DNSSEC validation failure

[ggcs....@gmail.com]

Hello!

Help please

domain: gem-x.ru

domain name registrar: reg.ru 

host (VDS) firstvds.ru

When using Google's public DNS, the site does not open gem-x.ru

[Alex Dupuy]

http://dnsviz.net/d/gem-x.ru/dnssec/ shows that your DS and DNSKEYs match. The problem seems to be that there are notRRSIG records being returned for queries to your domain, presumably because your DNS provider does not support DNSSEC properly (or at all).

You need either to remove the DS records (you can also remove the DNSKEYs as they serve no purpose in that case) for your domain, or find a DNS provider who supports DNSSEC.

$ dig +dnssec +nocrypto DNSKEY gem-x.ru @ns1.firstvds.ru

; <<>> DiG 9.12.0 <<>> +dnssec +nocrypto DNSKEY gem-x.ru @ns1.firstvds.ru

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49722

;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags: do; udp: 2800

;; QUESTION SECTION:

;gem-x.ru. IN DNSKEY

;; ANSWER SECTION:

gem-x.ru. 3600 IN DNSKEY 256 3 8 [key id = 55443]

gem-x.ru. 3600 IN DNSKEY 257 3 8 [key id = 39310]

gem-x.ru. 3600 IN DNSKEY 257 3 8 [key id = 62059]

;; Query time: 129 msec

;; SERVER: 82.146.43.2#53(82.146.43.2)

;; WHEN: Mon Jan 21 17:12:55 EST 2019

;; MSG SIZE  rcvd: 737