DNS issue with .zip domains

I have three .zip domains on Cloudflare, but I’m encountering issues with my DNS records.

When I query 1.1.1.1 and 8.8.8.8, I receive a SERVFAIL error, yet, interestingly, querying 4.2.2.4 returns the expected results.

After enabling DNSSEC for one of the domains, the problem was resolved.

Why is it not working for the other two domains without DNSSEC?
Is using DNSSEC mandatory for .zip domains on Cloudflare?

It is not.

nslookup olarila.zip 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    olarila.zip
Addresses:  2606:4700:3035::ac43:d534
          2606:4700:3030::6815:1091
          172.67.213.52
          104.21.16.145

Which are the domains were it is not working?

I prefer not to disclose my domain names publicly. This is what I get for my domains.

$ nslookup domain1.zip 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

** server can't find domain1.zip: SERVFAIL
$ nslookup domain1.zip 4.2.2.4
Server:		4.2.2.4
Address:	4.2.2.4#53

Non-authoritative answer:
Name:	domain1.zip
Address: 104.21.36.54
Name:	domain1.zip
Address: 172.67.185.239
Name:	domain1.zip
Address: 2606:4700:3037::6815:2436
Name:	domain1.zip
Address: 2606:4700:3031::ac43:b9ef

Without the domains it is impossible to say anything.

You can post them briefly and edit your posting afterwards.

All right, you can edit your posting again.

Both domains were signed with DNSSEC in the first place. You only added the Cloudflare signature to your first domain, which is why it now resolves. The other domain is still signed with an unknown signature.

You need to fix the DNSSEC setup of your second domain.

1 Like

Thank you, that’s clear now!
I transferred both domain names from Google Domains to Namecheap. It might be that Google Domains had DNSSEC enabled by default, but it appears to be disabled now in Namecheap.
I’m going to contact Namecheap support. Thanks!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.