Building a nameserver, Google won't recognise our records?

We're building an experimental nameserver in Python, using the standard dnslib library.

It appears to work, we have delegated a test subdomain, midsummer.beltaine.co.uk to it, and it serves the expected answers for the records in its config file.

Using the venerable squish.net DNS checker shows no faults and perfect resolution. Other major DNS test tools also report all is well with the subdomain.

Cloudflare's public resolver at 1.1.1.1 happily serves our records when asked.

However Google's public DNS at 8.8.8.8 / 8.8.4.4 return blank records for all queries for the subdomain.

Using the test tools provided at https://dns.google, if I try and look up say the NS records, this is what it shows - it seems to think no answer is being returned.

{
  "Status": 0 /* NOERROR */,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": false,
  "CD": false,
  "Question": [
    {
      "name": "midsummer.beltaine.co.uk.",
      "type": 2 /* NS */
    }
  ],
  "Comment": "Response from 195.82.107.179."
}

However when I do a dig at that IP (which is the host two.beltaine.co.uk, one of the two authoritative servers for the subdomain), the expected data is returned:

:~> dig @195.82.107.179 midsummer.beltaine.co.uk ns

; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> @195.82.107.179 midsummer.beltaine.co.uk ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15616
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;midsummer.beltaine.co.uk.      IN      NS

;; ANSWER SECTION:
midsummer.beltaine.co.uk. 3600  IN      NS      one.beltaine.co.uk.
midsummer.beltaine.co.uk. 3600  IN      NS      two.beltaine.co.uk.

;; Query time: 17 msec
;; SERVER: 195.82.107.179#53(195.82.107.179)
;; WHEN: Sat Jul 08 15:40:27 BST 2023
;; MSG SIZE  rcvd: 78

The delegation is being done complete with glue records, as is normal:

:~> dig @d.ns.as8401.net midsummer.beltaine.co.uk a

;; QUESTION SECTION:
;midsummer.beltaine.co.uk.      IN      NS

;; AUTHORITY SECTION:
midsummer.beltaine.co.uk. 3600  IN      NS      one.beltaine.co.uk.
midsummer.beltaine.co.uk. 3600  IN      NS      two.beltaine.co.uk.

;; ADDITIONAL SECTION:
one.beltaine.co.uk.     1812    IN      A       212.85.249.179
two.beltaine.co.uk.     1812    IN      A       195.82.107.179

I'm guessing the server is failing to set or serve something, but not sure what?

Problem identified and solution found.

It turns out that Google's DNS randomly capitalises letters in the DNS query when looking up answers on authoritative servers. Which meant that when asked for "midsummer.beltaine.co.uk", by a dig or using the test we interface, what they actually asked our server for would be (for example) "mIdsUMmer.beLtAINe.Co.uK". I know DNS is meant to be case-insensitive but we'd neglected to lowercase the incoming queries, so when the script compared what it received with the data from its config (which is lowercase), there was no match.

Adding the code to lowercase the received query solved the problem and the test subdomain is now being served correctly.

This was the missing code:

qname = str(request.q.qname).lower()  # Convert to lowercase

Which just goes to show always check the basics before assuming something esoteric is happening. The problem was found by doing a tcpdump on the incoming interface and port, which showed the randomly capitalised queries.