Our customers make quite a few domain checks towards Google public DNS with the following domains <userid>.sip.teltel.io, but they often fail. To others, like Cloudflare it is always successful.
When we run nslookup in a loop towards 8.8.8.8, about 80% of the time Google fails to resolve. To 1.1.1.1 it is always successful. See below a failed example:
Request:
while :
do
nslookup 7157599388.sip.teltel.io 8.8.8.8
done
Response:
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find 7157599388.sip.teltel.io: NXDOMAIN
Additionally, when doing a dig towards 8.8.8.8 sometimes it fails, sometimes not:
Does anyone have an idea why?
Thank you in advance!
From a
dig +trace 7157599388.sip.teltel.ioquery:We can see that the sip.teltel.io subdomain is delegated from the CloudFlare DNS servers to the ns1.teltel.io and ns2.teltel.io nameservers.
For starters those two nameservers records both resolve to 3.9.142.25. When you don't have redundant DNS servers you might as well only use a single NS record and live with that single point of failure.
Also the zone for the sip.teltel.io subdomain currently still does not contain any NS records and the query
dig -t NS sip.teltel.io @ns1.teltel.iostill fails. See Why do DNS zone files require NS records? and Clarification of why DNS zone files require NS records for more detailed reasoning of why that is bad.I don't know if either of those is the reason resolving fails intermittently though.