I'm working to issue a cert by dns-01 and failed at the TXT validation step. Then I tried to find some hints by using unboundtest.com. Here is the problem:
If I put a short TXT value('CS1C7EORFek'), unboundtest.com will work fine with 'NOERROR' and right 'ANSWER SECTION'
If I put a long TXT value('CS1C7EORFekCS1C7EORFek'), unboundtest.com will fail with 'SERVFAIL' and no 'ANSWER SECTION'.
Is there any other guys have met the same problem?
I alow attached these two logs in case of unboundtest link disappear.
long_txt_log.txt.txt (7.6 KB)
short_txt_log.txt.txt (7.3 KB)
Some or all of the DNS servers for the zone
luagent.com are not reachable via TCP. That is a "must" for authoritative name servers.
$ dig +tcp lutest.luagent.com @22.214.171.124
;; Connection to 126.96.36.199#53(188.8.131.52) for lutest.luagent.com failed: connection refused.
Thanks. I've also noticed this and I'm traceing this connection issue in the meantime.
But I'm still confused why the short TXT case is OK(I've tested several times)
If the UDP DNS packet size exceed certain limit (truncate flag on), the resolver supposed to retry in TCP to get the full data.
That's it! 184.108.40.206 and 220.127.116.11 are both offline server and wrongly configured in luagent.com NS results. Now they are removed and TXT works fine. Thanks for your help.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.