Missing domain bugfender.com


#1

Domain bugfender.com seems to be not working on Cloudflare’s nor Google’s DNS servers, but however works with its SOA server. I suspect has something to do with DNSSEC because dns.google.com throws an error. However according to these diagnostics tools it seems all right:

Tests I did with dig:

$ dig bugfender.com @1.1.1.1

; <<>> DiG 9.10.6 <<>> bugfender.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42836
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bugfender.com.			IN	A

;; Query time: 170 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Jun 14 00:11:31 EEST 2018
;; MSG SIZE  rcvd: 31

$ dig bugfender.com @1.0.0.1

; <<>> DiG 9.10.6 <<>> bugfender.com @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3187
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bugfender.com.			IN	A

;; Query time: 453 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Thu Jun 14 00:02:41 EEST 2018
;; MSG SIZE  rcvd: 31

$ dig +short CHAOS TXT id.server @1.1.1.1
"ath01"

$ dig +short CHAOS TXT id.server @1.0.0.1
"ath01"

$ dig bugfender.com @dns200.anycast.me.

; <<>> DiG 9.10.6 <<>> bugfender.com @dns200.anycast.me.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31680
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bugfender.com.			IN	A

;; ANSWER SECTION:
bugfender.com.		3600	IN	A	188.166.78.246

;; Query time: 233 msec
;; SERVER: 46.105.206.200#53(46.105.206.200)
;; WHEN: Thu Jun 14 00:10:04 EEST 2018
;; MSG SIZE  rcvd: 58

Do you know what’s going on or could you please help on what to try next? Thanks!


#2

Here are more links, Disqus didn’t let me post them in the first post:


#3

@jordi looks like bugfender.com had a localized distribution problem with their DNS provider (seems like mostly EMEA was affected), and some signatures in some locations have expired. I’ve disabled DNSSEC for the zone yesterday, and will turn it back on once the problem is fixed. See https://status.bugfender.com/


#4

Thanks for your assistance everyone. Our DNS service provider found out the SOA was badly cached and this prevented the correct propagation. Just posting here also the why, in case anyone else finds a similar problem.


#5

Thanks! I’ve reenabled validation for this zone.