Problem: When reviewing a Domain inspector’s data, DNS A records and DNSSEC information may appear to be incorrect. This could be due to DNS misconfiguration issues on the customer side.
Steps to Remediation:
Pre-requisites:
You will need a command-line interface and the dig utility installed:
Linux/MacOS: Terminal application with dig utility preinstalled.
Windows: Install dig via ISC's BIND tools, or use Windows Subsystem for Linux (WSL).
Step 1: Gather 'A' Record from SOA
Execute the dig command to get the SOA record:
dig SOA +noall +answer <url>
From the command's output, choose the first SOA record. This will be your server. For instance, if you see "pdns13.domaincontrol.com" as the output, that's your SOA record.
Subsequently, execute the 'A' record query command using the SOA record obtained:
dig A +noall +answer <url> @<SOA_Record>
Example:
dig A +noall +answer liongard.com @pdns13.domaincontrol.com
You should see the result, e.g. "75.126.220.28".
Step 2: Gather 'A' Record from NS
Run the following dig command to retrieve the NS record:
dig NS +noall +answer <url>
Use the obtained NS record to query the 'A' record with the command:
dig A +noall +answer <url> @<NS_Record>
Example:
dig A +noall +answer liongard.com @pdns14.domaincontrol.com
Again, note the result (e.g., "75.126.220.28").
Outcome: Compare the results from Step 1 and Step 2. If they're identical, it indicates a correct DNS setup. Any difference might point to a customer-side DNS issue.
Alternatives: If the results in your findings are identical and you are still seeing inconsistencies within the Inspector’s Data Print, please open a case with our support team and be sure to include the following information:
What entries are missing/incorrect?
When did the problem start?
How are you viewing the entries? (Inspector Overview, DataPrint, etc..)
Provide the dig queries and responses from troubleshooting.
Further Reading: https://docs.liongard.com/docs/internet-domain-dns-inspector