; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @184.108.40.206 A canarabank.com +nsid ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16304 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;canarabank.com. IN A ;; Query time: 1280 msec ;; SERVER: 220.127.116.11#53(18.104.22.168) (UDP) ;; WHEN: Sat Feb 25 21:17:07 IST 2023 ;; MSG SIZE rcvd: 43
Adding to that, my ISP Airtel resolving the site well.
dig canarabank.com @192.168.98.96 ; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> canarabank.com @192.168.98.96 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19152 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ;; QUESTION SECTION: ;canarabank.com. IN A ;; ANSWER SECTION: canarabank.com. 146 IN A 22.214.171.124 ;; Query time: 80 msec ;; SERVER: 192.168.98.96#53(192.168.98.96) (UDP) ;; WHEN: Sat Feb 25 21:29:05 IST 2023 ;; MSG SIZE rcvd: 59
canarabank.com seems to have a quite broken name server and DNSSEC set up right now.
They are currently pointing their domain’s name servers at various servers operated by Akamai, Google, and
The parent (e.g. .com registry) lists a DS key with algorithm 13 (ECDSA P-256), but Google responds with DNSSEC for algorithm 8 (RSASHA256).
sify.net servers does not respond with DNSSEC signed records at all.
As such, when you are unlucky that the queries that go through 126.96.36.199 is is reaching (and being responded to by) either Google or
sify.net, the DNSSEC verification is failing.
If you have any other way to reach them, I suggest you contact them and tell administrators/technicians behind
canarabank.com that their DNSSEC (and name server) set up is broken, as that might speed up the process a little bit.
Re. “a little bit”: Changing such stuff like this (name servers, DNSSEC) can easily take up to 48-96 hours to propagate to a state where it is working again everywhere on the Internet, from the time when it is fixed properly.
I reported to them!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.