here is my scenario: i have build an LB on GCP (https). Static reserved IP DNSSEC set to on DNS A and CNAME records 4 web servers sit behind the LB back end front end set for https when going via IP, the LB works and the site come up. when going via the DNS name, the site does NOT work in the US, however if i use VPN for another country, it works.
if you look here, you can see how DNS is propagated for some countries while not others: https://dnschecker.org/
if i use Google DNS Checker i get a DNSSEC errors: https://dns.google.com/
I tried using a self signed Cert as well as google managed cert, still same issue.
i even tried rebuilding the LB with a new EXT IP completely. Any ideas would be appreciated. Thank you
Upon further checking i realized that what i forgot to do is go to my Google Domains (or whatever you using for your domain management) and add the DNSSEC information there: (Digest, type, ID, etc).
The information to put there can be found if you go to your GCP project --> Cloud DNS --> click on the zone --> click on "Registrar Setup" on the top right.
Use the info there, to put it in your domain admin DNSSEC config.