DNS lookup failure for .mil

There is a recent problem where the Let's Encrypt servers aren't able to do any DNS lookups for anything under the entire .mil TLD. See these other reported problems: Certificate not getting issued due to DNS lookup timeout on A and AAAA records and DNS timeout from Let's Encrypt servers (the second issue is one I reported; that domain is NOT in .mil but the nameservers for it are).

Unfortunately, I do not have a solution; my (admittedly limited) tests show that DNS lookups for the affected domains seem to work everywhere EXCEPT from the Let's Encrypt validation servers. I'm unclear if this is a software problem on Let's Encrypt's side, a firewall block put in at a high level by DISA, or something else. But it's not just you.

3 Likes