Hi,
I’ve been seeing some unusual results regarding DNS resolution for education.ky.gov from what looks like a single Cloudflare datacenter. I first noticed some mail delivery issues from one of our locations for users in that domain. I started by checking MX records and saw this from dig @1.1.1.1 mx education.ky.gov
; <<>> DiG 9.16.27-RH <<>> @1.1.1.1 mx education.ky.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45434
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 9 (DNSKEY Missing): (no SEP matching the DS found for ky.gov.)
; EDE: 22 (No Reachable Authority): (at delegation ky.gov.)
;; QUESTION SECTION:
;education.ky.gov. IN MX
;; Query time: 3976 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Apr 29 09:57:02 CDT 2022
;; MSG SIZE rcvd: 118
Executing the same command from another physical location on the other side of the US, I see this:
; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @1.1.1.1 mx education.ky.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40040
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;education.ky.gov. IN MX
;; ANSWER SECTION:
education.ky.gov. 3600 IN MX 5 education-ky-gov.mail.eo.outlook.com.
;; Query time: 144 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Apr 29 11:01:00 EDT 2022
;; MSG SIZE rcvd: 97
Can you lend assistance?