If our universities internal (Windows) DNS Server are querying with dnssec for cdn.jsdelivr.net they get an answer only once from the cloudflare server:
After 300seconds the entry is deleted and a new query results in a Serverfail
The answer the DNS server gets from cloudflare is: “Recursion denied”
I tested to use our external forwarders (they can resolve without recursion denied) - no change, it only
works reliably if i turn of dnssec and use the external forwarders …
Any ideas why we get a “Recursion denied” … maybe some kind of rate limits?