Not resolving Internet domains / Returns RCODE 2 - Server Failure

In the Simple DNS Plus log, you will typically see it sending a number of requests to the root servers without getting any responses back and then eventually returning an RCODE 2 - Server Failure error:

If you do the lookup from the Simple DNS Plus DNS Look Up tool, the result looks like this:

And if you do the lookup from the command line NSLOOKUP tool, you will most likely get a time-out:

This situation is very often caused by firewalls - either a local software firewall on the same computer as Simple DNS Plus, or a hardware based firewall in front of it (anywhere upstream).
For information on configuring firewalls for use with Simple DNS Plus, please see the reference article below.

Even if you have opened the firewall ports etc., certain firewalls/routers with older firmware versions (including some Cisco PIX versions) will still block all "EDNS0" enabled DNS requests.
EDNS0 is a relatively new addition to the DNS protocol not understood by older software/firmware.

Simple DNS Plus v. 5.0 has EDNS0 enabled by default. Previous Simple DNS Plus versions did not have this feature.
So if you are experiencing this problem after upgrading to v. 5.0 from a previous version, there is a good chance that EDNS0 is the problem.

To test if EDNS0 is the problem, you can disable this in the Simple DNS Plus Options dialog / Miscellaneous section:

If Simple DNS Plus resolves Internet domain names after disabling this option, we highly recommend that you update the firmware on your router/firewall and then re-enable the EDNS0 option in Simple DNS Plus.
The older firewall/router firmware is probably also blocking inbound EDNS0 enabled DNS requests - potentially preventing visitors from getting to your web-site etc.

Related KB articles:

 Comments
Gravatar
9 Jan 2019 18:45 UTC
Chad
Having an issue setting up a local dns server to override our existing domains (we are testing our app with cloudflare, and don't want to repoint all of our dns to it to test)

When setting up a zone for the subdomain i want to affect, and apply the cname, I then use your builtin lookup tool, and it does the following:
Response received from 127.0.0.1:

Authoritative response (AA): Yes
Recursion available (RA): Yes
Truncated (TC): No

Header:
RCODE 3 - Non-Existent Domain

Answer section:
CNAME-record for admin.domain-staging.com:
Alias for: admin.domain-staging.com.cloudflare.net
TTL = 3 (3 seconds)

Authority section:
SOA-record for cloudflare.net:
Primary DNS server: ns1.cloudflare.net
Responsible person: dns@cloudflare.com
Serial number: 2029812331
Refresh interval: 10000
Retry interval: 2400
Expire interval: 604800
Default / minimum TTL: 3600
TTL = 3600 (1 hour)

Additional section:
EDNS0 options:
UDP payload size: 1280
DNSSEC OK (DO flag): No

I clearly see the RCODE 3, but I must admin I'm a bit lost as to why, or what? Can you perhaps provide a little assistance?
JH Software
31 Jan 2019 21:45 UTC
JH Software
It is saying that "admin.domain-staging.com.cloudflare.net" does not exist...
(Never published. Used for replies and to show your Gravatar icon. Never used for any other purpose.)
Connect