Arch Linux

whompyjaw

Member

Registered: 2023-10-08

Posts: 10

PC can't find my cloudflare domain but mac laptop can

I tried to use ChatGPT and read https://wiki.archlinux.org/title/Domain_name_resolution as much as I could before I got here, but I am at a loss. Hoping the community will come through

Context
I setup a domain on cloudflare that points to my homeserver's ip address (A record points to server's IP that is updated by ddclient, with the CNAME targeting the A record)
Issue
- I can ping and ssh into the server via the domain name on my m1 macbook pro. But, I cannot ping it or ssh to the server, using the domain name, from my arch PC. I can, however, ping and ssh to the *ip address* of the server.
The exact errors when targeting the domain are:

ping domain.org
ping: domain.org: No address associated with hostname

ssh -p #### user@domain.org
ssh: Could not resolve hostname domain.org: No address associated with hostname

Debug
- I can ping normal domain names (archlinux.org, google.com, etc)
- As I said before, I can ssh and ping domain.org from my macbook macOS (connected to the same router as my PC).
- I flushed systemd-resolved's cache several times
- I have waited several minutes for the DNS cache to update/propagate.
- Used https://www.whatsmydns.net/ to verify that the record propagated to all servers
- I used google's dig tool to check that it was indeed accessible: https://toolbox.googleapps.com/apps/dig/#A/ and I get:

id 16589
opcode QUERY
rcode NOERROR
flags QR RD RA
;QUESTION
domain.org. IN A
;ANSWER
domain.org. 300 IN A ###.###.#.### < -- matches correctly
;AUTHORITY
;ADDITIONAL

- /etc/systemd/network/20-wired.network is set to:

[Match]
Name=en*

[Network]
DHCP=yes
MulticastDNS=yes
IPv6PrivacyExtensions=yes
DNS=1.1.1.1 <--- set for cloudflare specifically
DNS=1.0.0.1 <--- set for cloudflare

After restarting networkd and resolved, resolvectl status returns. You'll see that I am targeting cloudflare where in DNS Servers correctly (even though the fallback would use them anyway)

Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: foreign
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com
                      2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google
          DNS Domain: ~.

Link 2 (enp42s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 1.0.0.1
       DNS Servers:  1.1.1.1 1.0.0.1 <router DNS addresses>

- When I used dig and  drill on my arch PC, I get no answer back, except for when targeting TXT records (pulled from the arch wiki article)

dig @name.ns.cloudflare.com TXT domain.org

returns:

; <<>> DiG 9.18.19 <<>> @name.ns.cloudflare.com TXT domain.org
; (6 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25508
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;domain.org.            IN    TXT

;; ANSWER SECTION:
domain.org.        300    IN    TXT    "v=spf1 -all"

;; Query time: 20 msec
;; SERVER: 172.64.35.216#53(arturo.ns.cloudflare.com) (UDP)
;; WHEN: Sat Oct 07 21:27:25 PDT 2023
;; MSG SIZE  rcvd: 66

In this case, ANSWER: 1 doesn't really mean much.

- dig +trace domain.org returns:

; <<>> DiG 9.18.19 <<>> +trace domain.org
;; global options: +cmd
.            4286    IN    NS    m.root-servers.net.
.            4286    IN    NS    h.root-servers.net.
.            4286    IN    NS    g.root-servers.net.
.            4286    IN    NS    k.root-servers.net.
.            4286    IN    NS    j.root-servers.net.
.            4286    IN    NS    d.root-servers.net.
.            4286    IN    NS    e.root-servers.net.
.            4286    IN    NS    a.root-servers.net.
.            4286    IN    NS    i.root-servers.net.
.            4286    IN    NS    f.root-servers.net.
.            4286    IN    NS    b.root-servers.net.
.            4286    IN    NS    l.root-servers.net.
.            4286    IN    NS    c.root-servers.net.
;; Received 811 bytes from 127.0.0.53#53(127.0.0.53) in 0 ms

;; UDP setup with 2001:500:2d::d#53(2001:500:2d::d) for domain.org failed: network unreachable.
;; UDP setup with 2001:500:2d::d#53(2001:500:2d::d) for domain.org failed: network unreachable.
;; UDP setup with 2001:500:2d::d#53(2001:500:2d::d) for domain.org failed: network unreachable.
;; UDP setup with 2001:dc3::35#53(2001:dc3::35) for domain.org failed: network unreachable.
;; UDP setup with 2001:500:1::53#53(2001:500:1::53) for domain.org failed: network unreachable.
;; UDP setup with 2001:500:2::c#53(2001:500:2::c) for domain.org failed: network unreachable.
;; UDP setup with 2001:503:ba3e::2:30#53(2001:503:ba3e::2:30) for domain.org failed: network unreachable.
domain.org.        2864    IN    NS    name.ns.cloudflare.com.
domain.org.        2864    IN    NS    name.ns.cloudflare.com.
;; Received 99 bytes from 198.97.190.53#53(h.root-servers.net) in 16 ms

org.            56508    IN    NS    d0.org.afilias-nst.org.
org.            56508    IN    NS    b2.org.afilias-nst.org.
org.            56508    IN    NS    a2.org.afilias-nst.info.
org.            56508    IN    NS    b0.org.afilias-nst.org.
org.            56508    IN    NS    c0.org.afilias-nst.info.
org.            56508    IN    NS    a0.org.afilias-nst.info.
org.            19626    IN    DS    26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
;; BAD REFERRAL
;; Received 492 bytes from 108.162.195.216#53(name.ns.cloudflare.com) in 13 ms

I unfortunately just don't know what else to do...
I am using systemd-networkd and systemd-resolved. Maybe there is something I am missing?

edit: formatted bbcode

Last edited by whompyjaw (2023-10-08 04:53:29)

seth

Member

From: Don't DM me only for attention

Registered: 2012-09-03

Posts: 74,267

Re: PC can't find my cloudflare domain but mac laptop can

When I used dig and  drill on my arch PC, I get no answer back

You get no answer, but some output.

I used google's dig tool to check that it was indeed accessible

Let's assume that google replies ou of their own DNS

dig @8.8.8.8 domain.org

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

whompyjaw

Member

Registered: 2023-10-08

Posts: 10

Re: PC can't find my cloudflare domain but mac laptop can

Hi seth, thanks so much for taking the time to help. Ya when I meant "answer" I meant the ANSWER: 0 value. Sorry for not clarifying.

I tried that command and still no answer. I get output, yes, but no ANSWER: 1 that is expected.

dig @8.8.8.8 domain.org

; <<>> DiG 9.18.19 <<>> @8.8.8.8 domain.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35889
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;domain.org.			IN	A

;; Query time: 16 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Sun Oct 08 06:27:36 PDT 2023
;; MSG SIZE  rcvd: 42

I tried cloudflare's as well (1.1.1.1), and same output:

; <<>> DiG 9.18.19 <<>> @1.1.1.1 domain.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13603
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;domain.org.			IN	A

;; Query time: 426 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Sun Oct 08 06:23:30 PDT 2023
;; MSG SIZE  rcvd: 42

file /etc/resolv.conf returns:

/etc/resolv.conf: ASCII text

Any other commands that might help find where the fail point actually is? It's just bizarre that I can access all these other domains and my internet works just fine, but I can't access my own domain...

seth

Member

From: Don't DM me only for attention

Registered: 2012-09-03

Posts: 74,267

Re: PC can't find my cloudflare domain but mac laptop can

The most weird part is that you can resolve it from https://toolbox.googleapps.com/apps/dig/#A/ but not using your local system, despite an explicit dig at googles DNS.
Firewall?
Can you

dig @8.8.8.8 google.com

Are you willing to dm me the actual domain?

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

whompyjaw

Member

Registered: 2023-10-08

Posts: 10

Re: PC can't find my cloudflare domain but mac laptop can

Could having DNSSEC enabled on my domain, but my resolvctl  show not supporting DNSSEC cause an issue?

Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

whompyjaw

Member

Registered: 2023-10-08

Posts: 10

Re: PC can't find my cloudflare domain but mac laptop can

I also tried to disable DHCP from managing my DNS via this post:
https://bbs.archlinux.org/viewtopic.php?id=258865 (to remove my router's DNS entries)
And that didn't work either.

whompyjaw

Member

Registered: 2023-10-08

Posts: 10

Re: PC can't find my cloudflare domain but mac laptop can

The most weird part is that you can resolve it from https://toolbox.googleapps.com/apps/dig/#A/ but not using your local system, despite an explicit dig at googles DNS.
Firewall?
Can you

dig @8.8.8.8 google.com

Are you willing to dm me the actual domain?

I emailed you the domain. I hope that is correct form of DMing on these forums? At this point I just want it figured out, haha

seth

Member

From: Don't DM me only for attention

Registered: 2012-09-03

Posts: 74,267

Re: PC can't find my cloudflare domain but mac laptop can

dig @8.8.8.8 would bypass the local resolved - you can also use it to heck dnssec, see eg. https://serverfault.com/questions/15401 … ing-dnssec
"+nodnssec" would explicitly skip that record

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

seth

Member

From: Don't DM me only for attention

Registered: 2012-09-03

Posts: 74,267

Re: PC can't find my cloudflare domain but mac laptop can

The domain you sent is NXDOMAIN on every DNS I tried (notably on cloudflare…)

I can ping and ssh into the server via the domain name on my m1 macbook pro

I suspect you cannot dig it from your macbook either?

nslookup domainorg

https://www.lifewire.com/flush-dns-cach … ac-5209298
This apparently depends on the version of MacOS, but those commands seem to catch all

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

whompyjaw

Member

Registered: 2023-10-08

Posts: 10

Re: PC can't find my cloudflare domain but mac laptop can

dig @8.8.8.8 would bypass the local resolved - you can also use it to heck dnssec, see eg. https://serverfault.com/questions/15401 … ing-dnssec
"+nodnssec" would explicitly skip that record

on macOS,
dig +dnssec domain.org

; <<>> DiG 9.10.6 <<>> +dnssec domain.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61712
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
;; QUESTION SECTION:
;domain.org.			IN	A

;; ANSWER SECTION:domain.org.		300	IN	A	192.168.0.domain.org.		300	IN	RRSIG	A 13 2 300 20231009152829 20231007132829 34505 domain.org. xxFHRipBLXr1A5gMja1c6WMNKTIyTaOdBcl0W2s1Z615VY849x57Rv3a OwcFpoduNTSi5JN++vZhsRzLLjvD8A==

;; Query time: 134 msec
;; SERVER: 192.168.88.1#53(192.168.88.1) <-- note the server is my router
;; WHEN: Sun Oct 08 07:28:29 PDT 2023
;; MSG SIZE  rcvd: 167

On my archbox:
dig +dnssec domain.org

; <<>> DiG 9.18.19 <<>> +dnssec domain.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52058
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;domain.org.			IN	A

;; Query time: 203 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) <--- interestingly, not the same server... I find that odd? (becuaes arch box is directly connected to that router, while my laptop is connected wirelessly
;; WHEN: Sun Oct 08 07:29:14 PDT 2023
;; MSG SIZE  rcvd: 42

fixed a word

Last edited by whompyjaw (2023-10-08 14:36:45)

seth

Member

From: Don't DM me only for attention

Registered: 2012-09-03

Posts: 74,267

Re: PC can't find my cloudflare domain but mac laptop can

On arch just try

dig @192.168.88.1 domain.org

I highly suspect that the domain is only resolved by the DNS in your router (static entry or it got the name via dhcp) and you cannot resolve it anywhere else?

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

whompyjaw

Member

Registered: 2023-10-08

Posts: 10

Re: PC can't find my cloudflare domain but mac laptop can

On arch just try

dig @192.168.88.1 domain.org

I highly suspect that the domain is only resolved by the DNS in your router (static entry or it got the name via dhcp) and you cannot resolve it anywhere else?

I am not sure I fully follow what you mean, but running that command, it still does not resolve:

dig @192.168.88.1 domain.org

; <<>> DiG 9.18.19 <<>> @192.168.88.1 domain.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20437
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;domain.org.			IN	A

;; AUTHORITY SECTION:
.			113360	IN	NS	j.root-servers.net.
.			113360	IN	NS	d.root-servers.net.
.			113360	IN	NS	e.root-servers.net.
.			113360	IN	NS	f.root-servers.net.
.			113360	IN	NS	g.root-servers.net.
.			113360	IN	NS	l.root-servers.net.
.			113360	IN	NS	h.root-servers.net.
.			113360	IN	NS	b.root-servers.net.
.			113360	IN	NS	k.root-servers.net.
.			113360	IN	NS	c.root-servers.net.
.			113360	IN	NS	m.root-servers.net.
.			113360	IN	NS	i.root-servers.net.
.			113360	IN	NS	a.root-servers.net.

;; ADDITIONAL SECTION:
j.root-servers.net.	361778	IN	A	192.58.128.30
d.root-servers.net.	361764	IN	A	199.7.91.13
e.root-servers.net.	361883	IN	A	192.203.230.10
f.root-servers.net.	361765	IN	A	192.5.5.241
g.root-servers.net.	367260	IN	A	192.112.36.4
l.root-servers.net.	361762	IN	A	199.7.83.42
h.root-servers.net.	361762	IN	A	198.97.190.53
b.root-servers.net.	361567	IN	A	199.9.14.201
k.root-servers.net.	361761	IN	A	193.0.14.129
c.root-servers.net.	361756	IN	A	192.33.4.12
m.root-servers.net.	361757	IN	A	202.12.27.33
i.root-servers.net.	361765	IN	A	192.36.148.17
a.root-servers.net.	361754	IN	A	198.41.0.4

;; Query time: 83 msec
;; SERVER: 192.168.88.1#53(192.168.88.1) (UDP)
;; WHEN: Sun Oct 08 11:45:28 PDT 2023
;; MSG SIZE  rcvd: 450

Also, after clearing the cache on my mac using the commands, I was able to still ping domain.org and ssh, etc... It's odd that you can't ping the domain either? But I can on google's dig, lol...

I suspect you cannot dig it from your macbook either?

I am sure you saw my other post, but just want to confirm that I can dig on my mac. I can do everything on my macOS. ssh, ping, dig, nslookup, etc.

Out of curiousity, I ran the same dig @192 with trace and got this:

dig +trace @192.168.88.1 domain.org

; <<>> DiG 9.18.19 <<>> +trace @192.168.88.1 domain.org
; (1 server found)
;; global options: +cmd
.			113069	IN	NS	m.root-servers.net.
.			113069	IN	NS	i.root-servers.net.
.			113069	IN	NS	a.root-servers.net.
.			113069	IN	NS	j.root-servers.net.
.			113069	IN	NS	d.root-servers.net.
.			113069	IN	NS	e.root-servers.net.
.			113069	IN	NS	f.root-servers.net.
.			113069	IN	NS	g.root-servers.net.
.			113069	IN	NS	l.root-servers.net.
.			113069	IN	NS	h.root-servers.net.
.			113069	IN	NS	b.root-servers.net.
.			113069	IN	NS	k.root-servers.net.
.			113069	IN	NS	c.root-servers.net.
.			113069	IN	NS	i.root-servers.net.
.			113069	IN	NS	a.root-servers.net.
.			113069	IN	NS	j.root-servers.net.
.			113069	IN	NS	d.root-servers.net.
.			113069	IN	NS	e.root-servers.net.
.			113069	IN	NS	f.root-servers.net.
.			113069	IN	NS	g.root-servers.net.
.			113069	IN	NS	l.root-servers.net.
.			113069	IN	NS	h.root-servers.net.
.			113069	IN	NS	b.root-servers.net.
.			113069	IN	NS	k.root-servers.net.
.			113069	IN	NS	c.root-servers.net.
.			113069	IN	NS	m.root-servers.net.
;; Received 813 bytes from 192.168.88.1#53(192.168.88.1) in 0 ms

org.			5063	IN	NS	b2.org.afilias-nst.org.
org.			5063	IN	NS	d0.org.afilias-nst.org.
org.			5063	IN	NS	a2.org.afilias-nst.info.
org.			5063	IN	NS	b0.org.afilias-nst.org.
org.			5063	IN	NS	a0.org.afilias-nst.info.
org.			5063	IN	NS	c0.org.afilias-nst.info.
org.			47379	IN	DS	26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
;; Received 492 bytes from 198.41.0.4#53(a.root-servers.net) in 13 ms

;; UDP setup with 2001:500:40::1#53(2001:500:40::1) for domain.org failed: network unreachable.
;; UDP setup with 2001:500:40::1#53(2001:500:40::1) for domain.org failed: network unreachable.
;; UDP setup with 2001:500:40::1#53(2001:500:40::1) for domain.org failed: network unreachable.
;; Received 42 bytes from 199.19.53.1#53(c0.org.afilias-nst.info) in 13 ms

.

dig +trace @1.1.1.1 -4 domain.org 

; <<>> DiG 9.18.19 <<>> +trace @1.1.1.1 -4 domain.org
; (1 server found)
;; global options: +cmd
.			111855	IN	NS	j.root-servers.net.
.			111855	IN	NS	k.root-servers.net.
.			111855	IN	NS	l.root-servers.net.
.			111855	IN	NS	m.root-servers.net.
.			111855	IN	NS	a.root-servers.net.
.			111855	IN	NS	b.root-servers.net.
.			111855	IN	NS	c.root-servers.net.
.			111855	IN	NS	d.root-servers.net.
.			111855	IN	NS	e.root-servers.net.
.			111855	IN	NS	f.root-servers.net.
.			111855	IN	NS	g.root-servers.net.
.			111855	IN	NS	h.root-servers.net.
.			111855	IN	NS	i.root-servers.net.
;; Received 811 bytes from 1.1.1.1#53(1.1.1.1) in 16 ms

org.			4041	IN	NS	b2.org.afilias-nst.org.
org.			4041	IN	NS	c0.org.afilias-nst.info.
org.			4041	IN	NS	a0.org.afilias-nst.info.
org.			4041	IN	NS	b0.org.afilias-nst.org.
org.			4041	IN	NS	a2.org.afilias-nst.info.
org.			4041	IN	NS	d0.org.afilias-nst.org.
org.			82354	IN	DS	26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
;; Received 492 bytes from 192.112.36.4#53(g.root-servers.net) in 10 ms

org.			4041	IN	NS	b2.org.afilias-nst.org.
org.			4041	IN	NS	c0.org.afilias-nst.info.
org.			4041	IN	NS	a0.org.afilias-nst.info.
org.			4041	IN	NS	b0.org.afilias-nst.org.
org.			4041	IN	NS	a2.org.afilias-nst.info.
org.			4041	IN	NS	d0.org.afilias-nst.org.
org.			82354	IN	DS	26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
;; BAD (HORIZONTAL) REFERRAL
;; Received 492 bytes from 199.249.112.1#53(a2.org.afilias-nst.info) in 13 ms

org.			3839	IN	NS	c0.org.afilias-nst.info.
org.			3839	IN	NS	d0.org.afilias-nst.org.
org.			3839	IN	NS	a2.org.afilias-nst.info.
org.			3839	IN	NS	a0.org.afilias-nst.info.
org.			3839	IN	NS	b2.org.afilias-nst.org.
org.			3839	IN	NS	b0.org.afilias-nst.org.
org.			60433	IN	DS	26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
;; BAD (HORIZONTAL) REFERRAL
;; Received 492 bytes from 199.19.56.1#53(a0.org.afilias-nst.info) in 13 ms

org.			4040	IN	NS	b2.org.afilias-nst.org.
org.			4040	IN	NS	d0.org.afilias-nst.org.
org.			4040	IN	NS	a2.org.afilias-nst.info.
org.			4040	IN	NS	b0.org.afilias-nst.org.
org.			4040	IN	NS	a0.org.afilias-nst.info.
org.			4040	IN	NS	c0.org.afilias-nst.info.
org.			46356	IN	DS	26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
;; BAD (HORIZONTAL) REFERRAL
;; Received 492 bytes from 199.19.57.1#53(d0.org.afilias-nst.org) in 13 ms

org.			4041	IN	NS	b2.org.afilias-nst.org.
org.			4041	IN	NS	c0.org.afilias-nst.info.
org.			4041	IN	NS	a0.org.afilias-nst.info.
org.			4041	IN	NS	b0.org.afilias-nst.org.
org.			4041	IN	NS	a2.org.afilias-nst.info.
org.			4041	IN	NS	d0.org.afilias-nst.org.
org.			82354	IN	DS	26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
;; BAD (HORIZONTAL) REFERRAL
;; Received 492 bytes from 199.19.54.1#53(b0.org.afilias-nst.org) in 13 ms

domain.org.		2285	IN	NS	arturo.ns.cloudflare.com.
domain.org.		2285	IN	NS	walk.ns.cloudflare.com.
;; Received 99 bytes from 199.19.53.1#53(c0.org.afilias-nst.info) in 13 ms

domain.org.		2285	IN	NS	arturo.ns.cloudflare.com.
domain.org.		2285	IN	NS	walk.ns.cloudflare.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 99 bytes from 172.64.35.216#53(arturo.ns.cloudflare.com) in 10 ms

domain.org.		2285	IN	NS	arturo.ns.cloudflare.com.
domain.org.		2285	IN	NS	walk.ns.cloudflare.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 99 bytes from 108.162.195.216#53(arturo.ns.cloudflare.com) in 10 ms

domain.org.		2572	IN	NS	walk.ns.cloudflare.com.
domain.org.		2572	IN	NS	arturo.ns.cloudflare.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 99 bytes from 162.159.44.216#53(arturo.ns.cloudflare.com) in 10 ms

domain.org.		2572	IN	NS	walk.ns.cloudflare.com.
domain.org.		2572	IN	NS	arturo.ns.cloudflare.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 99 bytes from 162.159.44.216#53(arturo.ns.cloudflare.com) in 20 ms

domain.org.		2285	IN	NS	arturo.ns.cloudflare.com.
domain.org.		2285	IN	NS	walk.ns.cloudflare.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 99 bytes from 108.162.195.216#53(arturo.ns.cloudflare.com) in 10 ms

domain.org.		2285	IN	NS	arturo.ns.cloudflare.com.
domain.org.		2285	IN	NS	walk.ns.cloudflare.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 99 bytes from 108.162.194.128#53(walk.ns.cloudflare.com) in 6 ms

org.			4041	IN	NS	b2.org.afilias-nst.org.
org.			4041	IN	NS	c0.org.afilias-nst.info.
org.			4041	IN	NS	a0.org.afilias-nst.info.
org.			4041	IN	NS	b0.org.afilias-nst.org.
org.			4041	IN	NS	a2.org.afilias-nst.info.
org.			4041	IN	NS	d0.org.afilias-nst.org.
org.			82354	IN	DS	26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
;; BAD REFERRAL
;; Received 492 bytes from 162.159.44.216#53(arturo.ns.cloudflare.com) in 6 ms

MacBook-Pro-2 ~ % dig +trace -4 domain.org

; <<>> DiG 9.10.6 <<>> +trace -4 domain.org
;; global options: +cmd
.			517602	IN	NS	a.root-servers.net.
.			517602	IN	NS	b.root-servers.net.
.			517602	IN	NS	c.root-servers.net.
.			517602	IN	NS	d.root-servers.net.
.			517602	IN	NS	e.root-servers.net.
.			517602	IN	NS	f.root-servers.net.
.			517602	IN	NS	g.root-servers.net.
.			517602	IN	NS	h.root-servers.net.
.			517602	IN	NS	i.root-servers.net.
.			517602	IN	NS	j.root-servers.net.
.			517602	IN	NS	k.root-servers.net.
.			517602	IN	NS	l.root-servers.net.
.			517602	IN	NS	m.root-servers.net.
.			517602	IN	RRSIG	NS 8 0 518400 20231021050000 20231008040000 46780 . cs7LoUjelfJ3+xgN5f4D/AdOMi2qmpj7ZtfZLUWTBbYZNeRckFTfQf1h WdDc7O7J/FOF3ScypUvOxSOQmCBwVvrzvUa3bqXaFX9DGUgH9VvAB78B C0fuRLaDi0Ac9EVQfNxA5ulkjMwttRFbKTeL0h2sb9PPfVaGDJUvzEVG XIb8YMao4Vqgh9+QZYZ9g3I99ya8LsP8GmxHcUZkS+5gARipnInvfUxH 4UlIRk1nXDbgnmYicGDStW+SWVi44IMxaHQW0zCjU46a0x8beMgnLdzu xIPeezbpWztxWCF33NbaBwi+Zv2JjFPH/4mmbv1vCPREa5sLdWgttgVF EJqB+w==
;; Received 525 bytes from 192.168.88.1#53(192.168.88.1) in 7 ms

domain.org.		2640	IN	NS	walk.ns.cloudflare.com.
domain.org.		2640	IN	NS	arturo.ns.cloudflare.com.
;; Received 99 bytes from 192.58.128.30#53(j.root-servers.net) in 18 ms

domain.org.		1161	IN	NS	walk.ns.cloudflare.com.
domain.org.		1161	IN	NS	arturo.ns.cloudflare.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 99 bytes from 172.64.35.216#53(arturo.ns.cloudflare.com) in 99 ms

domain.org.		2640	IN	NS	walk.ns.cloudflare.com.
domain.org.		2640	IN	NS	arturo.ns.cloudflare.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 99 bytes from 108.162.195.216#53(arturo.ns.cloudflare.com) in 16 ms

domain.org.		2353	IN	NS	arturo.ns.cloudflare.com.
domain.org.		2353	IN	NS	walk.ns.cloudflare.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 99 bytes from 172.64.34.128#53(walk.ns.cloudflare.com) in 11 ms

org.			4108	IN	NS	b2.org.afilias-nst.org.
org.			4108	IN	NS	d0.org.afilias-nst.org.
org.			4108	IN	NS	a2.org.afilias-nst.info.
org.			4108	IN	NS	b0.org.afilias-nst.org.
org.			4108	IN	NS	a0.org.afilias-nst.info.
org.			4108	IN	NS	c0.org.afilias-nst.info.
org.			46424	IN	DS	26974 8 2 4FEDE294C53F438A158C41D39489CD78A86BEB0D8A0AEAFF14745C0D 16E1DE32
;; BAD REFERRAL
;; Received 492 bytes from 162.159.44.216#53(arturo.ns.cloudflare.com) in 12 ms

It is so bizarre to me that I can ssh and ping the domain name in my mac (even after clearing the cache), but I can't get a successful dig. What does that mean?

digging google succeeds on my linux and my mac.
MacBook-Pro-2 ~ % dig +trace -4 google.com

; <<>> DiG 9.10.6 <<>> +trace -4 google.com
;; global options: +cmd
.			517088	IN	NS	a.root-servers.net.
.			517088	IN	NS	b.root-servers.net.
.			517088	IN	NS	c.root-servers.net.
.			517088	IN	NS	d.root-servers.net.
.			517088	IN	NS	e.root-servers.net.
.			517088	IN	NS	f.root-servers.net.
.			517088	IN	NS	g.root-servers.net.
.			517088	IN	NS	h.root-servers.net.
.			517088	IN	NS	i.root-servers.net.
.			517088	IN	NS	j.root-servers.net.
.			517088	IN	NS	k.root-servers.net.
.			517088	IN	NS	l.root-servers.net.
.			517088	IN	NS	m.root-servers.net.
.			517088	IN	RRSIG	NS 8 0 518400 20231021050000 20231008040000 46780 . cs7LoUjelfJ3+xgN5f4D/AdOMi2qmpj7ZtfZLUWTBbYZNeRckFTfQf1h WdDc7O7J/FOF3ScypUvOxSOQmCBwVvrzvUa3bqXaFX9DGUgH9VvAB78B C0fuRLaDi0Ac9EVQfNxA5ulkjMwttRFbKTeL0h2sb9PPfVaGDJUvzEVG XIb8YMao4Vqgh9+QZYZ9g3I99ya8LsP8GmxHcUZkS+5gARipnInvfUxH 4UlIRk1nXDbgnmYicGDStW+SWVi44IMxaHQW0zCjU46a0x8beMgnLdzu xIPeezbpWztxWCF33NbaBwi+Zv2JjFPH/4mmbv1vCPREa5sLdWgttgVF EJqB+w==
;; Received 525 bytes from 192.168.88.1#53(192.168.88.1) in 3 ms

google.com.		79	IN	A	172.217.12.142
;; Received 55 bytes from 192.33.4.12#53(c.root-servers.net) in 13 ms

whompyjaw

Member

Registered: 2023-10-08

Posts: 10

Re: PC can't find my cloudflare domain but mac laptop can

I asked my friend to run

 dig +trace -4 domain.org 

and it worked. He ran that command on his mac and it went all the way through without an issue (or any horizontal). And it shows the correct ip address. You said you couldn't dig the domain I sent you? Can you run that command on your side and confirm that it works, as well?

I asked another friend to run the command but he can't until later. I think he has an arch install as well.

This is so hilariously convoluted and confusing... It *must* be my linux install. There is something I am missing in my install config. Because the server itself also fails to dig itself. Which idk if that is a thing.

Last edited by whompyjaw (2023-10-08 19:23:05)

seth

Member

From: Don't DM me only for attention

Registered: 2012-09-03

Posts: 74,267

Re: PC can't find my cloudflare domain but mac laptop can

https://toolbox.googleapps.com/apps/dig/#A/ tells me "Record not found!" for your domain - did you test that on the mac or some other system?

It is so bizarre to me that I can ssh and ping the domain name in my mac (even after clearing the cache), but I can't get a successful dig. What does that mean?

The domain might be resolved by other means, eg. mdns, but https://bbs.archlinux.org/viewtopic.php … 5#p2125165 suggested that you can dig the domain from your mac, but the response is from your routers DNS.
It did however resolve a local IP that looks very much dhcp advertised, but however the mac currently resolves the domain, it's not in the public record.

If you ping it from your mac, what IP gets ping and what IP responds?
(It they start w/ "192.168" that's the LAN IP)

Edit: tell your first friend to try that w/ google.com, there'll be an "A" record

google.com.             300     IN      A       123.45.67.89

Does he get the same kind of line for your IP?
And what do the first two numbers look like?

Edit #2:

It *must* be my linux install.

No. Whatever you're looking at right now, the domain you sent is not in the public records and is not widely resolvable.

Edit #3: you can try https://www.heise.de/netze/tools/dns/ (german, but should be understandable)

Last edited by seth (2023-10-08 19:54:11)

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

whompyjaw

Member

Registered: 2023-10-08

Posts: 10

Re: PC can't find my cloudflare domain but mac laptop can

https://toolbox.googleapps.com/apps/dig/#A/ tells me "Record not found!" for your domain - did you test that on the mac or some other system?

I tested it on my archbox and mac and they both return a correct value. And if I try CNAME with ssh.domain.org it returns correctly (the target being correct and ip addr)

Assuming you are located in germany, it seems like the domain has progated to all servers in Germany:
https://dnschecker.org/country/de/#A/domain.org  (tested on arch)

https://www.whatsmydns.net/dns-lookup?q … cloudflare
returns correctly (tested on arch)

If you ping it from your mac, what IP gets ping and what IP responds?
(It they start w/ "192.168" that's the LAN IP)

It targets 192.168.#.### and returns 192.168.#.### (they match)

- I am not sure if this might help, but I tried to update my /etc/resolv.conf to match my macOS and that didn't work.
- Interestingly, when I turn on mullvad and connect, I can "ping domain.org" and it targets the correct ip address, but no pings come back. (sent 44 packets with no respones) Not sure if this is a cloudflare thing or a mullvad thing.

It did however resolve a local IP that looks very much dhcp advertised, but however the mac currently resolves the domain, it's not in the public record.
No. Whatever you're looking at right now, the domain you sent is not in the public records and is not widely resolvable.

I am not sure if this is true given the results I send above with the DNS checks. It seems to be pretty well populated?

- I asked my friend, I will report back.

- Small note, when I turn on "Proxied" in cloudflare for the CNAME, pinging test.domain.org works from arch and macos, but it's incredibly slow to print on arch (even tho the time is 12ms), but prints quickly on macos. Not sure if this is a bash vs zsh... No idea why arch prints it so slow when the response time is quick.

ping test.domain.org
PING test.domain.org (104.21.82.62) 56(84) bytes of data.
64 bytes from 104.21.82.62: icmp_seq=1 ttl=57 time=12.7 ms
64 bytes from 104.21.82.62: icmp_seq=2 ttl=57 time=12.3 ms

If I ping just the domain, arch still can't find the host. "ping: domain.org: No address associated with hostname"

But with this proxy feature, I can't ssh into the server from my archbox, so it's kind of annoying.

whompyjaw

Member

Registered: 2023-10-08

Posts: 10

Re: PC can't find my cloudflare domain but mac laptop can

tell your first friend to try that w/ google.com, there'll be an "A" record

Not exactly that same IP, but here is one of them
google.com. 300 IN A 64.233.177.101
(has many other IP's)

seth

Member

From: Don't DM me only for attention

Registered: 2012-09-03

Posts: 74,267

Re: PC can't find my cloudflare domain but mac laptop can

It targets 192.168.#.### and returns 192.168.#.### (they match)

Ie. macos resovles an IP in your LAN, not a public one. This is meaningless outside your LAN.

Interestingly, when I turn on mullvad and connect, I can "ping domain.org" and it targets the correct ip address, but no pings come back.

Which is why you can't reach it via VPN…

Assuming you are located in germany, it seems like the domain has progated to all servers in Germany:
https://dnschecker.org/country/de/#A/domain.org  (tested on arch)

No. The domain you sent isn't known on any server there.

Not exactly that same IP, but here is one of them

Googles IPs aren't relevant, I'm just wondering what your friend actually saw and whether it's one of the nameservers that show up in the trace or the actual A-record for your donain.

when I turn on "Proxied" in cloudflare for the CNAME

You're now resolving a cloudflare server and ping a public IP.

No idea why arch prints it so slow when the response time is quick.

Try "ping -n test.domain.org"

Coming back to

I setup a domain on cloudflare that points to my homeserver's ip address

What are the first two numbers of the IP you put there?

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc