I have a dnssec enabled domain that passes all the verisign and related dnssec tests (all green, no errors) and dns sources like AT&T and Verizon.   But it fails at some popular dns servers like google and cloudflair.    I'd appreciate what anyone can make of that, there are no obvious debugging directions when verisgn says 'all good'.    If I turn on the 'cdflag' most all of https://dnschecker.org/#A/quietfountain.com works.  Turn it off, and some report problems.   Some clues most welcome!

Harry Coin

Here's Quad9, for example:

[root@registry1 ~]# dig @9.9.9.9   quietfountain.com                    

; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @9.9.9.9 quietfountain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45758
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;quietfountain.com.             IN      A

;; ANSWER SECTION:
quietfountain.com.      43200   IN      A       147.135.121.120
quietfountain.com.      43200   IN      A       51.81.131.192

;; Query time: 1463 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Tue Jul 26 17:53:39 CDT 2022
;; MSG SIZE  rcvd: 78

But, here's cloudflair and google:

[root@registry1 ~]# dig @1.1.1.1  quietfountain.com

; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @1.1.1.1 quietfountain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64113
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 9 (DNSKEY Missing): (no SEP matching the DS found for quietfountain.com.)
;; QUESTION SECTION:
;quietfountain.com.             IN      A

;; Query time: 2197 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Jul 26 17:51:22 CDT 2022
;; MSG SIZE  rcvd: 103

[root@registry1 ~]# dig @8.8.8.8  quietfountain.com        

; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @8.8.8.8 quietfountain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61907
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;quietfountain.com.             IN      A

;; Query time: 2303 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jul 26 17:51:35 CDT 2022
;; MSG SIZE  rcvd: 46