[dns-operations] Google DNS + domain = not resolvable, other DNS + domain = resolvable

Viktor Dukhovni ietf-dane at dukhovni.org
Fri Jan 26 17:42:59 UTC 2018


> On Jan 26, 2018, at 12:12 PM, Zack Piper <zack at apertron.com> wrote:
> 
> Apologies if this ML is the wrong place to post this, I'm hoping someone
> in here has seen this behavior. I've spotted something odd (to me at
> least) that a client has picked up on.
> 
> We're trying to resolve the domain mazuma.co.th, resolving the domain (A
> records) on any of the following nameservers result in a SERVFAIL:

The domain has a broken DNSSEC implementation:

  http://dnsviz.net/d/mazuma.co.th/dnssec/

Google is far from the only nameserver operator that will SERVFAIL
for this domain.  The registrant needs to either have working DNSSEC,
or must arrange to delete the DS records in the parent zone.

-- 
	Viktor.




More information about the dns-operations mailing list