Noting up front:
- I understand you won’t guarantee this information since it SHOULD be opaque from a design standpoint - and that we shouldn’t ever rely or need to rely on it.
- I know that you don’t use intermediate dns resolvers and that you do your own authoritative resolving for the domains
Here’s why I’m asking - I’ve had an issue a few times where (from my perspective) the authoritative servers for my dns provider all return proper results for dns validation, but from your servers perspective, you’re seeing an NXDomain or other failure. This is difficult to diagnose, and having some rough idea of where you are validating from would help with the diagnostics when it happens.
The underlying issue is that my provider has numerous anycast or similar replicas, and my current code checking for whether they are in sync is only hitting a subset of them based on my querying region, so when I look for “is it synced and up to date” before I send out the dns01 challenge request - it’s not actually current or working in all cases.
In this particular case, the symptom was occurring for about 1-1.5 days, but has since stopped, so my current issue is no longer a problem. I would just like to be able to have a bit more detail in future diagnostics if this happens again.