2

Improved query to authority server not responding or responding with empty records.

Hi,

Recently, I was reported that the domain `student.husc.edu.vn` query has no record, but when switching to another DNS, there is a DNS record.

; <<>> DiG 9.16.28 <<>> student.husc.edu.vn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 243
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;student.husc.edu.vn.           IN      A
;; Query time: 62 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Mar 15 09:42:50 SE Asia Standard Time 2025
;; MSG SIZE  rcvd: 37

 

I query this domain name with the authoritative DNS server. The results show that the ns1 server responds to the query with a DNS record, while the ns2 server responds to DNS with a NXDOMAIN status.

; <<>> DiG 9.16.28 <<>> student.husc.edu.vn @ns1.vdconline.vn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26630
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 2b63126182fd3bba90a8ce5a67d4e96e3e5c5029e8965f88 (good)
;; QUESTION SECTION:
;student.husc.edu.vn.           IN      A
;; ANSWER SECTION:
student.husc.edu.vn.    3600    IN      A       222.255.148.166
;; AUTHORITY SECTION:
husc.edu.vn.            3600    IN      NS      ns1.vdconline.vn.
husc.edu.vn.            3600    IN      NS      ns2.vdconline.vn.
;; ADDITIONAL SECTION:
ns1.vdconline.vn.       86400   IN      A       14.225.24.83
ns2.vdconline.vn.       86400   IN      A       14.225.24.84
;; Query time: 31 msec
;; SERVER: 14.225.24.83#53(14.225.24.83)
;; WHEN: Sat Mar 15 09:44:00 SE Asia Standard Time 2025
;; MSG SIZE  rcvd: 170

; <<>> DiG 9.16.28 <<>> student.husc.edu.vn @ns2.vdconline.vn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9788
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 035d82940c8ca86baa1f4b4f67d4e97725f8e5b949e1e5be (good)
;; QUESTION SECTION:
;student.husc.edu.vn.           IN      A
;; AUTHORITY SECTION:
husc.edu.vn.            3600    IN      SOA     ns1.vdconline.vn. vdconline.tld. 2025031378 28800 7200 1209600 3600
;; Query time: 28 msec
;; SERVER: 14.225.24.84#53(14.225.24.84)
;; WHEN: Sat Mar 15 09:44:08 SE Asia Standard Time 2025
;; MSG SIZE  rcvd: 139

 

The problem to be solved here is: When the NextDNS server queries the ns2 server, it will cache the DNS with the status NXDOMAIN, leading to other clients querying the website not being able to access it (in 1 hour).

I propose the following solution:
- The NextDNS server will continue to query the remaining authoritative DNS servers, check for DNS records and replace the empty DNS cache (if any).
- Provide a tool to purge the DNS cached domain name. As Cloudflare DNS is providing https://one.one.one.one/purge-cache/

I know that, DNS records are stored depending on the domain administrator. But NextDNS can proactively improve it.

Hope NextDNS will consider this suggestion. Thanks!

Reference:

https://dnssec-analyzer.verisignlabs.com/student.husc.edu.vn

https://dnsviz.net/d/student.husc.edu.vn/dnssec/

Reply

null
Login to reply

Content aside

  • 2 Likes
  • 12 days agoLast active
  • 23Views
  • 1 Following