0

My site www.acurent.com is not resolving to its IP address 23.20.46.124 uniformly

Check on: https://www.whatsmydns.net/#A/acurent.com, it shows that its resolving for certain networks only. If you refresh the page after 5-10 mins, it will show you a different set of servers which resolve the domain and the previous ones dont.

Background: I got this domain from a reseller on Sedo and this problem is persisting from the time the domain was transferred to my account. It has been 3 weeks now.

I have tried using 4 different internet connections at home and it is opening only via one. Also tried using VPNs worldover and the behavior is non consistent.

Upon further investigation, it looks like the nameservers aren't being propagated effectively.

See here: https://www.whatsmydns.net/#NS/acurent.com

Following is the result from opendns cache check tool. If this does not resolve on OpenDNS, then there is definitely a problem somewhere:

https://snipboard.io/HJehKj.jpg

Also google's DNS tool gives me this error:

https://snipboard.io/znPbLX.jpg

I have setup servers and DNS for over more than 10 years but I'm at my wits end on this. I would really appreciate it if someone could help me get to the bottom of this problem.

Improve this question
1

2 Answers 2

Reset to default
2

It looks like this domain is in a broken state in terms of DNSSEC validation where ideally it should not resolve at all. (SERVFAIL status is the expected outcome for any validating resolver.)

If you look at for instance DNSViz output, you can see that the delegation has a DS record (specifies a DNSSEC key that is used for signing the zone) which refers to a key with tag 20198 but there does not appear to be any keys at all in the zone (so no key 20198 to be found), and there seems to be no signing going on.

You probably want to update (potentially remove?) the DS record for the zone to match your actual expectations for DNSSEC signing. This would be done through the registrar.

Improve this answer
1
  • Thanks a lot! I will get back to my registrar with this and see if they can resolve it.
    – Neil S
    Commented Oct 18, 2020 at 15:22
0

You have an issue with your DNSSEC config. Looks like you have DNSSEC enabled for your domain but your nameservers are missing their side of the config.

https://dns.google/query?name=www.acurent.com&rr_type=A&ecs=&show_dnssec=true

https://dnssec-analyzer.verisignlabs.com/acurent.com

Improve this answer
7
  • Thanks a lot! I will get back to my registrar with this and see if they can resolve it.
    – Neil S
    Commented Oct 18, 2020 at 15:22
  • It looks like I have an option to add DNS sec values. snipboard.io/QmuRjO.jpg what should I set this to ?
    – Neil S
    Commented Oct 18, 2020 at 15:23
  • I'm not entirely sure how to direct you as your domain and DNS are both hosted by Bigrock and I can't find any documentation from them on enabling DNSSEC within their platform.
    – Derek Held
    Commented Oct 18, 2020 at 15:38
  • @NeilS What options do they give you? We have no means of seeing their UI.
    – Håkan Lindqvist
    Commented Oct 18, 2020 at 17:24
  • @NeilS In terms of the DS side of things, it was easy enough to find manage.bigrock.in/kb/node/1909 but for the signing I don't know.
    – Håkan Lindqvist
    Commented Oct 18, 2020 at 17:42

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .