Approx 30 mins ago, I suddenly lost access to lemmy.ca due to DNS resolution failures. I've managed to restore access by tossing the known good IP into my computers hosts file, in order to make this post.
It's worth noting I'm running my own DNS resolver (via PfSense router/firewall software) instead of the typical DNS forwarder offered by my ISP. As a result, my DNS ecosystem is likely a bit more fussy about the "correctness" of the DNS configuration.
My DNS server logs some entries complaining about DS and DNSKEY
debug: Failed to match any usable DS to a DNSKEY.
info: Could not establish a chain of trust to keys for lemmy.ca. DNSKEY IN
An attempt to verify the domain name using delv results in the following:
Things didn't immediately work, but if you had genuinely changed something I know DNS can take some time for things to trickle down as caches/TTLs expire etc etc etc.
I'm happy to report things appear to be working normally this morning. I'm glad this was just a transition hiccup and not an outright misconfiguration!
Thanks so much for all your hard work keeping this thing running for us!
I think some DNS servers are holding onto our cached dnssec records for a little longer than they're supposed to. Every DNS health check I can find is reporting everything is healthy.