1

My website is not resolving correctly, so I checked the name server via nslookup in PowerShell and see bodis.com. Then I checked online, hoping I checked the same name server, and see domaincontrol.com.

Why the discrepancy? Aren't both lookups checking the 1.1.1.1 name server?

I did ipconfig /flushdns on my local machine.

Here is the local result via PowerShell:

PS C:\Users\[username]> nslookup -d2 -type=NS example.com
------------
SendRequest(), len 38
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        1.1.1.1.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (67 bytes):
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        1.1.1.1.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  1.1.1.1.in-addr.arpa
        type = PTR, class = IN, dlen = 17
        name = one.one.one.one
        ttl = 1237 (20 mins 37 secs)

------------
Server:  one.one.one.one
Address:  1.1.1.1

------------
SendRequest(), len 42
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        example.com, type = NS, class = IN

------------
------------
Got answer (84 bytes):
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 2,  authority records = 0,  additional = 0

    QUESTIONS:
        example.com, type = NS, class = IN
    ANSWERS:
    ->  example.com
        type = NS, class = IN, dlen = 12
        nameserver = ns1.bodis.com
        ttl = 10800 (3 hours)
    ->  example.com
        type = NS, class = IN, dlen = 6
        nameserver = ns2.bodis.com
        ttl = 10800 (3 hours)

------------
Non-authoritative answer:
example.com
        type = NS, class = IN, dlen = 12
        nameserver = ns1.bodis.com
        ttl = 10800 (3 hours)
example.com
        type = NS, class = IN, dlen = 6
        nameserver = ns2.bodis.com
        ttl = 10800 (3 hours)

Here is the online result from http://www.kloth.net/services/dig.php:

... here is the dig result for example.com from server 1.1.1.1 [dig @1.1.1.1 example.com NS]

 ; <<>> DiG 9 <<>> @1.1.1.1 example.com NS
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11416
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

 ;; QUESTION SECTION:
 ;example.com.  IN  NS

 ;; ANSWER SECTION:
 example.com. 2793  IN  NS  ns68.domaincontrol.com.
 example.com. 2793  IN  NS  ns67.domaincontrol.com.

 ;; Query time: 5 msec
 ;; SERVER: 1.1.1.1#53(1.1.1.1)
 ;; WHEN: Tue Jan 15 03:11:46 2019
 ;; MSG SIZE  rcvd: 94
zylstra
  • 153
  • 7
  • Is your Windows machine joined to a Domain. If so, the Domain Controller (in the LAN) will be authoritative and override the CloudFlare 1.1.1.1 public nameserver. – KidACrimson Jan 15 '19 at 04:41
  • The usual troubleshooting steps are: first query the registry authoritative nameserver to see what NS records they publish for your domain. Then double check these NS records behave correctly and do not create a lame delegation. Then double check various public resolvers like `1.1.1.1` or `8.8.8.8` or `9.9.9.9` or `80.80.80.80` to see what they have for your domain. You have also websites such as https://www.whatsmydns.net/ that will get you results from distributed probes. – Patrick Mevzek Jan 16 '19 at 16:52

1 Answers1

2

There is not a "the" 1.1.1.1 nameserver. This is an anycast address which may route to any of dozens, hundreds or even thousands of DNS servers somewhere near you on the Internet (CloudFlare don't say exactly how many DNS servers they have).

If you recently changed your nameservers, you can ask 1.1.1.1 to purge their cache for your domain.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • Not saying you're wrong, but I use CloudFlare to host DNS and it usually seems to propagate out globally within 15 minutes at most. I do not have a static IP at the site in question, so I've had to change it a few times (when the ISP assigns a new IP). I check here typically: https://www.whatsmydns.net – KidACrimson Jan 15 '19 at 04:46
  • Note to self: purge NS Record Type. – zylstra Feb 28 '19 at 03:55