So, it seems you have delegated the control for ep.cinebot.it.
to another name server:
;; AUTHORITY SECTION:
ep.cinebot.it. 3600 IN NS mbox.cinebot.it.
ep.cinebot.it. 3600 IN NS srv1.cinebot.it.
;; ADDITIONAL SECTION:
mbox.cinebot.it. 3600 IN A 51.255.48.120
srv1.cinebot.it. 3600 IN A 51.255.48.120
;; SERVER: 213.251.128.129#53(213.251.128.129) ### ns10.ovh.net
Now, there are some problems:
You only have one name server; a configuration prone to errors. You are required to have at least two name servers on separate networks (IANA Technical requirements for authoritative name servers).
The 51.255.48.120
doesn't answer to everyone. It's status: SERVFAIL
instead of NXDOMAIN
. Is there some kind of a firewall? Or maybe Fail2Ban with too strict configuration?
E.g. while DNSViz for test.ep.cinebot.it
mainly shows there's no DNSSEC for cinebot.it
(proving there's no problem with DNSSEC), it also gives a clear error suggesting communication problems:
ep.cinebot.it zone: The server(s) were not responsive to queries over TCP. (51.255.48.120)
With +trace
I get consistent results from 1.1.1.1
(Cloudflare) and 208.67.222.220
(OpenDNS), and occasionally even from 8.8.8.8
/ 8.8.4.4
(Google):
$ dig test.ep.cinebot.it +trace +tcp @1.1.1.1
;; communications error to 51.255.48.120#53: end of file
;; communications error to 51.255.48.120#53: end of file
This made me also check whether the problem is with UDP vs. TCP connections, but it seems your server answers similarly with both dig +tcp
and +notcp
:
;; ANSWER SECTION:
test.ep.cinebot.it. 60 IN A 93.42.126.242
;; Query time: 27 msec
;; SERVER: 51.255.48.120#53(51.255.48.120)
Also, your TTL is extreme low (60 seconds). This means that recursive name servers won't cache the responses for a long time, which emphasizes the importance of responsive and redundant name servers.