Do tcpdump host $server instead. Otherwise you will only see the request (the response goes to a different port).
truthfultemporarily
joined 2 days ago
Just to be sure you do dig A @server $domain (with the "A") and can confirm the following
SERVER is your server
;; ANSWER SECTION is empty (or doesn't exist)
;; AUTHORITY SECTION mentions your local DNS server
Also check
dig NS @server $domain
Is your server in the answer section?
Here is how I would diagnose (I'm assuming you have Linux / WSL on a client)
- Check the DNS record is actually set (yes do it again)
- Do these steps on the client:
dig $domaincheck which server answereddig a $domainshould give a recorddig a $domain @serverto make sure you're querying the right server
If none work, probably network issue (DNS boind to wrong IP, firewall, etc)
If 3 and 5 work but 4 doesn't, your DNS isn't authorative.
If only 5 works DNS settings on the client is wrong.
Thank you, I deleted my post so as to not share false info.
Seems weird to me, the router would need to do deep packet inspection of DNS and selectively block specific ones. It feels more like you've set up your DNS to do forwarding instead of resolution. Can you post a network diagram and the DNS config?