dns not resolving for site (other dns then google's do resolve)

[idang...@gmail.com]

Hi,

The domain simplisico.com is not resolving on google's dns for a few days now.

The domain is registered on godaddy and the site is hosted on AWS.

We ran https://dns.google.com/query?name=simplisico.com&type=A&dnssec=true

which said "DNSSEC validation failure", and then we ran http://dnsviz.net/d/simplisico.com/dnssec/

and received the following output, but can't seem to figure out what the errors mean and how to solve them.

We have never seen such a thing. 

Any help would be appreciated.

Here are the errors from dnsviz.net (the image from there is attached also):

• com to simplisico.com: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, UDP_0_EDNS0_32768_4096, UDP_0_EDNS0_32768_512)
• com to simplisico.com: The DS RRset for the zone included algorithm 8 (RSASHA256), but no DS RR matched a DNSKEY with algorithm 8 that signs the zone's DNSKEY RRset. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, UDP_0_EDNS0_32768_4096, UDP_0_EDNS0_32768_512)
• simplisico.com/A: No RRSIG covering the RRset was returned in the response. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, UDP_0_EDNS0_32768_4096)
• simplisico.com/MX: No RRSIG covering the RRset was returned in the response. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, UDP_0_EDNS0_32768_4096, UDP_0_EDNS0_32768_512)
• simplisico.com/NS: No RRSIG covering the RRset was returned in the response. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, UDP_0_EDNS0_32768_4096)
• simplisico.com/SOA: No RRSIG covering the RRset was returned in the response. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, TCP_0_EDNS0_32768_4096, UDP_0_EDNS0_32768_4096)
• simplisico.com/TXT: No RRSIG covering the RRset was returned in the response. (205.251.193.189, 205.251.195.87, 205.251.197.61, 205.251.198.10, 2600:9000:5301:bd00::1, 2600:9000:5303:5700::1, 2600:9000:5305:3d00::1, 2600:9000:5306:a00::1, UDP_0_EDNS0_32768_4096)

Thank you,

Idan

[wess...@gmail.com]

Hi Idan,

We are having the same errors for our domain--have you found a solution yet?

Thank you!

[Alex Dupuy]

Generally, the solution for these kinds of errors is to remove the DS record for your domain from the TLD registry; how you do that will depend on your registrar.

If you have switched DNS operators from a registrar like GoDaddy that does DNSSEC to another operator like CloudFlare that does DNSSEC, you would want to update (add) a DS record for the new DNSKEYs in your domain rather than just removing the old one.

[f.khad...@gmail.com]

Dear Alex,

I am having the same errors for our company domain.

i changed the registrar from TUCOWS to OnlineNIC and remove all dnssec configuration and records. but it does not work properly. 

this is the error "Delegation status

Bogus (1)

• com to mapnamd1.com

"

Thank you to reply any kindly information.

[Diego Reina]

We have the same problem whth acgviajesyturismo.com

Can get it to work in all ISP

[nurettin alp]

i have got same problem domain nurettinalp.com. how can i resolve ?

1 Haziran 2021 Salı tarihinde saat 15:54:13 UTC+3 itibarıyla Diego Reina şunları yazdı: