$ dig bittium.com @220.127.116.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 14265
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bittium.com. IN A
;; Query time: 4037 msec
;; SERVER: 18.104.22.168#53(22.214.171.124)
;; WHEN: Mon Aug 5 14:53:13 2019
;; MSG SIZE rcvd: 29
The domain is misconfigured. The response for
dig +dnssec bittium.com dnskey is about 1.7 KB, but the authoritative nameservers don’t respond to queries over TCP.
Resolvers that allow such large responses over UDP (Google, Unbound by default) will be able to resolve it; resolvers that require TCP (Cloudflare, PowerDNS by default) will not.
There could also be other problems.