NXDOMAIN errors

derousse · July 12, 2020, 7:44pm

Lately I've been having problems with some websites failing. They are not in the blocklist, yet they work when I temporarily disable pihole.
An example is www.gmfinancial.com

Expected Behaviour:

The website should display normally.

Actual Behaviour:

Browser is responding with DNS_PROBE_FINISHED_NXDOMAIN

Jul 12 13:51:58 dnsmasq[1589]: query[A] www.gmfinancial.com from 192.168.1.81
Jul 12 13:51:58 dnsmasq[1589]: forwarded www.gmfinancial.com to 1.1.1.3
Jul 12 13:51:58 dnsmasq[1589]: reply www.gmfinancial.com is
Jul 12 13:51:58 dnsmasq[1589]: query[A] www.gmfinancial.com from 192.168.1.81
Jul 12 13:51:58 dnsmasq[1589]: forwarded www.gmfinancial.com to 1.1.1.3
Jul 12 13:51:58 dnsmasq[1589]: reply www.gmfinancial.com is
Jul 12 13:51:58 dnsmasq[1589]: query[A] growth-pa.googleapis.com from 192.168.1.51
Jul 12 13:51:58 dnsmasq[1589]: forwarded growth-pa.googleapis.com to 1.1.1.3
Jul 12 13:51:58 dnsmasq[1589]: query[A] www.gmfinancial.com.lan from 192.168.1.81
Jul 12 13:51:58 dnsmasq[1589]: cached www.gmfinancial.com.lan is NXDOMAIN

Dig reports the following:
pi@raspberrypi:/var/log $ dig www.gmfinancial.com

; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> www.gmfinancial.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22748
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.gmfinancial.com. IN A

;; ANSWER SECTION:
www.gmfinancial.com. 132 IN CNAME www.gmfinancial.com.edgekey.net.
www.gmfinancial.com.edgekey.net. 8522 IN CNAME e35521.a.akamaiedge.net.
e35521.a.akamaiedge.net. 19 IN A 23.56.168.42
e35521.a.akamaiedge.net. 19 IN A 23.56.168.16

;; Query time: 38 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Sun Jul 12 13:56:26 CDT 2020
;; MSG SIZE rcvd: 159

Another example is southwest.com. For this, I'm seeing the following in the pihole log:
Jul 12 13:59:41 dnsmasq[1589]: query[A] www.southwest.com from 192.168.1.81
Jul 12 13:59:41 dnsmasq[1589]: forwarded www.southwest.com to 1.1.1.3
Jul 12 13:59:41 dnsmasq[1589]: reply www.southwest.com is
Jul 12 13:59:41 dnsmasq[1589]: query[A] www.southwest.com from 192.168.1.81
Jul 12 13:59:41 dnsmasq[1589]: forwarded www.southwest.com to 1.1.1.3
Jul 12 13:59:41 dnsmasq[1589]: reply www.southwest.com is
Jul 12 13:59:41 dnsmasq[1589]: query[A] www.southwest.com.lan from 192.168.1.81
Jul 12 13:59:41 dnsmasq[1589]: cached www.southwest.com.lan is NXDOMAIN

Debug Token:

https://tricorder.pi-hole.net/bk1x3aha2v

yubiuser · July 12, 2020, 7:51pm

This shows that you get the IPs of the requested domain.
What fails is

(Note the added .lan). It seems your browser added your local domain name to the query. But for this domain pihole returns NXDOMAIN because it doesn't exist.

What is shown in your query log then you access www.gmfinancial.com?
What OS (on your client) and browser do you use?

derousse · July 13, 2020, 12:23am

What do you mean by the query log?

The client is Chrome running on ChromeOS (Chromebook).

DanSchaper · July 13, 2020, 12:37am

You're using an external service that is doing additional filtering.

derousse:

Jul 12 13:51:58 dnsmasq[1589]: query[A] [www.gmfinancial.com] from 192.168.1.81
Jul 12 13:51:58 dnsmasq[1589]: forwarded [www.gmfinancial.com] to 1.1.1.3
Jul 12 13:51:58 dnsmasq[1589]: reply [www.gmfinancial.com] is

There is no response back from 1.1.1.3 for that domain. Your Windows client gets that lack of response and tries again with the local .lan appended:

That is indeed NXDOMAIN, since it doesn't exist.

Look at the server that answered your dig. It's neither Pi-hole nor 1.1.1.3.

It's the same situation for southwest, 1.1.1.3 isn't giving any IP back for the query.

yubiuser · July 13, 2020, 8:27am

Maybe it was a false positive on their list, 1.1.1.3 does now return the IPs for www.gmfinancial.com

nanopi@nanopi:~$ dig www.gmfinancial.com @1.1.1.3

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> www.gmfinancial.com @1.1.1.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63178
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.gmfinancial.com.		IN	A

;; ANSWER SECTION:
www.gmfinancial.com.	300	IN	CNAME	www.gmfinancial.com.edgekey.net.
www.gmfinancial.com.edgekey.net. 21600 IN CNAME	e35521.a.akamaiedge.net.
e35521.a.akamaiedge.net. 20	IN	A	2.16.128.113
e35521.a.akamaiedge.net. 20	IN	A	2.16.128.18

;; Query time: 102 msec
;; SERVER: 1.1.1.3#53(1.1.1.3)
;; WHEN: Mo Jul 13 10:25:05 CEST 2020
;; MSG SIZE  rcvd: 178

derousse · July 13, 2020, 10:49am

Both sites are working now, so maybe this was some temporary issue. Thanks for the help.

system · August 3, 2020, 10:49am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.