Linode default setup of resolve.conf

nslookup rpxnow.com fails.

Can anyone verify? Have temp switched to 8.8.8.8

Seems to be specifically affecting rpxnow.com:

$ cat /etc/resolv.conf
search members.linode.com
nameserver 207.192.69.5
nameserver 97.107.133.4
nameserver 207.192.69.4
$ host -v rpxnow.com
Query about rpxnow.com for record types A
Trying rpxnow.com ...
Query failed, 0 answers, status: server failure
rpxnow.com A record not found, server failure
$ host -v isi.edu
Query about isi.edu for record types A
Trying isi.edu ...
Query done, 1 answer, status: no error
The following answer is not authoritative:
isi.edu                 86400   IN      A       128.9.176.20
Authority information:
isi.edu                 86400   IN      NS      ns.east.isi.edu
isi.edu                 86400   IN      NS      nitro.isi.edu
isi.edu                 86400   IN      NS      ns.isi.edu
isi.edu                 86400   IN      NS      vapor.isi.edu
Additional information:
ns.isi.edu              86400   IN      A       128.9.128.127
nitro.isi.edu           86400   IN      A       128.9.208.207
vapor.isi.edu           86400   IN      A       128.9.64.64
$ host -v www.miketheheadlesschicken.org
Query about www.miketheheadlesschicken.org for record types A
Trying www.miketheheadlesschicken.org ...
Query done, 2 answers, status: no error
The following answer is not authoritative:
www.miketheheadlesschicken.org  14400   IN      CNAME   miketheheadlesschicken.org
miketheheadlesschicken.org      14400   IN      A       72.34.33.118
Authority information:
miketheheadlesschicken.org      86400   IN      NS      ns1.flexiss.net
miketheheadlesschicken.org      86400   IN      NS      ns2.flexiss.net
Trying miketheheadlesschicken.org ...
Query done, 1 answer, status: no error
The following answer is not authoritative:
miketheheadlesschicken.org      14400   IN      A       72.34.33.118
Authority information:
miketheheadlesschicken.org      86400   IN      NS      ns1.flexiss.net
miketheheadlesschicken.org      86400   IN      NS      ns2.flexiss.net

But querying the designated domain server returns an answer:

$ host -v rpxnow.com ns1.p15.dynect.net
Server: ns1.p15.dynect.net
Address: 208.78.70.15

Query about rpxnow.com for record types A
Trying rpxnow.com ...
Query done, 1 answer, authoritative status: no error
rpxnow.com              3600    IN      A       184.73.188.120
Authority information:
rpxnow.com              86400   IN      NS      ns3.p15.dynect.net
rpxnow.com              86400   IN      NS      ns1.p15.dynect.net
rpxnow.com              86400   IN      NS      ns4.p15.dynect.net
rpxnow.com              86400   IN      NS      ns2.p15.dynect.net

This is in Newark.

I have opened a ticket with them as you say querying directly returns a result, it seem only Linode DNS resolvers are affected. Google's public DNS resolvers (8.8.8.8 etc..) and OpenDNS result correctly. In addition Pingdom DNS health indicates rpxnow.com is 'A okay'.

We use rpxnow to authenicate our users (server does a remote call) so this is a little concerning

Looks like a DNSSEC problem on the part of rpxnow.com.

udp: rpxnow.com has SOA record ns1.p15.dynect.net. hostmaster.rpxnow.com. 1270059863 3600 600 604800 60 (BOGUS (security failure)) validation failure : no keys have a DS from 2001:500:94:1::15 for key rpxnow.com. while building chain of trust

So it probably isn't exclusive to Linode, but to resolvers that do strict DNSSEC checking.