A strange problem when using unboundtest.com

Help
1

I'm working to issue a cert by dns-01 and failed at the TXT validation step. Then I tried to find some hints by using unboundtest.com. Here is the problem:

If I put a short TXT value('CS1C7EORFek'), unboundtest.com will work fine with 'NOERROR' and right 'ANSWER SECTION'
https://unboundtest.com/m/TXT/_acme-challenge.lutest.luagent.com/S3UEARN7

If I put a long TXT value('CS1C7EORFekCS1C7EORFek'), unboundtest.com will fail with 'SERVFAIL' and no 'ANSWER SECTION'.
https://unboundtest.com/m/TXT/_acme-challenge.lutest.luagent.com/NLXWOLOM

Is there any other guys have met the same problem?
I alow attached these two logs in case of unboundtest link disappear.
long_txt_log.txt.txt (7.6 KB)
short_txt_log.txt.txt (7.3 KB)

1 Like
2

Some or all of the DNS servers for the zone luagent.com are not reachable via TCP. That is a "must" for authoritative name servers.

$ dig +tcp lutest.luagent.com @101.89.64.126
;; Connection to 101.89.64.126#53(101.89.64.126) for lutest.luagent.com failed: connection refused.
4 Likes
3

Thanks. I've also noticed this and I'm traceing this connection issue in the meantime.
But I'm still confused why the short TXT case is OK(I've tested several times)

2 Likes
4

If the UDP DNS packet size exceed certain limit (truncate flag on), the resolver supposed to retry in TCP to get the full data.

7 Likes
5

Thanks.

4 Likes
6

image

4 Likes
7

That's it! 120.52.138.16 and 123.58.238.36 are both offline server and wrongly configured in luagent.com NS results. Now they are removed and TXT works fine. Thanks for your help.

2 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.