Cloudflare not resolving adobe.com?

janeden

8/29/23, 6:04 PM

in my setup, a local Bind9 server forwards DNS requests to Cloudflare (1.1.1.1) with DNSSEC activated. My syslog shows many timeout entries for well known domain names (like adobe.com):

Apr 28 19:39:01 myserver named[756]: timed out resolving 'adobeid-na1.services.adobe.com/HTTPS/IN': 1.1.1.1#53 
Apr 28 19:39:03 myserver named[756]: timed out resolving 'adobelogin.com/HTTPS/IN': 1.1.1.1#53 
Apr 28 19:39:04 myserver named[756]: timed out resolving 'www.adobe.com/HTTPS/IN': 1.1.1.1#53 
Apr 28 19:39:04 myserver named[756]: timed out resolving 'ims-na1.adobelogin.com/HTTPS/IN': 1.1.1.1#53 
Apr 28 19:39:04 myserver named[756]: timed out resolving 'sstats.adobe.com/HTTPS/IN': 1.1.1.1#53 
Apr 28 19:39:04 myserver named[756]: timed out resolving 'auth.services.adobe.com/HTTPS/IN': 1.1.1.1#53 
Apr 28 19:39:04 myserver named[756]: timed out resolving 'geo2.adobe.com/HTTPS/IN': 1.1.1.1#53 
Apr 28 19:39:05 myserver named[756]: timed out resolving 'images-tv.adobe.com/HTTPS/IN': 1.1.1.1#53 
Apr 28 19:42:46 myserver named[756]: timed out resolving 'adobeid-na1.services.adobe.com/HTTPS/IN': 1.1.1.1#53 
Apr 28 19:42:46 myserver named[756]: timed out resolving 'ims-na1.adobelogin.com/HTTPS/IN': 1.1.1.1#53 
Apr 28 19:42:46 myserver named[756]: timed out resolving 'auth.services.adobe.com/HTTPS/IN': 1.1.1.1#53

but the domain names are resolved properly with nslookup. What is happening here?

Thanks, Jan

0 + 0

domain-name-system

bind

cloudflare

Patrick Mevzek

8/29/23, 10:42 PM

Your log shows only records for `HTTPS` type, which is new and not yet standard, even if already deployed by some. Do you have problems with other record types too?

janeden

8/30/23, 4:58 PM

Thanks – I did not notice, but indeed all timeouts refer to HTTPS records. I am not familiar with the intricacies of DNS records – is there a way to fix this?

Patrick Mevzek

9/2/23, 3:23 AM

Maybe an issue with packet sizes. Of course make sure TCP/53 is open as well as UDP/53. Otherwise look at your network trafic. Cloudflare DNS resolver has no issue resolving those HTTPS records from my tests.