Den 06-04-2021 kl. 21:47 skrev Seth Mattinen:
What kind of local problem or network problems could cause a servfail response from the authoritative ns?
I'm beginning to think this is a DNSSEC related problem, I'll ask on the pdns-users list. I see it's asking for a DS record on login.authorize.net.cdn.cloudflare.net when the nearest one appears to be at cloudflare.net, so for some reason that's not being applied all the way down.
I do somehow take that "local problem" part back again, which also wasn't intended exactly in the way that it was written: -> https://dnssec-analyzer.verisignlabs.com/login.authorize.net.cdn.cloudflare.... Is looking at login.authorize.net.cdn.cloudflare.net/DNSKEY, but failing due to the SERVFAIL. -> https://dnsviz.net/d/login.authorize.net.cdn.cloudflare.net/dnssec/ Seems to claim that it works just fine. Asking login.authorize.net.cdn.cloudflare.net/DNSKEY or login.authorize.net.cdn.cloudflare.net/DS returns SERVFAIL here too. But I don't think you should be querying /DNSKEY or /DS, except a the (current) delegation's root, e.g. as you say yourself, at "cloudflare.net" in this case. Or if "cdn.cloudflare.net" had been a sub-delegation, then at that point... -- Med venlig hilsen / Kind regards, Arne Jensen