There’s something not quite right in your DNSSEC. Both 1.1.1.1 and 8.8.8.8 are picking it up, 1.1.1.1 as a result does not answer, but 8.8.8.8 still does.
It only shows as a warning on the checkers… https://dnssec-debugger.verisignlabs.com/roterobben.de https://dnsviz.net/d/roterobben.de/dnssec/
Hi, I don’t know why 8.8.8.8 returns an authenticated (with AD bit) result in this case, but from what I can tell, DNSVIZ also reports the same error after updated the report (it was serving a report created in April): roterobben.de | DNSViz
Thank you very much for your input, this helped a lot.
After after consultation with customer service, this is in fact a bug on Netcup’s side (context[German])
TLDR: They are working on it and the reworked DNS-System should go live in q4 2024. Until then as a Netcup-customer you can try to deactivate DNSSEC wait 10 minutes and activate it again. Which will give you around 2 months without issues, it seems.