DNS problem: SERVFAIL looking up A for www.rnelnet.com DNSSEC issue?

You have the same problem as this thread:

(.com and .edu run on the same DNS infrastructure.)

You're not doing anything invalid, but a corner case in the DNS protocol, and the design of the authoritative and recursive DNS servers involved, means it doesn't work.

$ dig +dnssec +norecurse +bufsize=512 @h.gtld-servers.net. rnelnet.com

; <<>> DiG 9.15.1-Ubuntu <<>> +dnssec +norecurse +bufsize @h.gtld-servers.net. rnelnet.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31734
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 10, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;rnelnet.com.                   IN      A

;; AUTHORITY SECTION:
rnelnet.com.            172800  IN      NS      ns.rnelnet.com.
rnelnet.com.            172800  IN      NS      ns1.rnelnet.com.
rnelnet.com.            172800  IN      NS      ns2.rnelnet.com.
rnelnet.com.            86400   IN      DS      22548 7 2 D79569FFC9B4E8FD53AD8F051BDE3D1FDF95D04B4DCBBB48101BB490 D2273058
rnelnet.com.            86400   IN      DS      22548 7 1 B22B2BEC9C490E3F8471183F5C8C2B6C18E00D0E
rnelnet.com.            86400   IN      DS      13689 7 2 9493945454270BA82B508B39866CCB151A911949B810699C86F627A8 E020B199
rnelnet.com.            86400   IN      DS      13689 7 1 59AB2C0527E9B55B406EBBC100ED4DC4DFBF7004
rnelnet.com.            86400   IN      DS      13173 7 2 D604B3BD1157166E4F406648A99E231FF5789BE8833E24BBA3AFC258 196B7EB1
rnelnet.com.            86400   IN      DS      13173 7 1 073B0C4D181C90A26F2D21BA07B6811A1D7BE269
rnelnet.com.            86400   IN      RRSIG   DS 8 2 86400 20190816043035 20190809032035 17708 com. r+yL8SjhNyBMOc3aP7DT2VMT+l8uzC6H6zswYMVosJI99SF5k3p/OV/7 uvJlFJVNB3U+5+7SyVOfyr3sC33xt1FdgkCZfquQfJYH99rjwo5wpdzj WqH9SHDq1gh80UzQmvFn0Nvb5WeEKpYeIRBQjpqFAMXiOARLabe/caRY E6A=

;; Query time: 117 msec
;; SERVER: 2001:502:8cc::30#53(2001:502:8cc::30)
;; WHEN: Fri Aug 09 21:52:31 UTC 2019
;; MSG SIZE  rcvd: 508

You can follow the same workaround as given in that thread -- delete some of your DS or NS records, or add even more.

I'd suggest getting rid of the SHA-1 DS records. They're useless for most purposes.

Edit: You could also use DNS servers in a different domain or TLD.

(P.S.: It's not invalid, but your DNSKEY response is huge. You should consider deleting some of them, or using a DNS server that doesn't sign with ZSKs, or using smaller keys, or using ECDSA.)

(P.P.S.: .com is going to start using a bigger ZSK soon. That might inadvertently solve your problem; I haven't done the math to check, though.)