Hi Mike,

Thank you for the reply. It was updated a little under 24 hours ago. I appreciate it can take some time, however, what is confusing me is that the site is not resolvable. The site previously pointed to a different nameserver, and then I just updated the nameserver to point to the new one. My belief was it would just point to the old nameserver in the meantime, and as both nameservers have an A record pointing to the same IP address, there would be no downtime. The site would remain active, but some people would be served the nameserver, and some the new until it finally finished fully propagating.

I don't understand how the VM cache has cached that nothing exists for this domain?

Andrew

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Try the new cross-platform PowerShell https://aka.ms/pscore6

PS C:\WINDOWS\system32> Resolve-DNSName -server 194.168.4.100 daviesflorist.shop
Resolve-DNSName : daviesflorist.shop : DNS server failure
At line:1 char:1
+ Resolve-DNSName -server 194.168.4.100 daviesflorist.shop
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (daviesflorist.shop:String) [Resolve-DnsName], Win32Exception
    + FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName

PS C:\WINDOWS\system32> Resolve-DNSName -server 8.8.8.8 daviesflorist.shop

Name                                           Type   TTL   Section    IPAddress
----                                           ----   ---   -------    ---------
daviesflorist.shop                             AAAA   300   Answer     2606:4700:3035::ac43:931c
daviesflorist.shop                             AAAA   300   Answer     2606:4700:3035::6815:4fbd
daviesflorist.shop                             A      300   Answer     172.67.147.28
daviesflorist.shop                             A      300   Answer     104.21.79.189


PS C:\WINDOWS\system32>

Are you still having the problem? I can access the website, and here's my trace route.

Edited to add that I'm using 9.9.9.9 for DNS.

C:\>tracert daviesflorist.shop

Tracing route to daviesflorist.shop [172.67.147.28]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.1.1
  2     *        *        *     Request timed out.
  3    10 ms    10 ms     9 ms  haye-core-2a-xe-231-0.network.virginmedia.net [62.253.8.117]
  4     *        *        *     Request timed out.
  5    12 ms    12 ms     9 ms  tele-ic-7-ae2-0.network.virginmedia.net [62.253.175.34]
  6    19 ms    11 ms    14 ms  2-14-250-212.static.virginm.net [212.250.14.2]
  7    16 ms    12 ms    11 ms  172.67.147.28

Trace complete.

--
Hub 3.0, TP-Link Archer C8, TP-Link TL-SG108S 8-port gigabit switch, V6

@drewdan 

I know this reply is a little late but I wanted to try and shed a little light on this for you and for anyone else who comes accross this thread.

Virgin's server didn't cache that nothing exists.  Looking at your lookup we see this:

PS C:\WINDOWS\system32> Resolve-DNSName -server 194.168.4.100 daviesflorist.shop
Resolve-DNSName : daviesflorist.shop : DNS server failure
At line:1 char:1
+ Resolve-DNSName -server 194.168.4.100 daviesflorist.shop
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (daviesflorist.shop:String) [Resolve-DnsName], Win32Exception
    + FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName

Note the RCODE_SERVER_FAILURE (In DIG this shows up as a SERVFAIL)

This is down to the way a DNS lookup is done..

Consider my domain ravenstar68.co.uk

If do a DIG with +trace we can see exactly how a resolver looks up the result.

First the server gets the list of root servers

; <<>> DiG 9.16.16 <<>> +trace +nodnssec mail.ravenstar68.co.uk
;; global options: +cmd
. 517216 IN NS g.root-servers.net.
. 517216 IN NS a.root-servers.net.
. 517216 IN NS k.root-servers.net.
. 517216 IN NS b.root-servers.net.
. 517216 IN NS m.root-servers.net.
. 517216 IN NS d.root-servers.net.
. 517216 IN NS i.root-servers.net.
. 517216 IN NS e.root-servers.net.
. 517216 IN NS l.root-servers.net.
. 517216 IN NS c.root-servers.net.
. 517216 IN NS h.root-servers.net.
. 517216 IN NS j.root-servers.net.
. 517216 IN NS f.root-servers.net.
;; Received 851 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

Next it picks one of the root servers and tries to resolve mail.ravenstar68.co.uk.  However these servers only know the addresses of the servers looking after the .uk. domain

uk. 172800 IN NS nsa.nic.uk.
uk. 172800 IN NS nsb.nic.uk.
uk. 172800 IN NS dns4.nic.uk.
uk. 172800 IN NS nsd.nic.uk.
uk. 172800 IN NS nsc.nic.uk.
uk. 172800 IN NS dns1.nic.uk.
uk. 172800 IN NS dns2.nic.uk.
uk. 172800 IN NS dns3.nic.uk.
;; Received 583 bytes from 192.33.4.12#53(c.root-servers.net) in 543 ms

The next thing is to query one of these servers for the domain name.  NOW it gets the address of the name servers looking after my domain.

ravenstar68.co.uk. 172800 IN NS dns2.registrar-servers.com.
ravenstar68.co.uk. 172800 IN NS dns1.registrar-servers.com.
;; Received 138 bytes from 156.154.101.3#53(nsb.nic.uk) in 19 ms

Finally it queries those servers and gets the final result.

mail.ravenstar68.co.uk. 1799 IN A 51.68.196.229
ravenstar68.co.uk. 1800 IN NS dns1.registrar-servers.com.
ravenstar68.co.uk. 1800 IN NS dns2.registrar-servers.com.
;; Received 126 bytes from 2610:a1:1024::200#53(dns1.registrar-servers.com) in 23 ms

Note the lookup in red from Nominet's servers though.  This is cached on the resolving servers as well.  So when you change your nameservers it takes the resolver in question up to 48 hours to pick up the new nameserver IP addresses.  In the meantime VM keeps trying to use the old nameservers.  If there are no longer any nameservers on that IP address, then we get the SERVFAIL result until the cache entry expires.

This is one of the downsides to how DNS works.  Ideally you should keep the old nameservers active UNTIL the cache has had time to expire.

Tim