DNS does not resolve on certain ISPs

Question

We are currently in the process of building a cloud service and we are having DNS issues.

DNS is resolving correctly via - Cellular/LTE/Verizon - Wifi/Cable (tested with different ISPs)

DNS is not resolving via cellular/LTE/AT&T

Edit: Problem occurs with iPhone on AT&T/LTE. Verizon works fine, also on iPhone. The problem was reproduced with Chrome + Safari, also after flushing the DNS cache (airplane mode on + off). Chrome on iOS shows the error: ERR_NAME_NOT_RESOLVED, Safari shows not detailed information.

Edit 2: I unfortunately can't share uncensored DNS settings but perhaps that helps (these settings have been up for over a week and the TTLs have not been changed):

A   @   <censored ip 1> 600 seconds
A   sub1    <censored ip 2> 1 Hour
A   sub2    <censored ip 2> 1 Hour
CNAME   ftp @   1 Hour
CNAME   issue   @   1 Hour
CNAME   mail    @   1 Hour
CNAME   smtp    @   1 Hour
CNAME   sub3    @   1 Hour
CNAME   www @   1 Hour
CNAME   _domainconnect  _domainconnect.gd.domaincontrol.com 1 Hour  Edit
MX  @   mail.domain.tld (Priority: 0)   1 Hour  Edit
MX  @   smtp.domain.tld (Priority: 10)  1 Hour  Edit
TXT @   google-site-verification=<censored key> 1 Hour  Edit
TXT @   v=spf1 a mx ip4:<censored ip1> ~all 1 Hour  Edit
TXT selector._domainkey k=rsa; p=<censored key> 1 Hour  Edit
TXT _domainkey  o=~; r=noreply@truerec.io   1 Hour  Edit
NS  @   ns47.domaincontrol.com  1 Hour  
NS  @   ns48.domaincontrol.com  1 Hour

Do we need to add more name servers or is it a different issue?

We cannot troubleshoot this issue without knowing the (unredacted) name of the DNS record you are experiencing trouble with. There several possibilities. — Andrew B, Feb 06 '17 at 22:04
Sorry, I know that sucks, but I'm currently not authorized (yet) to publish the uncensored DNS or IP. — mitchkman, Feb 06 '17 at 22:12
What was the TTL _before_ you made the changes? You will need to wait at least that long before DNS caches expire. — Michael Hampton, Feb 06 '17 at 22:13
Good point, but we did not change the TTLs. It's been roughly a week since the settings have been set up this way. — mitchkman, Feb 06 '17 at 22:14
Aside from suggesting that you use a tool such as [dnsviz](http://dnsviz.net/) to troubleshoot your domain for an invalid DNSSEC configuration (a common cause of inconsistent responses between ISPs), it is unlikely that we can provide further assistance without that level of detail. — Andrew B, Feb 06 '17 at 22:16
I don't see any problem. I would suggest doing further DNS lookups on the AT&T network and see if you can figure out what they are doing wrong. — Michael Hampton, Feb 06 '17 at 22:17
Yep, sorry I can't provide further details. It suddenly works again now after many times of retrying. Tested with a cleared DNS cache. We experienced similar issues before with people trying to open the web site from different countries. — mitchkman, Feb 06 '17 at 22:21

score 0 · Answer 1 · answered Feb 06 '17 at 22:22

0

It started working again after many, many times of retrying (closing all tabs, browsers, restarting the affected mobile devices, airplane mode on & off). I can't give any further explanation. Perhaps an issue with AT&T.

answered Feb 06 '17 at 22:22

mitchkman

149
1
4

Local issue, not the carrier. – Orphans Feb 07 '17 at 06:22

DNS does not resolve on certain ISPs

1 Answers1