DNSSEC issue for a specific domain

Question

Hi,

We are using Windows 2019 server as our internal DNS for Windows 11 clients.

internal DNS is configured with DNSSEC and users are reporting a problem with www.cob.cms.hhs.gov since last week.

DNS server is using 1.1.1.1 and 8.8.8.8 as forwarders and falls back to root servers if forwarders aren't available.

As of last week users aren't able to resolve www.cob.cms.hhs.gov and get

*** dns.corp.local can't find www.cob.cms.hhs.gov: Server failed, however if i clear DNS cache on the DNS server, resolution for www.cob.cms.hhs.gov starts working for about 5 min

www.cob.cms.hhs.gov

Server: dns.corp.local

Address: 172.16.12.1

Non-authoritative answer:

Name: e72847.dscb.akamaiedge.net

Addresses: 2600:141b:1c00:2e::17d1:48d0

      2600:141b:1c00:2e::17d1:48d1

      23.44.203.74

      23.44.203.75

Aliases: www.cob.cms.hhs.gov

      www.cob.cms.hhs.gov.edgekey.net

non DNSSEC enabled servers don't have this issue, what could be causing this record to break on our internal DNS after 5 min ?

Thanks

Answer 1

Hello,

 

Thank you for posting in Q&A forum.

To further troubleshoot this Operation system issue, please kindly try below steps:

1.Please check if the forwarder is configured well and working properly.

2.Capture a network trace by wireshark or network monitor when issue arises, and filter DNS traffic to check how the DNS query is flowing from the client to all configured DNS server.

3.Resolve the DNS name by other DNS servers and check if issue persists.

 

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.

 

Best regards，

Jill Zhou

 

---

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 2

how could the forwarder be not well if it works after clearing DNS cache on the server, but stopping to resolve the name for the users in 5 min?