I have a question needs to be clarified first. When Let’s Encrypt request the DNS records for some domain, let’s say 1777900.com, does it send the queries to the authoritative DNS servers of 1777900.com ? I tried sending DNS queries to ns1.dns.com through dig for A records, I couldn’t get an IP address. Is this the cause of failure with this domain ?
dig @ns1.dns.com 1777900.com
; <<>> DiG 9.10.6 <<>> @ns1.dns.com 1777900.com
; (4 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53175
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; WARNING: Message has 11 extra bytes at end
;; QUESTION SECTION:
;1777900.com. IN A
;; ANSWER SECTION:
1777900.com. 600 IN CNAME aicai2web2.dgcnamerecovery.net.
;; AUTHORITY SECTION:
1777900.com. 28800 IN NS ns1.dns.com.
1777900.com. 28800 IN NS ns2.dns.com.
;; Query time: 195 msec
;; SERVER: 184.108.40.206#53(220.127.116.11)
;; WHEN: Tue Oct 16 22:41:04 CST 2018
;; MSG SIZE rcvd: 134
Another one, how do I know my authoritative DNS servers are responding to dnskey queries correctly ? I saw the link you pasted, but I couldn’t see anything useful. I tried www.google.com, I could see some graphs there.