DNS debugging

 Doing some digging about why a specific DNS wasn't propagating properly everywhere, I found out that it was related to a wrong DNSSEC declaration.

• Tool to check if the DNS record is properly propagated https://www.whatsmydns.net
• Debug DNS settings & DNSSEC settings
• https://dnsviz.net
• https://www.zonemaster.net/ 

a bit more details about DNSSEC 

https://blog.ovhcloud.com/an-introduction-to-dnssec/

DNS DNSKEY and DS records "The DNSKEY and DS records are used by DNSSEC resolvers to verify the authenticity of DNS records."

https://www.cloudflare.com/learning/dns/dns-records/dnskey-ds-records/

some debuging steps

https://serverfault.com/questions/1018543/dns-not-resolving-in-all-locations-after-a-week 

Hetzner firewall for outgoing trafic

As noted here :

https://docs.hetzner.com/robot/dedicated-server/firewall/#out-going-tcp-connections

make sure to include a rule in your hetzner Robot firewall / firewall templates if you want to connect to the outerworld. For instance, without the "outgoing" line in my setup, I was not able to perform even a apt-get update.

Hetzner Servers - Robot Firewall / rule for outgoing trafic

• Name : outgoing tcp (for example)
• Source IP : N/A
• Destination IP : N/A
• Source port : N/A
• Destination port : 32768-65535
• Protocol : tcp
• TCP Flags : ack