Google Public DNS not resolving domain astrasound.eu

[misti...@gmail.com]

The output of the commands you ran in the diagnostic tests: See below

nslookup -debug astrasound.eu 8.8.8.8

Server: 8.8.8.8

Address: 8.8.8.8#53

------------

    QUESTIONS:

astrasound.eu, type = A, class = IN

    ANSWERS:

    AUTHORITY RECORDS:

    ADDITIONAL RECORDS:

------------

** server can't find astrasound.eu: SERVFAIL


nslookup -debug astrasound.eu 4.2.2.1

Server: 4.2.2.1

Address: 4.2.2.1#53

------------

    QUESTIONS:

astrasound.eu, type = A, class = IN

    ANSWERS:

    ->  astrasound.eu

internet address = 128.199.43.5

ttl = 3600

    AUTHORITY RECORDS:

    ADDITIONAL RECORDS:

------------

Non-authoritative answer:

Name: astrasound.eu

Address: 128.199.43.5


 nslookup -debug astrasound.eu 208.67.222.222

Server: 208.67.222.222

Address: 208.67.222.222#53

------------

    QUESTIONS:

astrasound.eu, type = A, class = IN

    ANSWERS:

    ->  astrasound.eu

internet address = 128.199.43.5

ttl = 3600

    AUTHORITY RECORDS:

    ADDITIONAL RECORDS:

------------

Non-authoritative answer:

Name: astrasound.eu

Address: 128.199.43.5

[misti...@gmail.com]

https://dns.google/resolve?name=astrasound.eu&type=A

{"Status": 2,"TC": false,"RD": true,"RA": true,"AD": false,"CD": false,"Question":[ {"name": "astrasound.eu.","type": 1}],"Comment": "DNSSEC validation failure. Check http://dnsviz.net/d/astrasound.eu/dnssec/ and http://dnssec-debugger.verisignlabs.com/astrasound.eu for errors"}

[Alex Dupuy]

The 'astrasound.eu' zone has a DNSSEC misconfiguration.

The parent zone 'eu' has a DS record for 'astrasound'

but the 'astrasound.eu' zone has no DNSKEY record.

To fix this, remove the DS record for 'astrasound.eu'

in the 'eu' zone. https://www.godaddy.com/help/delete-a-ds-record-23867

'astrasound.eu' is in 'astrasound.eu' zone under .EU

'astrasound.eu' is failing DNSSEC validation, and has

3 nameservers in 'digitalocean.com' (all are failing validation)

'astrasound.eu' is registered through 'GoDaddy.com, LLC'

[misti...@gmail.com]

среда, 21 августа 2019 г., 20:15:15 UTC+3 пользователь Alex Dupuy написал:

[Alex Dupuy]

Seems like the .EU TLD name servers finally picked up the GoDaddy change and are no longer returning a DS record for your domain.

https://dns.google/query?name=astrasound.eu shows a successful response.

[misti...@gmail.com]

Yes, thanks - but I add DNSEC records - after that 8.8.8.8 resolved

четверг, 22 августа 2019 г., 22:10:04 UTC+3 пользователь Alex Dupuy написал:

[Alex Dupuy]

Yes, thanks - but I add DNSEC records - after that 8.8.8.8 resolved

That must have triggered an update from GoDaddy. If you have DNSSEC enabled (and plan to continue paying for GoDaddy Premium, which is required for DNSSEC signing) you might as well re-publish the DS record. This is normally automatic if you enable DNSSEC on a GoDaddy hosted DNS zone. If it isn't automatically added in a day or so, you should disable, then re-enable DNSSEC to get a published DS record for your DNSKEY KSK (flags=257).

Or you could add them yourself right now:

astrasound.eu.	3590	IN	DS	9919 8 2 3ADF9ACFD2B096EE9ADAFB447FC6E0EB643EDCA17DEB76E861BBDB1F3A653DB0
astrasound.eu.	3590	IN	DS	27436 8 2 04A217075F95B62FA3C05BB4F3AB717D09365DE7B4FC14C8C23423F114C74ED5

(generated from your current DNSKEYs with https://filippo.io/dnskey-to-ds/)

but this might mess up the automatic updates.