Today when I logged on to this blog I found that I could not reach blog.stuxnerd.it. The other pages, especially stuxnerd.it worked fine. The blog was not reachable at all. My guess was immediately on the DNS settings, as there is no difference at the application level (wordpress multisite) and I could not switch to this domain in the WordPress admin area either.
I remembered that I had adjusted the DNS settings for SPF and DKIM just about a week ago. Although only TXT records were added, the A and AAAA records for “*” now seem to be ignored by the DNS resolver for “blog” when there are TXT records for the host “blog”.
Meanwhile, I explicitly set A and AAAA records for the host “blog” and after the TTL expired, everything worked again.
Lesson of the day: testing is not sufficient. One should retest all DNS changes even after the TTL expires.
Of course it would have helped to know the RFC 4592. But you only do that in case of an error and that’s why errors are great (you can talk yourself into it). It would be even better if it wasn’t discovered after a week, but the requirements of the business impact analysis were still met because the downtime was less than 168 hours. Not everyone can afford that.
Translated with www.DeepL.com/Translator (free version)