Why won't my recursive DNS resolver resolve this domain?

domain-name-system bind

I am using bind9 as a recursive resolver and it works beautifully for 99% of domains.

However it returns an NXDOMAIN for this one michaelkors.scene7.com even though some public nameservers return an answer for it.

What is curious is that in the linked online DNS utility, some servers report one IP, others another IP, and the authoritative servers don't return any records at all.

It seems like the nameservers for this domain are misconfigured, but then how come Google and Cloudflare are returning results? Are they perhaps just returning cached results?

What can one do in situations like this?

Update: It looks as if my bind is trying to use their IPV6 nameservers.

Problem is I don't have IPV6 connectivity. How does one turn this off in bind9?

13-Sep-2021 15:41:52.907 queries: client @0x8233e3000 192.168.1.4#33106 (michaelkors.scene7.com): query: michaelkors.scene7.com IN A +E(0) (192.168.1.4)
13-Sep-2021 15:41:53.299 lame-servers: host unreachable resolving 'ns201.adobe.net/A/IN': 2001:502:8cc::30#53
...
13-Sep-2021 15:41:53.301 lame-servers: host unreachable resolving 'ns204.adobe.net/AAAA/IN': 2001:500:d937::30#53
13-Sep-2021 15:41:53.409 query-errors: client @0x8233e3000 192.168.1.4#33106 (michaelkors.scene7.com): query failed (SERVFAIL) for michaelkors.scene7.com/IN/A at query.c:8678
13-Sep-2021 15:41:53.414 queries: client @0x824194000 192.168.1.22#61146 (michaelkors.scene7.com): query: michaelkors.scene7.com IN A + (192.168.1.4)
13-Sep-2021 15:41:53.414 query-errors: client @0x824194000 192.168.1.22#61146 (michaelkors.scene7.com): query failed (SERVFAIL) for michaelkors.scene7.com/IN/A at query.c:7118

Update 2: After disabling IPV6 with the -4 flag, I am still unable to resolve that domain. Here is the log output now:

3-Sep-2021 16:09:18.392 queries: client @0x823293a00 192.168.1.22#51775 (michaelkors.scene7.com): query: michaelkors.scene7.com IN A + (192.168.1.4)
13-Sep-2021 16:09:18.394 query-errors: client @0x823293a00 192.168.1.22#51775 (michaelkors.scene7.com): query failed (SERVFAIL) for michaelkors.scene7.com/IN/A at query.c:8678
13-Sep-2021 16:09:18.395 queries: client @0x823293000 192.168.1.22#58047 (michaelkors.scene7.com.localnet): query: michaelkors.scene7.com.localnet IN A + (192.168.1.4)

I am blocking some zones using an adblock blacklist.

When I disable that blacklist, the domain resolves fine.

It still isn't obvious which blocked domain is causing the problem, probably one of the dozens of *.edgekey.net entries in the list. I can sort this out later.

The one good thing is that it alerted me to the fact that I needed to disable IPV6.

Related

Angular 10 Upgrade - Fix CommonJS or AMD dependencies can cause optimization bailouts
Athena query results cleanup
Troubleshooting Windows container in Azure app service
How to change the extension of each file in a list with multiple extensions in GNU make?
Possible to have AWS take a snapshot of a spot instance just prior to it's unplanned termination?
Is there a way to write a Bash function which aborts the whole execution, no matter how it is called?
Is it actually possible to send some data to remote destination over tcp/ip without any socket? [closed]
DSC Syntax for Binary Registry Key
How to use @Transactional with Spring Data?
Change event on select with knockout binding, how can I know if it is a real change?
How do I compile a .c file on my Mac?
force css grid container to fill full screen of device