Randomly get DNSSEC validation failure

32 views

Skip to first unread message

in...@procrastination.com

unread,

Oct 15, 2019, 9:05:40 AM10/15/19

to public-dns-discuss

We experienced random temporary (usually few seconds to few minutes long) errors in resolving some of our domains using Google DNS.

All our domains have nameservers from gransy.com (ns.gransy.com, ns1.gransy.com, ...).

All other DNS providers works as expected.

This is example or error result:

{
  "Status": 2,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": false,
  "CD": false,
  "Question": [
    {
      "name": "leadership-brno.cz.",
      "type": 1
    }
  ],
  "Comment": "DNSSEC validation failure. Check http://dnsviz.net/d/leadership-brno.cz/dnssec/ and http://dnssec-debugger.verisignlabs.com/leadership-brno.cz for errors"
}

We got this erro for some time and then everythings works as expected fro some time and then error shows again.

But result of both DNSviz and verisignlabs debugger shows no errors.

We investigated thsi isssu with our nameservers provider and they did not find any issu on their side except that on of their backup nameservers (ns5.gransy.com) sometimes takes long to response (few seconds) but this should not result in DNSSEC fai

Reply all

Reply to author

Forward

0 new messages