DNS failures (SERVFAIL, timeout) for domains using Network Solutions/Web.com/worldnic.com nameservers

mnordhoff · March 2, 2020, 11:28pm

Writing a post that makes everyone unhappy:

kf6nux:

I noticed the percentage of errors has shifted for our ACMEv1 client. We’re seeing a lot more
403 urn:acme:error:caa: Error creating new cert :: Rechecking CAA for "__example.dom__" and __x__ more identifiers failed. Refer to sub-problems for more information
and fewer of the type we were seing before. Anyone else’s error rates/type change within the past few days?

Let's Encrypt fixed the bug below on 2020-02-29. If you were often using authorizations that had been validated more than 8 hours ago, the bug was decreasing the number of CAA queries and resultant errors, and now they're back up to the level they're supposed to be.

Topic		Replies	Views
Potential networking / client changes on DNS Challenges Help	44	2299	December 29, 2023
DNS problem: SERVFAIL for DNSSEC signed domain Issuance Tech	9	6289	May 18, 2016
DNS Problem: SERVFAIL Help	8	1670	June 11, 2021
DNS failing only for letsencrypt, but not others Help	6	2003	June 13, 2019
DNS SERVFAIL errors from Let's Encrypt Help	3	97	August 23, 2024

DNS failures (SERVFAIL, timeout) for domains using Network Solutions/Web.com/worldnic.com nameservers

Related topics