

DNS over Discord: TXT records

22d62b56-4c18-4113-8f3b-6a4de90237cc.auth.oxygenci.com TXT @1.1.1.1 +noall +answer An unexpected server failure [2 - ServFail] occurred when looking up the domain

diggy diggy hole

PatiphanOP•9mo ago

Thanks for the reply, Based on the record provided in the original message, - NS auth ns1.auth.domain.com - A ns1.auth xxx.xxx.xxx.xxx for 22d62b56-4c18-4113-8f3b-6a4de90237cc.auth.domain.com auth.domain.com is first check, and found that ns1.auth.domain.com is controlling it, so it check ns1.auth.domain.com which pointed to my DNS server from A record which should work? Is my understanding correct? Or do you suggest I don't use ns1.auth.domain.com, this originally work previously. I see what you mean, so it should be ns1.domain.com, is that correct? I changed it. Now, discord bot 1.1.1.1 can resolve, but google can't. I'll wait 1 hour in case of dns propagation delay.

PatiphanOP•9mo ago

for 1.1.1.1 It still only work sometime For some reason, dig only reach my server sometime, the only time it works is when it reach my server here is my current record, please help.

1.1.1.1•9mo ago

DNS over Discord: TXT records

22d62b56-4c18-4113-8f3b-6a4de90237cc.auth.oxygenci.com TXT @1.1.1.1 +noall +answer An unexpected server failure [2 - ServFail] occurred when looking up the domain

diggy diggy hole

PatiphanOP•9mo ago

I don't understand why is it working for some internet like mine but not for the bot Is it because of ipv6?

1.1.1.1•9mo ago

DNS over Discord: TXT records

22d62b56-4c18-4113-8f3b-6a4de90237cc.auth.oxygenci.com TXT @1.1.1.1 +noall +answer +cdflag

NAME                                | TTL | DATA        
------------------------------------+-----+-------------
22d62b56-4c18-4113-8f3b-6a4de90237c | 1s  | "IZ9IhJ2-a38
c.auth.oxygenci.com                 |     | Y-dlTH_0ZLcz
                                    |     | 9D19bD7GSkL1
                                    |     | JQG3LF60"   
22d62b56-4c18-4113-8f3b-6a4de90237c | 1s  | "a5LdOQ-kWB-
c.auth.oxygenci.com                 |     | mo4HNvwag3tN
                                    |     | _OsOM8cPpoWW
                                    |     | LfNNiBRg"

NAME                                | TTL | DATA        
------------------------------------+-----+-------------
22d62b56-4c18-4113-8f3b-6a4de90237c | 1s  | "IZ9IhJ2-a38
c.auth.oxygenci.com                 |     | Y-dlTH_0ZLcz
                                    |     | 9D19bD7GSkL1
                                    |     | JQG3LF60"   
22d62b56-4c18-4113-8f3b-6a4de90237c | 1s  | "a5LdOQ-kWB-
c.auth.oxygenci.com                 |     | mo4HNvwag3tN
                                    |     | _OsOM8cPpoWW
                                    |     | LfNNiBRg"

:warning: cd bit set, DNSSEC validation disabled

diggy diggy hole

1.1.1.1•9mo ago

DNS over Discord: NS records

auth.oxygenci.com NS @1.1.1.1 +noall +answer

NAME              | TTL    | DATA                  
------------------+--------+-----------------------
auth.oxygenci.com | 3,600s | ns1-auth.oxygenci.com.

NAME              | TTL    | DATA                  
------------------+--------+-----------------------
auth.oxygenci.com | 3,600s | ns1-auth.oxygenci.com.

diggy diggy hole

PatiphanOP•9mo ago

Based on this, Would I just have to wait 48 hours?

PatiphanOP•9mo ago

As an update, my ISP said that they just block my 53 port on international traffic... So, case closed, I guess?

Gaming

Programming

TXT DNS lookup only works with cloudflare (1.1.1.1), while the other like 8.8.8.8 doesn't work