[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Google Public DNS mostly doesn't reply with the correct DNS answer



Hi all,

We created a CNAME record a few days ago and noticed it was not redirecting to the correct target most of the time (it's supposed to redirect to an AWS service, but instead just returning to our *.domain.tld target).
We tried creating another subdomain and it worked fine without any issue, we deleted and re-created our CNAME record and it's still going on the wrong target.

1. We can communicate with Google DNS through a traceroute

2. When executing dig on the subdomain, we have the issue :

corentin@LAPTOP-O3NO25DV:/mnt/c/Users/CorentinCloss $ dig @8.8.8.8 natasha.mpulse.eu.

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @8.8.8.8 natasha.mpulse.eu.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55796
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;natasha.mpulse.eu.             IN      A

;; ANSWER SECTION:
natasha.mpulse.eu.      3599    IN      CNAME   eafe5b63-albnginxingress-a-b742-1480374157.eu-west-1.elb.amazonaws.com.
eafe5b63-albnginxingress-a-b742-1480374157.eu-west-1.elb.amazonaws.com. 59 IN A 54.77.72.213
eafe5b63-albnginxingress-a-b742-1480374157.eu-west-1.elb.amazonaws.com. 59 IN A 52.213.108.113
eafe5b63-albnginxingress-a-b742-1480374157.eu-west-1.elb.amazonaws.com. 59 IN A 54.246.150.238

;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Mar 06 16:47:14 STD 2019
;; MSG SIZE  rcvd: 178

corentin@LAPTOP-O3NO25DV:/mnt/c/Users/CorentinCloss $ dig @8.8.8.8 natasha.mpulse.eu.

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @8.8.8.8 natasha.mpulse.eu.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64119
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;natasha.mpulse.eu.             IN      A

;; ANSWER SECTION:
natasha.mpulse.eu.      4969    IN      CNAME   mpulse.eu.
mpulse.eu.              7199    IN      A       80.92.66.204

;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Mar 06 16:47:15 STD 2019
;; MSG SIZE  rcvd: 76

As you can see above, we don't have the same reply for the 2 exact same commands at a few seconds interval (the correct one is the first with AWS, the bad one is the second one).

Google Public DNS also struggles to reply the correct data without performing DNSSEC validation (returns both the true and bad values)
We have no issues with Level 3's, OpenDNS or Cloudflare DNS servers.

This has been tested on a computer running Ubuntu, a computer running Windows, an iPhone connected through 4G (no wifi on the same network as the 2 previous computers) and an AWS server.

Please apologize for some typos ;) 

--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/b835478b-ef2f-40fd-bad6-d2237b917c9b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.