$ dig bittium.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 14265
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bittium.com. IN A
;; Query time: 4037 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Aug 5 14:53:13 2019
;; MSG SIZE rcvd: 29
The domain is misconfigured. The response for dig +dnssec bittium.com dnskey is about 1.7 KB, but the authoritative nameservers don’t respond to queries over TCP.
http://dnsviz.net/d/bittium.com/dnssec/
https://ednscomp.isc.org/ednscomp/00a8a5d9e6
Resolvers that allow such large responses over UDP (Google, Unbound by default) will be able to resolve it; resolvers that require TCP (Cloudflare, PowerDNS by default) will not.
There could also be other problems.