weird DNS resolving issue

Solution 1:

The delegation specifies that the zone is supposed to be signed, as per:

spidersoft.com.au.      900     IN      DS      53542 8 1 410D8843D8EE59CC30F788EC2581BDDE09CF3BD9
spidersoft.com.au.      900     IN      DS      2371 13 2 15D49FF575EAE3467EE343069296BC78B942F5A8806160893DED476E CB9E8B75
spidersoft.com.au.      900     IN      DS      10717 8 1 EFD0A37F5128E60444AEA34C2974309B607488B3

It's a little bit strange with these multiple DS records for different keys, but disregarding that...

$ dig @ns-1851.awsdns-39.co.uk spidersoft.com.au DNSKEY +dnssec +norec

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> @ns-1851.awsdns-39.co.uk spidersoft.com.au DNSKEY +dnssec +norec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49231
;; flags: qr aa ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;spidersoft.com.au.             IN      DNSKEY

;; AUTHORITY SECTION:
spidersoft.com.au.      900     IN      SOA     ns-1851.awsdns-39.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 22 msec
;; SERVER: 2600:9000:5307:3b00::1#53(2600:9000:5307:3b00::1)
;; WHEN: Tue Aug 24 10:08:48 CEST 2021
;; MSG SIZE  rcvd: 133

$

...there are no keys at all.

You need to either sign the zone and publish the corresponding DS or remove the DS if the zone is actually intended to be unsigned. The DS records are managed through your registrar (if this is all with Route53, this effectively means the "domain registration part of the interface", as opposed to the the "DNS hosting part of the interface").

See the Route53 documentation for the specifics of signing a zone hosted with their service.