[SOLVED] Random NxDomain Errors ?

[General_Cool]

There is a shockingly bizarre error I've been getting when trying to connect to only two websites, the first of which I've never been able to connect to and the second which worked yesterday and doesn't work today. There is not a single other website this happens on so I'm confused why these two in specific. A couple years ago this happened to me with another random website but that resolved itself eventually and randomly, never figured out the cause.

I've tried literally everything at this point to solve this problem but nothing is working.

What I tried:

• Reset all the DNS settings on my PC
• reset IP
• checked host file
• switched to Cloudflare DNS
• Then did all the same for the router while restarting everything multiple times and still nothing.

VPN does nothing and using my phone's data allows me to access the websites just fine. This happens on all devices connected to the Wi-Fi.

Any ideas what to try next? I'm considering calling my provider and having them do a hard reset of the modem or even just having them send a new one. Thanks for reading.

 

[bill001g]

Modem and even your router to some extent has no idea what a web site is. The modem does not even care what a IP address is.

If you use the nslookup command does the name resolve to what you think is the proper IP. You can try different dns servers on the end of the command.

Try to disable IPv6 maybe it is trying to use a IPv6 address and other sites are using IPv4 addresses.

Try another web browser, Could be some garbage someplace in your current browser. Note browser now have the ability to bypass the system dns.

 

[General_Cool]

If you use the nslookup command does the name resolve to what you think is the proper IP. You can try different dns servers on the end of the command.

What I get is "*** [the website] can't find nslookup: No response from server". If I'm not using the command properly I kindly ask to teach me but it appears that my WiFi doesn't even know the server exists.

Try to disable IPv6 maybe it is trying to use a IPv6 address and other sites are using IPv4 addresses.

IPv6 is already disabled. Enabled it and no luck. Disabled it again and still no luck.

Try another web browser, Could be some garbage someplace in your current browser. Note browser now have the ability to bypass the system dns.

Tried Opera, Opera GX (with and without DNS over proxy), Firefox, Edge, and Chrome; nope. Then switched to my phone using Safari; nope. Tried my tablet using safari; nope. Don't think its browser related. Note using my phone with data allows me to connect no problem.

 

[bill001g]

Ahhh you kids.

nslookup is run from the cmd line it doesn't use web browser.

Although you should never need to do it you can put a entry in the host file to force it to resolve to a particular ip address.

 

[General_Cool]

Ahhh you kids.

nslookup is run from the cmd line it doesn't use web browser.

Although you should never need to do it you can put a entry in the host file to force it to resolve to a particular ip address.

I'm aware what command prompt is, don't worry. 🤣

I tried it with both websites, the one example I gave you gives me a list of Server, four Addresses, and two Aliases in addition to the "no response from the server". I tried the second website (the one that has never worked) and that one just straight up gave me a DNS request time out. Anything I can work with here?

And if that doesn't work, how would I go about correctly entering something into the host file?

 

[bill001g]

Try the putting 1.1.1.1 or 8.8.8.8 on the end of the nslookup command.

This will force it to use those dns servers.

If the server does not respond then it is kinda strange when used like this. Be sure the server that is displayed is correct. The default method of dns is to use your router as a proxy to the ISP dns server. Both those tends to have issues at times.

Although it is unlikely a ISP may try to intercept your dns and force you to theirs no matter what you try to use. This is also a common way parental controls are done on a router.

Windows should now have the ability to use encrypted DNS. I think it comes up with the option if you put 1.1.1.1 in as your dns server in the nic settings. You can also setup encrypted DNS in the browser. I would recommend you use encrypted DNS once you get things figured out.

 

[General_Cool]

While discussing this the first website magically fixed itself. Confused but not surprised. The second website still gives a timeout.

Try the putting 1.1.1.1 or 8.8.8.8 on the end of the nslookup command.

Did "nslookup www.[website].com 1.1.1.1" and got "server unknown" as well as DNS request timed out and "*** one.one.one.one can't find www.[website].com: Server failed". Am I using the command incorrectly?

Windows should now have the ability to use encrypted DNS. I think it comes up with the option if you put 1.1.1.1 in as your dns server in the nic settings. You can also setup encrypted DNS in the browser. I would recommend you use encrypted DNS once you get things figured out.

Assuming this is DNS over proxy, if it is then I have that option enabled in Opera GX. Curious how I would get it working for all connections though (I'll check the Cloudflare blog).

 

[bill001g]

That is very strange you think it would timeout no matter what site you put in.

I guess you could ping 1.1.1.1 but you should get purely random dns results if it would fail to ping and not just on certain sites.

The nslookup command should not use any form of proxy.

I have not used opera but chrome has the encrypted dns which is kinda a proxy when you think about it. What it actually does is send the dns request to cloudflare (1.1.1.1) using what appears to be HTTPS. This both prevent people from spying on the normal dns which is not encrypted and also is not using the DNS port 53 so it prevents interception and blocking. The DNS was the last big hole in tracking ability used by ISP or some governments to try to limit content.

 

[General_Cool]

I have not used opera but chrome has the encrypted dns which is kinda a proxy when you think about it. What it actually does is send the dns request to cloudflare (1.1.1.1) using what appears to be HTTPS. This both prevent people from spying on the normal dns which is not encrypted and also is not using the DNS port 53 so it prevents interception and blocking. The DNS was the last big hole in tracking ability used by ISP or some governments to try to limit content.

We're talking about the same thing. Opera has the option to use Cloudflare, Google, or another one if you choose (but that gets into advanced stuff). At this point it really just seems to be that one website plus occasionally something else based upon unknown factors.

Could it be the router firewall? I'm using an Apple router and I've read on the Apple forums that the firewall can't be disabled at all on those routers. Maybe that one website just gets blocked by the firewall?

 

[bill001g]

You would not get dns errors. The dns would look up the IP and then you would get some error about the site failed to open or respond.

 

[General_Cool]

You would not get dns errors. The dns would look up the IP and then you would get some error about the site failed to open or respond.

C:\Users\[My Account]>nslookup www.[website].com
Server: UnKnown
Address: [the IP]

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

Why does it not know the server but it knows the IP?

 

[bill001g]

This is a example I get. Note I have my dns server set in the nic to 8.8.8.8

The first 2 lines are the DNS server itself. The rest of the display is the data from the dns server. What would be suspious is if the IP or the name was not the server I expect. That would be a symptom of a dns hijack.



C:\WINDOWS\system32>nslookup www.tomshardware.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
Name: g.sni.us-eu.fastly.net
Addresses: 199.232.194.114
199.232.198.114
Aliases: www.tomshardware.com


C:\WINDOWS\system32>nslookup www.tomshardware.com 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1

Non-authoritative answer:
Name: g.sni.us-eu.fastly.net
Addresses: 199.232.194.114
199.232.198.114
Aliases: www.tomshardware.com

 

[General_Cool]

The first 2 lines are the DNS server itself. The rest of the display is the data from the dns server. What would be suspious is if the IP or the name was not the server I expect. That would be a symptom of a dns hijack.

This is what I get when I try the exact same thing.

C:\WINDOWS\system32>nslookup www.tomshardware.com
Server: UnKnown
Address: 10.0.1.1

Non-authoritative answer:
Name: g.sni.us-eu.fastly.net
Addresses: 199.232.194.114
199.232.198.114
Aliases: www.tomshardware.com

C:\WINDOWS\system32>nslookup www.tomshardware.com 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1

Non-authoritative answer:
Name: g.sni.us-eu.fastly.net
Addresses: 199.232.198.114
199.232.194.114
Aliases: www.tomshardware.com

Note that when testing this I have everything set to automatic in my NIC settings and my router is set to use the Cloudflare DNS.

 

[bill001g]

I would either set the dns in your nic or change your router to give you the dns via DHCP. You are using the proxy function in the router. This is assuming 10.0.1.1 is your router. These have a long history of messing stuff up. Not sure the real purpose dns is only done the first time it needs to look it up. The pc itself caches the infor for a while and I can't see the benefit of adding another layer of cache. It is not like taking 1ms compared to 10ms is going to make much difference.

 

[General_Cool]

I would either set the dns in your nic or change your router to give you the dns via DHCP.

Done. Here's what happens when I run the command now (using Cloudflare DNS).

C:\WINDOWS\system32>nslookup www.tomshardware.com
Server: one.one.one.one
Address: 1.1.1.1

Non-authoritative answer:
Name: g.sni.us-eu.fastly.net
Addresses: 199.232.194.114
199.232.198.114
Aliases: www.tomshardware.com

Should note that I still can't access that one website though. It's not like its some janky website that's obscure; its the USCG recruiting site, so you'd think it would work just fine. Here's what I get:

C:\WINDOWS\system32>nslookup www.gocoastguard.com
Server: one.one.one.one
Address: 1.1.1.1

*** one.one.one.one can't find www.gocoastguard.com: Server failed

Would you mind seeing what happens when you try it?

 

[bill001g]

That is a different error. It says you can talk to the dns server but there is no record.

It has to be some issue with how they have registered the domain or something with how the domains are connected. I forget how you check what the root dns server is. It doesn't really matter since that is for the owner to fix even if you dig around.

I get the same results as you so it is not a problem related to you.

 

[General_Cool]

That is a different error. It says you can talk to the dns server but there is no record.

It has to be some issue with how they have registered the domain or something with how the domains are connected. I forget how you check what the root dns server is. It doesn't really matter since that is for the owner to fix even if you dig around.

I get the same results as you so it is not a problem related to you.

Thank you for ensuring that I am not crazy.

Still doesn't explain why the one website yesterday and the other one years ago randomly broke and then fixed themselves. I'm just going to hope it doesn't happen again. I'll go ahead and get cloudflared setup on my PC so I can encrypt all DNS traffic (besides just the traffic inside the browser) like you suggested.

Thanks for the help.