<div dir="ltr"><div dir="ltr">Actually, querying the same problem record, from one of those public DNS servers, from the same docker container on the same machine, works fine:<div><br></div><div><div>[root@84d867895136 /]# dig txt <a href="http://mit.edu">mit.edu</a> @<a href="http://1.1.1.1">1.1.1.1</a></div><div><br></div><div>; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> txt <a href="http://mit.edu">mit.edu</a> @<a href="http://1.1.1.1">1.1.1.1</a></div><div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55611</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1</div><div><br></div><div>;; OPT PSEUDOSECTION:</div><div>; EDNS: version: 0, flags:; udp: 1452</div><div>;; QUESTION SECTION:</div><div>;<a href="http://mit.edu">mit.edu</a>. IN TXT</div><div><br></div><div>;; ANSWER SECTION:</div><div><a href="http://mit.edu">mit.edu</a>. 60 IN TXT "v=spf1 ip4:<a href="http://18.7.7.0/24">18.7.7.0/24</a> ip4:<a href="http://18.7.21.0/24">18.7.21.0/24</a> ip4:<a href="http://18.72.0.0/16">18.72.0.0/16</a> ip4:<a href="http://18.7.68.0/24">18.7.68.0/24</a> ip4:<a href="http://18.7.68.0/24">18.7.68.0/24</a> ip4:<a href="http://18.9.25.0/24">18.9.25.0/24</a> ip4:18.9.21.35 ~all"</div><div><a href="http://mit.edu">mit.edu</a>. 60 IN TXT "adobe-idp-site-verification=1080c301-654e-4a4b-869a-b0fcf1945906"</div><div><br></div><div>;; Query time: 219 msec</div><div>;; SERVER: 1.1.1.1#53(1.1.1.1)</div><div>;; WHEN: Fri Sep 28 22:42:05 UTC 2018</div><div>;; MSG SIZE rcvd: 253</div><div><br></div><div>[root@84d867895136 /]#</div></div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Sep 28, 2018 at 6:40 PM Mohamed Lrhazi <<a href="mailto:lrhazi@gmail.com">lrhazi@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr">I trying a new deployment, with PowerDNS Recursor 4.1.4<br>And I seem to be getting failures systematically for some records, such as this example :<div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: initial validation status for <a href="http://mit.edu" target="_blank">mit.edu</a> is Indeterminate</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: Cache consultations done, have 1 NS to contact</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: Domain has hardcoded nameservers</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: Resolved '.' NS (empty) to: 1.1.1.1, 1.0.0.1, 8.8.8.8, 8.8.4.4</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: Trying IP <a href="http://1.1.1.1:53" target="_blank">1.1.1.1:53</a>, asking '<a href="http://mit.edu" target="_blank">mit.edu</a>|TXT'</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: (empty) (1.1.1.1) returned a ServFail, trying sibling IP or NS</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: Trying IP <a href="http://1.0.0.1:53" target="_blank">1.0.0.1:53</a>, asking '<a href="http://mit.edu" target="_blank">mit.edu</a>|TXT'</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: (empty) (1.0.0.1) returned a ServFail, trying sibling IP or NS</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: Trying IP <a href="http://8.8.8.8:53" target="_blank">8.8.8.8:53</a>, asking '<a href="http://mit.edu" target="_blank">mit.edu</a>|TXT'</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: (empty) (8.8.8.8) returned a ServFail, trying sibling IP or NS</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: Trying IP <a href="http://8.8.4.4:53" target="_blank">8.8.4.4:53</a>, asking '<a href="http://mit.edu" target="_blank">mit.edu</a>|TXT'</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: (empty) (8.8.4.4) returned a ServFail, trying sibling IP or NS</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: Failed to resolve via any of the 1 offered NS at level '.'</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 [8] <a href="http://mit.edu" target="_blank">mit.edu</a>: failed (res=-1)</font></div><div><font face="monospace, monospace">Sep 28 20:21:35 2 [8/1] answer to question '<a href="http://mit.edu" target="_blank">mit.edu</a>|TXT': 0 answers, 1 additional, took 4 packets, 12.764 netw ms, 13.769 tot ms, 0 throttled, 0 timeouts, 0 tcp connections, rcode=2</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace"><br></font></div><br>Trying another record, say, mx <a href="http://mit.edu" target="_blank">mit.edu</a> or txt <a href="http://harvard.edu" target="_blank">harvard.edu</a> or <a href="http://yahoo.com" target="_blank">yahoo.com</a> works.<br><br>What could be causing such issue? <br><br>Thanks a lot,<br>Mohamed.</div></div>
</blockquote></div>