Yeah I'd remove that authoritative name server from your registrar and NS records in your zone, then retest (obviously waiting for all the records to propagate everywhere). This is what a working validation should look like (for my domain hosted on bind). http://dnssec-debugger.verisignlabs.com/frizianz.com http://dnsviz.net/d/frizianz.com/dnssec/ Any questions let me know. Cheers, Fraser On 25/01/16 10:19, Brian May via luv-main wrote:
Jason White via luv-main <luv-main@luv.asn.au> writes:
Google's public servers succeed, however, as DNSSec Analyzer appears to do: http://dnssec-debugger.verisignlabs.com/ http://dnssec-debugger.verisignlabs.com/jasonjgw.net shows an error: opera.rednote.net/66.228.34.147 returns REFUSED for jasonjgw.net/DNSKEY
http://dnsviz.net/d/jasonjgw.net/dnssec/ shows a number of REFUSED errors.