Today we are seeing intermittent issues with all .au domains on any resolver that checks DNSSEC such as cloudflare or google dns.
This is affecting all .au extensions and domains such as:
.gov.au, edu.au, org.au, com.au etc….
It appears that somebody at auda/afilias has made some changes to some records by mistake?
Seems like the issue was between the root dns servers and au. they use dnssec which digitally signs all dns responses to prevent tampering. Probably a wrong key or something, and as to why intermittent, maybe a subset of the dns servers saw the bad result and cached it.
This should be resolved quickly, but this is more than likely inline with the new direct registration launch of .au domain names. Which you can start to register from 24 March from registrars like Drop.com.au and Help.com.au.
Registrars just received this from Afilias:
——
Subject: [AU-registrars] DNSSEC validation issue for domains – 22 March 2022 between 15:35 AEDT and 17:21 AEDT [04:35 UTC and 06:21 UTC]
Dear Registrars,
On 22 March 2022 between 15:35 AEDT and 17:21 AEDT [04:35 UTC and 06:21 UTC], some Internet users may have experienced an issue with DNSSEC related DNS resolution. DNS Resolvers which use strict DNSSEC validation and did not have the query response cached did not resolve .au names during this timeframe.
As of 17:21 AEDT [06:21 UTC], normal operations have resumed and DNSSEC related activity in the zone is working as expected. Resolvers which use strict DNSSEC validation should continue to resolve .au domain names normally.
We apologize for any inconvenience this may have caused. Please contact .au Technical Support if you have any questions.
Sincerely,
.au Technical Support
——
I misunderstood the extent of this initially, I thought it only affected DNSSEC enabled domains as they said it only affected 15,000 domains BUT this actually affected everyone intermittently as DNS resolvers which “support” DNSSEC failed to resolve ANY domains (com.au/org.au/gov.au) during that time.
This is actually a very serious outage.