I'd guess that one of KENIC's NS servers was down (They are all currently up). The issue that we are seeing is due DNS recursor servers vending stale data (Due to KENIC's large negative ttl :( ). So we'll probably continue to see connectivity issues until all recursors expire the negative ttl which is currently set to 86400 seconds (24 hours)! Best thing to do is 1. Ask your DNS provider to purge their cache (Zuku/faiba....) 2. Ask KENIC to stop using insane nx domain TTLs (@kenic hostmasters, dial it down to ~3600 secs). 3. Run your own private DNS server (Unbound is great at this. Bind it to 127.0.0.1) *What GoogleDNS vends * ---------------------------------- ❯ dig +short SOA @8.8.8.8 tz. ns2.tznic.or.tz. hostmaster.tznic.or.tz. 1427785741 10600 3600 1209600 3600 ❯ dig +short SOA @8.8.8.8 ke. ^^ Nothing here. And nothing is going to be vended till *86400* seconds after the outage! *Negative TTL for KENIC* ----------------------------------- ❯ dig +trace any co.ke. ; <<>> DiG 9.8.3-P1 <<>> +trace any co.ke. ;; global options: +cmd . 15870 IN NS d.root-servers.net. . 15870 IN NS c.root-servers.net. . 15870 IN NS f.root-servers.net. . 15870 IN NS l.root-servers.net. . 15870 IN NS j.root-servers.net. . 15870 IN NS a.root-servers.net. . 15870 IN NS m.root-servers.net. . 15870 IN NS k.root-servers.net. . 15870 IN NS g.root-servers.net. . 15870 IN NS i.root-servers.net. . 15870 IN NS e.root-servers.net. . 15870 IN NS b.root-servers.net. . 15870 IN NS h.root-servers.net. ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 160 ms ke. 172800 IN NS ns.anycast.kenic.or.ke. ke. 172800 IN NS ns-ke.afrinic.net. ke. 172800 IN NS ns1.coza.net.za. ke. 172800 IN NS mzizi.kenic.or.ke. ;; Received 273 bytes from 192.5.5.241#53(192.5.5.241) in 86 ms co.ke. 86400 IN *SOA* mzizi.kenic.or.ke. hostmaster.kenic.or.ke. 2015033121 3600 3600 604800 *86400* co.ke. 86400 IN NS ns1.coza.net.za. co.ke. 86400 IN NS mzizi.kenic.or.ke. co.ke. 86400 IN NS ns-ke.afrinic.net. co.ke. 86400 IN NS ns.anycast.kenic.or.ke. co.ke. 86400 IN TXT "Generation Time: 1427787025" ;; Received 224 bytes from 204.61.216.7#53(204.61.216.7) in 82 ms *Negative TTL for other folks* ------------------------------------- *ug.* 14400 IN SOA root.eahd.or.ug. mpeirwe.eahd.or.ug. 2015033111 86400 3600 2592000 *14400* *tz.* 3600 IN SOA ns2.tznic.or.tz. hostmaster.tznic.or.tz. 1427785741 10600 3600 1209600 *3600* *uk.* 172800 IN SOA ns1.nic.uk. hostmaster.nic.uk. 1401428419 7200 900 2419200 *10800* *All Name servers for KE are up (IPV4)* ---------------------------------------------------- ❯ dig @a.root-servers.net. NS ke. | egrep "\sA\s" | awk '{print $1}' | while read NS_SRV do echo "Testing NS: $NS_SRV" dig +short @${NS_SRV} soa co.ke. echo done Testing NS: ns-ke.afrinic.net. mzizi.kenic.or.ke. hostmaster.kenic.or.ke. 2015033121 3600 3600 604800 86400 Testing NS: mzizi.kenic.or.ke. mzizi.kenic.or.ke. hostmaster.kenic.or.ke. 2015033121 3600 3600 604800 86400 Testing NS: mzizi.kenic.or.ke. mzizi.kenic.or.ke. hostmaster.kenic.or.ke. 2015033121 3600 3600 604800 86400 Testing NS: ns.anycast.kenic.or.ke. mzizi.kenic.or.ke. hostmaster.kenic.or.ke. 2015033121 3600 3600 604800 86400 Testing NS: ns1.coza.net.za. mzizi.kenic.or.ke. hostmaster.kenic.or.ke. 2015033121 3600 3600 604800 86400