Hacker News new | past | comments | ask | show | jobs | submit login

Recursive DNS servers can also throw you off the scent a bit by giving you an answer that is not the same as the authoritative server.

I've seen 8.8.8.8 return something other than NXDOMAIN for some domains that do not exist

Cloudflare will not honour dns ANY requests

Knowing how to query the authoritative nameservers is a handy tool for debugging.




Agreed. There's a lot of 'magic' that goes into running a quality recursive resolver, least of which is eDNS0 and EDNS Client Subnet - which intentionally returns different answers based on the requester's source IP -- in most cases for the most-optimal CDN location to be returned.

Test with:

dig @ns1.google.com www.google.es +subnet=193.8.172.75/24

dig @ns1.google.com www.google.es +subnet=157.88.0.0/16

Note how you get different IPs returned.


Here's a pretty clear demo of different results around the world: https://wheresitup.com/demo/results/5ef1403cb8e31e3fb3298503




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: