DNS lookup fails with 1.1.1.1 but suceeds with 8.8.8.8

Hello,

I use freedns.afraid.org to manage a couple of subdomains with dynamic dns. One of these domains hosted with their free tier is multivac.hpc.tw. Starting on April 16 circa 11:40pm CST dns loookups using 1.1.1.1 started failing (I have a cron that runs every 10 minutes that happens to rely on this which started failing at that time as well). If I use 8.8.8.8 to resolve, it works fine.

$ dig multivac.hpc.tw @1.1.1.1

; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> multivac.hpc.tw @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11892
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;multivac.hpc.tw. IN A

;; Query time: 241 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Apr 19 23:09:51 CDT 2020
;; MSG SIZE rcvd: 44

$ dig multivac.hpc.tw @8.8.8.8

; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> multivac.hpc.tw @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38347
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;multivac.hpc.tw. IN A

;; ANSWER SECTION:
multivac.hpc.tw. 3599 IN A 98.227.106.177

;; Query time: 70 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Apr 19 23:09:56 CDT 2020
;; MSG SIZE rcvd: 60

$ dig +short CHAOS TXT id.server @1.1.1.1
“ORD”

dnsviz results here: https://dnsviz.net/d/multivac.hpc.tw/dnssec/

Seems like lots of errors, but I don’t know what they mean. Any idea what could have broken circa April 16? And why google’s dns seems to be handling it?

Thanks!

The DNSSEC configuration of the hpc.tw domain appears to be broken. The owners needs to fix that.