dns not resolving for site (other dns then google's do resolve)

3,188 views
Skip to first unread message

idang...@gmail.com

unread,
Jul 24, 2017, 12:36:53 PM7/24/17
to public-dns-discuss
Hi,

The domain simplisico.com is not resolving on google's dns for a few days now.
The domain is registered on godaddy and the site is hosted on AWS.

which said "DNSSEC validation failure", and then we ran http://dnsviz.net/d/simplisico.com/dnssec/
and received the following output, but can't seem to figure out what the errors mean and how to solve them.

We have never seen such a thing. 
Any help would be appreciated.

Here are the errors from dnsviz.net (the image from there is attached also):
  • com to simplisico.com: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, UDP_0_EDNS0_32768_4096, UDP_0_EDNS0_32768_512)
  • com to simplisico.com: The DS RRset for the zone included algorithm 8 (RSASHA256), but no DS RR matched a DNSKEY with algorithm 8 that signs the zone's DNSKEY RRset. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, UDP_0_EDNS0_32768_4096, UDP_0_EDNS0_32768_512)
  • simplisico.com/A: No RRSIG covering the RRset was returned in the response. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, UDP_0_EDNS0_32768_4096)
  • simplisico.com/MX: No RRSIG covering the RRset was returned in the response. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, UDP_0_EDNS0_32768_4096, UDP_0_EDNS0_32768_512)
  • simplisico.com/NS: No RRSIG covering the RRset was returned in the response. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, UDP_0_EDNS0_32768_4096)
  • simplisico.com/SOA: No RRSIG covering the RRset was returned in the response. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, TCP_0_EDNS0_32768_4096, UDP_0_EDNS0_32768_4096)
  • simplisico.com/TXT: No RRSIG covering the RRset was returned in the response. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, UDP_0_EDNS0_32768_4096)
Thank you,
Idan
simplisico.com-2017-07-24-11-54-16-UTC.png

wess...@gmail.com

unread,
Sep 14, 2017, 11:21:08 AM9/14/17
to public-dns-discuss
Hi Idan,

We are having the same errors for our domain--have you found a solution yet?

Thank you!

Alex Dupuy

unread,
Sep 14, 2017, 11:25:52 AM9/14/17
to public-dns-discuss
Generally, the solution for these kinds of errors is to remove the DS record for your domain from the TLD registry; how you do that will depend on your registrar.

If you have switched DNS operators from a registrar like GoDaddy that does DNSSEC to another operator like CloudFlare that does DNSSEC, you would want to update (add) a DS record for the new DNSKEYs in your domain rather than just removing the old one.

f.khad...@gmail.com

unread,
Oct 9, 2017, 2:10:16 PM10/9/17
to public-dns-discuss
Dear Alex,
I am having the same errors for our company domain.

i changed the registrar from TUCOWS to OnlineNIC and remove all dnssec configuration and records. but it does not work properly. 
this is the error "Delegation status
Bogus (1)
"
Thank you to reply any kindly information.

Diego Reina

unread,
Jun 1, 2021, 8:54:13 AM6/1/21
to public-dns-discuss
We have the same problem whth acgviajesyturismo.com

Can get it to work in all ISP

nurettin alp

unread,
Sep 6, 2023, 10:57:52 AM9/6/23
to public-dns-discuss
i have got same problem domain nurettinalp.com. how can i resolve ?

1 Haziran 2021 Salı tarihinde saat 15:54:13 UTC+3 itibarıyla Diego Reina şunları yazdı:
Reply all
Reply to author
Forward
0 new messages