Reporting problem with DNSKEY

I use Fortinet Fortiguard DNS and they are saying DNSKEY is failing. Cybersource is using cloudflare but I am not the owner of the domain
So I am reporting the problem here. I tried to email support but they said to use the community.

% nslookup

** server can't find SERVFAIL```

The only people who can initiate a fix would be the site owners.

Their site loads for me, and it does have a Contact page. And they’re on Twitter.

1 Like

Site loads if you use a DNS server without DNSKEY validation. Fortinet DNS server uses DNSKEY validation to prevent spoofing. DNSKEY is failing on cloudflare which hosts the DNS for cybersource

The site also loads if you use DNSSEC validating DNS servers, such as

Can you provide steps to reproduce the issue without using the FortiDNS (which does not respond to my queries)?

The step is simple as what i described using dig or nslookup it returns a servfail against fortiguard dns servers. Their servers are open so you should be able to connect to them. Not sure why you can’t. Here is Fortinet’s response:

The issue of "" is caused by the Cloudflare DNS server not being properly configured for DNSSSEC. More specifically, their authoritative servers are returning SERVFAIL for the below query, whereas it should be NOERROR without answers, aka NODATA.
$ dig DNSKEY

; <<>> DiG 9.16.1-Ubuntu <<>> DNSKEY
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 17562
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

; EDNS: version: 0, flags:; udp: 1232

;; Query time: 10 msec
;; WHEN: Thu Oct 28 16:18:30 PDT 2021
;; MSG SIZE rcvd: 67

Our Fortiguard DNS resolver enforces DNSSEC validation to add protection against DNS poisoning. You can also test the DNSSEC for any domain name with the tools listed by ICANN:

test result indicating the error:

Please let me know if you have any additional queries

This post was flagged by the community and is temporarily hidden.

This post was flagged by the community and is temporarily hidden.

looks like it is fixed now


Non-authoritative answer:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.