Hope some one will help me in resolving the issue. My Domain name is "prohosterz.com"
Google Public DNS is returning a SERVFAIL for my domain:
$ dig prohosterz.com @8.8.8.8
; > DiG 9.9.2 > prohosterz.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER
$ nslookup -debug prohosterz.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
------------
QUESTIONS:
prohosterz.com, type = A, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find prohosterz.com: SERVFAIL
Server: 8.8.8.8
Address: 8.8.8.8#53
------------
QUESTIONS:
prohosterz.com, type = A, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find prohosterz.com: SERVFAIL
I don't have any issues resolving my domain against OpenDNS:
$ dig prohosterz.com @resolver1.opendns.com ; > DiG 9.9.2-P1 > prohosterz.com @resolver1.opendns.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER
I don't know why google servers do not resolve my name, if anyone have any explanation please let me know.
Best Answer
It looks like your DNSSEC configuration is broken.
The delegating nameservers (for
com.
) are serving aDS
record for your domain, but your own nameservers do not supplyDNSKEY
norRRSIG
records.Did you forget to sign the zone?
The reason it works with some recursors is that those recursors are not DNSSEC-enabled and thus don't catch the problem.