Google public DNS fails to resolve our domain, other DNS servers are fine

68 views
Skip to first unread message

Mario

unread,
Nov 24, 2018, 11:10:40 AM11/24/18
to public-dns-discuss
Unable to resolve any A entry for reveroffshore.com domain with google DNS, for example vpn.reveroffshore.com


C:\Users\>nslookup -debug vpn.reveroffshore.com 8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0
    QUESTIONS:
        8.8.8.8.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  8.8.8.8.in-addr.arpa
        name = google-public-dns-a.google.com
        ttl = 21599 (5 hours 59 mins 59 secs)
------------
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = SERVFAIL
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0
    QUESTIONS:
        vpn.reveroffshore.com.reveroffshore.com, type = A, class = IN
------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = SERVFAIL
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0
    QUESTIONS:
        vpn.reveroffshore.com.reveroffshore.com, type = AAAA, class = IN
------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = SERVFAIL
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0
    QUESTIONS:
        vpn.reveroffshore.com, type = A, class = IN
------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = SERVFAIL
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0
    QUESTIONS:
        vpn.reveroffshore.com, type = AAAA, class = IN
------------
*** google-public-dns-a.google.com can't find vpn.reveroffshore.com: Server failed
C:\Users\>nslookup vpn.reveroffshore.com 4.2.2.1
Server:  a.resolvers.level3.net
Address:  4.2.2.1
Non-authoritative answer:
Name:    vpn.reveroffshore.com
Address:  5.2.126.50

C:\Users\>nslookup vpn.reveroffshore.com 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
C:\Users\>nslookup vpn.reveroffshore.com 8.8.4.4
Server:  google-public-dns-b.google.com
Address:  8.8.4.4

Alex Dupuy

unread,
Nov 25, 2018, 8:05:43 PM11/25/18
to public-dns-discuss
The 'reveroffshore.com' zone has a DNSSEC misconfiguration.
The parent zone 'com' has a DS record for 'reveroffshore'
but the 'reveroffshore.com' zone has no DNSKEY record.

If you have (or would pay for) GoDaddy Premium DNS, enable DNSSEC for 
the 'reveroffshore.com' domain, which updates the DS record at the .COM registry. 
See https://www.godaddy.com/help/enabling-dnssec-in-your-premium-dns-account-6420 
for instructions on enabling DNSSEC for a GoDaddy Premium DNS domain. 

If you don't want GoDaddy Premium DNS, you need to remove the DS key 
for 'reveroffshore.com' from the .COM registry. 
See https://www.godaddy.com/help/managing-dnssec-for-your-domain-name-6115#edit 
and click on "Editing or Deleting DS Records" and follow the instructions to 
remove the DS record for your domain. 

'vpn.reveroffshore.com' is in 'reveroffshore.com' zone under .COM
'reveroffshore.com' is failing DNSSEC validation, and has
2 nameservers in 'domaincontrol.com' (all are failing validation)

Mario

unread,
Nov 26, 2018, 9:47:25 AM11/26/18
to public-dns-discuss
That worked fine, thank you
Reply all
Reply to author
Forward
0 new messages