Another SERVFAIL looking up A record


#1

It worked for a day then we moved it to a production setup and now we’re getting this for all the subdomains we put on the box.

[docker.corp.divisionone.com.au] failed to get certificate: acme: Error 400 - urn:acme:error:connection - DNS problem: SERVFAIL looking up A for docker.corp.divisionone.com.au
Error Detail:
Validation for docker.corp.divisionone.com.au:
Resolved to:

     Used:

dig docker.corp.divisionone.com.au
dig +trace docker.corp.divisionone.com.au

Both seem to be working fine, I’ve tested from hosts in AU, US and EU

What else can I try to unsecrewup?


#2

Although my dig commands (with +dnssec) also gave an A record, DNSViz gives two errors: http://dnsviz.net/d/docker.corp.divisionone.com.au/dnssec/

Something with not answering authoratively and an authority flag missing.

Might have something to do with that, as Let’s Encrypt always tries to get the authorative RR, so anything messing that up will result in an error. I’m just nog 100 % sure if these errors are actually a dealbreaker for Let’s Encrypts resolver.


#3

Always get DNS right, no matter what. That’s a basic rule of Internet operations.


#4

Hi @Freman

a couple of things to note:

a) don’t test in your internal environment as you may have DNS records which are different from the internet
B) seems like your records have been updated as i am getting a valid DNS answer


#5

Thanks for the input, I was digging from outside the network.

Turns out our DNS was being ‘correct’ vs what we wanted, just ended up writing a new server.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.