We have migrated from a DNS zone provider (AWS Route 53) to another one (CloudFlare). We have changed the nameservers at our registrar (Gandi) on July the 20th 2021. We have not changed the SOA and NS records declared in the zone of our former DNS provider (AWS Route 53), deeming it not needed (and anyway not possible with some providers; but this one seems to allow this).
Today we discovered that at least one Internet service provider has DNS servers which are intermittently still resolving on our former provider, which we have not yet decommissioned. We have not found any other ISP exhibiting such a behavior.
The behavior is very strange from my viewpoint: querying one of their nameserver (not public facing, only accessible from a subscription to their service) yields sometime a response from our current provider, sometimes from the previous provider. And this switches from good to bad or conversely at random and at a fast pace, even with a shorter delay than the TTL indicated in the answer.
I have ascertained the bad answers were actually coming from our previous DNS zone provider by doing some changes there: the DNS server from that ISP has then reflected the changes when answering bad records.
Even though according to these answers 1, 2 and 3, we should not have to change anything in the records of our old DNS zone provider, is there still actually something we should change?
Or is it that this one ISP has some trouble they have to fix on their side?
You can see the domain for which I have the trouble in my current Stack Exchange profile, last line "Work at ...". The former DNS zone provider (AWS Route 53) resolves the www of the domain to a cname for an AWS CloudFront distribution that we keep enabled for now. The current DNS zone provider (CloudFlare) directly resolves it to IP addresses of its CDN edge nodes.
NS record for the zone at the current DNS zone provider, CloudFlare (with our actual domain name replaced by ourdomain
):
ourdomain.com. 1 IN NS margaret.ns.cloudflare.com.
ourdomain.com. 1 IN NS bowen.ns.cloudflare.com.
NS records from the delegation (Gandi registrar):
ourdomain.com. 86400 IN NS bowen.ns.cloudflare.com.
ourdomain.com. 86400 IN NS margaret.ns.cloudflare.com.
NS records for the zone at the former DNS zone provider provider (AWS Route 53):
ourdomain.com. 172800 IN NS ns-1139.awsdns-14.org.
ourdomain.com. 172800 IN NS ns-776.awsdns-33.net.
ourdomain.com. 172800 IN NS ns-452.awsdns-56.com.
ourdomain.com. 172800 IN NS ns-1763.awsdns-28.co.uk.
The trouble was on that one ISP side. So, as far as I know, no, no other changes has to be done in our DNS settings.
We were able to reach them out and get their support team to look at the trouble. It took some time, but at some point they answered they have done an intervention on their DNS servers, and since then we are no more seeing the trouble.