Yes I get the same results as you with nslookup
.
But am not sure what nslookup
does under the hood.
Where 1.1.1.1
is different compared to the others is that it supplies ADDITIONAL
records:
pi@ph5b:~ $ dig +notcp @1.1.1.1 . ns
; <<>> DiG 9.16.22-Raspbian <<>> +notcp +additional @1.1.1.1 . ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7181
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 511735 IN NS a.root-servers.net.
. 511735 IN NS b.root-servers.net.
. 511735 IN NS c.root-servers.net.
. 511735 IN NS d.root-servers.net.
. 511735 IN NS e.root-servers.net.
. 511735 IN NS f.root-servers.net.
. 511735 IN NS g.root-servers.net.
. 511735 IN NS h.root-servers.net.
. 511735 IN NS i.root-servers.net.
. 511735 IN NS j.root-servers.net.
. 511735 IN NS k.root-servers.net.
. 511735 IN NS l.root-servers.net.
. 511735 IN NS m.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 511735 IN A 198.41.0.4
a.root-servers.net. 511735 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 511735 IN A 199.9.14.201
b.root-servers.net. 511735 IN AAAA 2001:500:200::b
c.root-servers.net. 511735 IN A 192.33.4.12
c.root-servers.net. 511735 IN AAAA 2001:500:2::c
d.root-servers.net. 511735 IN A 199.7.91.13
d.root-servers.net. 511735 IN AAAA 2001:500:2d::d
e.root-servers.net. 511735 IN A 192.203.230.10
e.root-servers.net. 511735 IN AAAA 2001:500:a8::e
f.root-servers.net. 511735 IN A 192.5.5.241
f.root-servers.net. 511735 IN AAAA 2001:500:2f::f
g.root-servers.net. 511735 IN A 192.112.36.4
g.root-servers.net. 511735 IN AAAA 2001:500:12::d0d
h.root-servers.net. 511735 IN A 198.97.190.53
h.root-servers.net. 511735 IN AAAA 2001:500:1::53
i.root-servers.net. 511735 IN A 192.36.148.17
i.root-servers.net. 511735 IN AAAA 2001:7fe::53
j.root-servers.net. 511735 IN A 192.58.128.30
j.root-servers.net. 511735 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 511735 IN A 193.0.14.129
k.root-servers.net. 511735 IN AAAA 2001:7fd::1
l.root-servers.net. 511735 IN A 199.7.83.42
l.root-servers.net. 511735 IN AAAA 2001:500:9f::42
m.root-servers.net. 511735 IN A 202.12.27.33
m.root-servers.net. 511735 IN AAAA 2001:dc3::35
;; Query time: 19 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Oct 02 03:31:06 CEST 2022
;; MSG SIZE rcvd: 811
Vs Google @8.8.8.8:
pi@ph5b:~ $ dig +notcp @8.8.8.8 . ns
; <<>> DiG 9.16.22-Raspbian <<>> +notcp +additional @8.8.8.8 . ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54956
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 64927 IN NS a.root-servers.net.
. 64927 IN NS b.root-servers.net.
. 64927 IN NS c.root-servers.net.
. 64927 IN NS d.root-servers.net.
. 64927 IN NS e.root-servers.net.
. 64927 IN NS f.root-servers.net.
. 64927 IN NS g.root-servers.net.
. 64927 IN NS h.root-servers.net.
. 64927 IN NS i.root-servers.net.
. 64927 IN NS j.root-servers.net.
. 64927 IN NS k.root-servers.net.
. 64927 IN NS l.root-servers.net.
. 64927 IN NS m.root-servers.net.
;; Query time: 9 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Oct 02 03:41:52 CEST 2022
;; MSG SIZE rcvd: 239
Quad9 (9.9.9.9
) and Level3 (4.2.2.1
) reply the same as Google.
And I can reproduce the truncating with dig
if I tell it to drop EDNS support (+noedns
) which limits UDP packet size to 512 bytes max:
pi@ph5b:~ $ dig +notcp +noedns @1.1.1.1 . ns
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.16.22-Raspbian <<>> +notcp +additional +noedns @1.1.1.1 . ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5891
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 26
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 510468 IN NS a.root-servers.net.
. 510468 IN NS b.root-servers.net.
. 510468 IN NS c.root-servers.net.
. 510468 IN NS d.root-servers.net.
. 510468 IN NS e.root-servers.net.
. 510468 IN NS f.root-servers.net.
. 510468 IN NS g.root-servers.net.
. 510468 IN NS h.root-servers.net.
. 510468 IN NS i.root-servers.net.
. 510468 IN NS j.root-servers.net.
. 510468 IN NS k.root-servers.net.
. 510468 IN NS l.root-servers.net.
. 510468 IN NS m.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 510468 IN A 198.41.0.4
a.root-servers.net. 510468 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 510468 IN A 199.9.14.201
b.root-servers.net. 510468 IN AAAA 2001:500:200::b
c.root-servers.net. 510468 IN A 192.33.4.12
c.root-servers.net. 510468 IN AAAA 2001:500:2::c
d.root-servers.net. 510468 IN A 199.7.91.13
d.root-servers.net. 510468 IN AAAA 2001:500:2d::d
e.root-servers.net. 510468 IN A 192.203.230.10
e.root-servers.net. 510468 IN AAAA 2001:500:a8::e
f.root-servers.net. 510468 IN A 192.5.5.241
f.root-servers.net. 510468 IN AAAA 2001:500:2f::f
g.root-servers.net. 510468 IN A 192.112.36.4
g.root-servers.net. 510468 IN AAAA 2001:500:12::d0d
h.root-servers.net. 510468 IN A 198.97.190.53
h.root-servers.net. 510468 IN AAAA 2001:500:1::53
i.root-servers.net. 510468 IN A 192.36.148.17
i.root-servers.net. 510468 IN AAAA 2001:7fe::53
j.root-servers.net. 510468 IN A 192.58.128.30
j.root-servers.net. 510468 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 510468 IN A 193.0.14.129
k.root-servers.net. 510468 IN AAAA 2001:7fd::1
l.root-servers.net. 510468 IN A 199.7.83.42
l.root-servers.net. 510468 IN AAAA 2001:500:9f::42
m.root-servers.net. 510468 IN A 202.12.27.33
m.root-servers.net. 510468 IN AAAA 2001:dc3::35
;; Query time: 9 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Oct 02 03:47:28 CEST 2022
;; MSG SIZE rcvd: 800
As the others dont supply ADDITIONAL
records, the 239 bytes answer they return is well below the 512 bytes UDP limit.
And the 800 bytes answer from 1.1.1.1
, with ADDITIONAL
records, exceeds the 512 bytes limit (if no EDNS support).
Thats the only thing I can think of causing the truncating when querying 1.1.1.1
if compare with the others.
Something along the path upstream to 1.1.1.1
limiting UDP packet size or doesnt support EDNS which amongst others allows larger packets.
And if I did my research correctly, ADDITIONAL
records only comes with EDNS (correct me if I'm wrong pls?):
https://www.ietf.org/rfc/rfc2671.txt
I also noticed an inconsistency in number of ADDITIONAL
records when flipping +noedns
which I cant explain:
pi@ph5b:~ $ dig +notcp @1.1.1.1 . ns
[..]
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27
pi@ph5b:~ $ dig +notcp +noedns @1.1.1.1 . ns
[..]
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 26
I counted them for both ouputs and it should be 26.
Am not sure if all this is related with the original issue from your OP though
Have you tried selecting another upstream DNS provider, not Cloudflare, to see if the excessive dot queries stop?