I had a typo in my DNS zone on Amazon Route53. I had an IP starting in 53 when it should have been 52. I have now changed it on Route53, but I'm still getting old data from dig and from other resolver mechanisms that use UDP. If I force TCP, I get the correct data.
Here is the actual DNS record on Route53 as of this instant, expressed in BIND syntax:
$ORIGIN templatolio.com.
@ 3600 IN A 52.32.48.83
Here is the result using UDP. Note that the ANSWER starts with 53 and Authority is 0:
C:\>dig templatolio.com @ns1.aleyant.net
; <<>> DiG 9.10.3-P4 <<>> templatolio.com @ns1.aleyant.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34565
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;templatolio.com. IN A
;; ANSWER SECTION:
templatolio.com. 2289 IN A 53.32.48.83
;; Query time: 19 msec
;; SERVER: 205.251.199.16#53(205.251.199.16)
;; WHEN: Thu Sep 29 11:58:33 EDT 2016
;; MSG SIZE rcvd: 60
Here is the result using TCP. Note that the ANSWER starts with 52, as it should:
C:\>dig +tcp templatolio.com @ns1.aleyant.net
; <<>> DiG 9.10.3-P4 <<>> +tcp templatolio.com @ns1.aleyant.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59721
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 8, ADDITIONAL: 5
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;templatolio.com. IN A
;; ANSWER SECTION:
templatolio.com. 3600 IN A 52.32.48.83
;; AUTHORITY SECTION:
templatolio.com. 3600 IN NS ns-1437.awsdns-51.org.
templatolio.com. 3600 IN NS ns-1808.awsdns-34.co.uk.
templatolio.com. 3600 IN NS ns-670.awsdns-19.net.
templatolio.com. 3600 IN NS ns-88.awsdns-11.com.
templatolio.com. 3600 IN NS ns1.aleyant.net.
templatolio.com. 3600 IN NS ns2.aleyant.net.
templatolio.com. 3600 IN NS ns3.aleyant.net.
templatolio.com. 3600 IN NS ns4.aleyant.net.
;; ADDITIONAL SECTION:
ns1.aleyant.net. 3600 IN A 205.251.199.16
ns2.aleyant.net. 3600 IN A 205.251.194.158
ns3.aleyant.net. 3600 IN A 205.251.197.157
ns4.aleyant.net. 300 IN A 205.251.192.88
;; Query time: 23 msec
;; SERVER: 205.251.199.16#53(205.251.199.16)
;; WHEN: Thu Sep 29 11:59:00 EDT 2016
;; MSG SIZE rcvd: 340
Just had a thought: could this be my ISP bogarting the UDP DNS packet?
Duh. I was connected to a VPN using my Array Networks VPN for Desktop client, and it was that VPN client that was trapping UDP 53. Not a Route53 problem at all.