Issue with the following domain: login-select.zilverenkruis.nl
When EDE 22 is thrown, DNSSEC is ignored and an answer is given:
~> dig login-select.zilverenkruis.nl @1.1.1.1 +nsid
; <<>> DiG 9.16.22-Debian <<>> login-select.zilverenkruis.nl @1.1.1.1 +nsid
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43489
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; NSID: 32 30 6d 37 33 36 ("20m736")
; EDE: 6 (DNSSEC Bogus)
; EDE: 22 (No Reachable Authority)
;; QUESTION SECTION:
;login-select.zilverenkruis.nl. IN A
;; Query time: 11 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat Jan 01 14:08:05 CET 2022
;; MSG SIZE rcvd: 80
~> dig login-select.zilverenkruis.nl @1.1.1.1 +nsid
; <<>> DiG 9.16.22-Debian <<>> login-select.zilverenkruis.nl @1.1.1.1 +nsid
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16006
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; NSID: 32 30 6d 35 32 36 ("20m526")
; EDE: 3 (Stale Answer)
; EDE: 6 (DNSSEC Bogus)
; EDE: 22 (No Reachable Authority)
;; QUESTION SECTION:
;login-select.zilverenkruis.nl. IN A
;; ANSWER SECTION:
login-select.zilverenkruis.nl. 0 IN CNAME ie01.signicat.pro.
ie01.signicat.pro. 0 IN A 13.248.206.174
ie01.signicat.pro. 0 IN A 76.223.71.132
;; Query time: 207 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat Jan 01 14:08:05 CET 2022
;; MSG SIZE rcvd: 149
