I recently noticed that when I was using Google Public DNS I could not reach my own domain at littlegemsoftware.com. Using other DNS services like my own ISP or for instance OpenDNS everything was working fine.
If it would have been just for me, switching to another DNS service would have been fine. However I am running services on littlegemsoftware.com for my iOS application WoW Realms and obviously I have no say in the matter what my users will be using for their DNS service.
nslookup command was able to get some additional information what was going on.
nslookup littlegemsoftware.com 18.104.22.168 Server: 22.214.171.124 Address: 126.96.36.199#53 Non-authoritative answer: Name: littlegemsoftware.com Address: 188.8.131.52
nslookup littlegemsoftware.com 184.108.40.206 Server: 220.127.116.11 Address: 18.104.22.168#53 ** server can't find littlegemsoftware.com: SERVFAIL
nslookup littlegemsoftware.com 22.214.171.124 Server: 126.96.36.199 Address: 188.8.131.52#53 ** server can't find littlegemsoftware.com: SERVFAIL
Verisgn Labs provides an online tool for testing domains for DNSSEC issues, called DNS Analyzer. From the output the following issues were detected (DNSKEY, RRSIGs)
Conclusion no DNSKEY and RRSIGs for the
littlegemsoftware.com-domain, but there is for the parent domain
A Google search confirms that as of March 19, 2013 Google has enabled DNSSEC validation.
littlegemsoftware.com-domain I am using Hover.com as registrar and name services, but when I logged into my account and reviewed the DNS settings there are no settings for DNSKEY, RRSIGS or DNSSEC.
After contacting Hover Support and some back and forth, the issue was resolved by removing the DNSSEC settings for my domain.
nslookup littlegemsoftware.com 184.108.40.206 Server: 220.127.116.11 Address: 18.104.22.168#53 Non-authoritative answer: Name: littlegemsoftware.com Address: 22.214.171.124
So if you owner of a domain it would be wise to check whether or not it can be resolved using some of the more popular DNS services.