[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Re: DNSSEC error thrown by and servers, works fine with others

Thanks for your assistance everyone. Our DNS service provider found out the SOA was badly cached and this prevented the correct propagation. Just posting here also the why, in case anyone else finds a similar problem.

On Thursday, June 14, 2018 at 9:49:46 PM UTC+3, Alex Dupuy wrote:
There seem to have been some issues retrieving DNSSEC-signed records from .COM name servers using IPv6: http://dnsviz.net/d/bugfender.com/WyH_dw/dnssec/. The lack of UDP responses is likely due to IPv6 fragmentation for responses with DNS message size more than 1252 and less than default EDNS bufsize 4096. This could have led to failed DS key lookups for this signed domain when IPv6 was used.

A more recent DNSViz check (http://dnsviz.net/d/bugfender.com/WyK1qg/dnssec/) isn't showing this problem any more, so it is likely to go away as the DS record for your domain is successfully retrieved.

You received this message because you are subscribed to the Google
Groups "public-dns-discuss" group.
To post to this group, send email to public-dns-discuss AT googlegroups.com
To unsubscribe from this group, send email to
public-dns-discuss+unsubscribe AT googlegroups.com
For more options, visit this group at
For more information on Google Public DNS, please visit
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
For more options, visit https://groups.google.com/d/optout.