The domain’s DNS records are wrong. Resolvers that use QNAME minimisation, like 1.1.1.1, or that receive queries for ayton.unitt-route53.com
will behave that way.
The unitt-route53.com
zone contains a delegation for ayton.unitt-route53.com
and a delegation for aysist.ayton.unitt-route53.com
.
$ dig +norecurse @ns-758.awsdns-30.net ayton.unitt-route53.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> +norecurse @ns-758.awsdns-30.net ayton.unitt-route53.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26487
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ayton.unitt-route53.com. IN A
;; AUTHORITY SECTION:
ayton.unitt-route53.com. 300 IN NS ns-1199.awsdns-21.org.
ayton.unitt-route53.com. 300 IN NS ns-1557.awsdns-02.co.uk.
ayton.unitt-route53.com. 300 IN NS ns-363.awsdns-45.com.
ayton.unitt-route53.com. 300 IN NS ns-962.awsdns-56.net.
;; Query time: 0 msec
;; SERVER: 205.251.194.246#53(205.251.194.246)
;; WHEN: Wed Jun 06 22:16:30 UTC 2018
;; MSG SIZE rcvd: 189
$ dig +norecurse @ns-1066.awsdns-05.org aysist.ayton.unitt-route53.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> +norecurse @ns-1066.awsdns-05.org aysist.ayton.unitt-route53.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53142
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;aysist.ayton.unitt-route53.com. IN A
;; AUTHORITY SECTION:
aysist.ayton.unitt-route53.com. 60 IN NS ns-1032.awsdns-01.org.
aysist.ayton.unitt-route53.com. 60 IN NS ns-1709.awsdns-21.co.uk.
aysist.ayton.unitt-route53.com. 60 IN NS ns-440.awsdns-55.com.
aysist.ayton.unitt-route53.com. 60 IN NS ns-787.awsdns-34.net.
;; Query time: 18 msec
;; SERVER: 205.251.196.42#53(205.251.196.42)
;; WHEN: Wed Jun 06 22:16:52 UTC 2018
;; MSG SIZE rcvd: 196
Route 53 shouldn’t let you do that: Logically, only one of the two can exist, but it allows both of them to sort of exist.
Now, the ayton.unitt-route53.com
zone doesn’t contain a delegation to aysist.ayton.unitt-route53.com
:
$ dig +norecurse @ns-363.awsdns-45.com aysist.ayton.unitt-route53.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> +norecurse @ns-363.awsdns-45.com aysist.ayton.unitt-route53.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13716
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;aysist.ayton.unitt-route53.com. IN A
;; AUTHORITY SECTION:
ayton.unitt-route53.com. 900 IN SOA ns-1199.awsdns-21.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
;; Query time: 0 msec
;; SERVER: 205.251.193.107#53(205.251.193.107)
;; WHEN: Wed Jun 06 22:17:30 UTC 2018
;; MSG SIZE rcvd: 141
Therefore resolvers may conclude that aysist.ayton.unitt-route53.com
does not exist.
You need to add the NS
records for aysist.ayton.unitt-route53.com
to the ayton.unitt-route53.com
zone and then remove them from the unitt-route53.com
zone.