Why does Cloudflare's DNS not resolve some DuckDNS domains, while Google's does?

Why does Cloudflare's DNS not resolve some DuckDNS domains, while Google's does?

Because CloudFlare had some needs to change it.(Technical issue, DDoS, mistake...)
BTW, I had similar issue with Google's public DNS. It shouldn't be for a long time, usually it is an issue in DNS propagation when some name server doing upgrade, mistake and so on... Both Google and CloudFlare public DNS are forwarding servers that gather information from name servers that are responsible for some particular zone.

Instead of using hard-coded IP address you better have to use in such cases one of official name servers that serves duckdns.org zone, which are:

ns1.duckdns.org
ns2.duckdns.org
ns3.duckdns.org

nslookup box.duckdns.org ns2.duckdns.org

I suggest to switch temporary your system wide DNS either to 8.8.8.8 until propagation/misconfiguration issue wouldn't be resolved at CloudFlare or use your ISP provider's DNS or simply use gateway/router IP that must automatically use ISP's DNS if you are on DHCP.

Alex

Posted 2018-08-12T10:00:08.430

Reputation: 5 606

nslookup box.duckdns.org ns2.duckdns.org Well, guess what happens then ;) my (system-wide) Cloudflare DNS server cannot find an IP to that nameserver... – bers – 2018-08-12T11:54:29.663

1So, that's obviously something wrong with DNS propagation at CloudFlare. I just queried 1.1.1.1 from three different VPS that located in Germany, USA and Singapore and all three can't resolve box.duckdns.org via 1.1.1.1, while dedicated DNS servers that works on all of those VPS that aren't caching DNS but used resolving starting from root DNS servers, was able to resolve domain in question. – Alex – 2018-08-12T12:10:51.063

Actually when you running nslookup box.duckdns.org ns2.duckdns.org then nslookup bypassing system-wide DNS and query directly ns2.duckdns.org. It is possible that your ISP(or your antivirus, firewall) blocking request to remote 53 port. I did dig box.duckdns.org @ns2.duckdns.org and it resolved as it should. The same success for dig ns2.duckdns.org a – Alex – 2018-08-12T12:15:24.997

I expected this not to take too long, either. Nonetheless, the problem is still ongoing, so I doubt this is a temporary flaw and switched back to Google's DNS service... As to your suggestion using to "query directly ns2.duckdns.org" - well, I still need a DNS service to resolve the nameserver itself, and Cloudflare does not resolve ns2.duckdns.org. So much about not hardcoding IP addresses ;) – bers – 2018-08-13T13:20:30.377

Yes, box.duckdns.org still doesn't resolved via 1.1.1.1, I think you need to switch temporary your system wide DNS either to 8.8.8.8 until propagation issue wouldn't be resolved or use your ISP provider's DNS or simply use gateway/router IP that must automatically use ISP's DNS if you are on DHCP – Alex – 2018-08-13T13:26:47.363

1Cloudflare DNS also does not resolve archive.is, apparently due to a misconfiguration by archive.is. Maybe Cloudflare DNS handles stuff unlike other servers. – Daniel B – 2018-08-13T13:45:51.447

1This answer seems to cover your case. The answer uses the Linux dig command and this link shows how to implement it in Windows. – AFH – 2018-08-12T14:34:50.920

1@AFH dig +trace doesn't use system wide DNS, but pretending to be a name server itself and starts resolving on its own beginning from root DNS servers bypassing CloudFlare free DNS at 1.1.1.1 completely. I already point it out in comments that resolving FQDN box.duckdns.org isn't an issue for those who runs own DNS or used 8.8.8.8. The issue is obviously at 1.1.1.1 – Alex – 2018-08-13T13:38:29.700

Why does Cloudflare's DNS not resolve some DuckDNS domains, while Google's does?

Answers