I have a dnssec enabled domain that passes all the verisign and related
dnssec tests (all green, no errors) and dns sources like AT&T and
Verizon. But it fails at some popular dns servers like google and
cloudflair. I'd appreciate what anyone can make of that, there are no
obvious debugging directions when verisgn says 'all good'. If I turn
on the 'cdflag' most all of
https://dnschecker.org/#A/quietfountain.com
works. Turn it off, and some report problems. Some clues most welcome!
Harry Coin
Here's Quad9, for example:
[root@registry1 ~]# dig @9.9.9.9 quietfountain.com
; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @9.9.9.9
quietfountain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45758
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;quietfountain.com. IN A
;; ANSWER SECTION:
quietfountain.com. 43200 IN A 147.135.121.120
quietfountain.com. 43200 IN A 51.81.131.192
;; Query time: 1463 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Tue Jul 26 17:53:39 CDT 2022
;; MSG SIZE rcvd: 78
But, here's cloudflair and google:
[root@registry1 ~]# dig @1.1.1.1 quietfountain.com
; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @1.1.1.1
quietfountain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64113
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 9 (DNSKEY Missing): (no SEP matching the DS found for
quietfountain.com.)
;; QUESTION SECTION:
;quietfountain.com. IN A
;; Query time: 2197 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Jul 26 17:51:22 CDT 2022
;; MSG SIZE rcvd: 103
[root@registry1 ~]# dig @8.8.8.8 quietfountain.com
; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @8.8.8.8
quietfountain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61907
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;quietfountain.com. IN A
;; Query time: 2303 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jul 26 17:51:35 CDT 2022
;; MSG SIZE rcvd: 46