DNS problem: query timed out looking up A for domain-name

nazmun · January 9, 2023, 5:43am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.mobionizer.com

I ran this command: certbot renew

It produced this output:
DNS problem: query timed out looking up A for
www.mobionizer.com; DNS problem: query timed out looking up AAAA
for www.mobionizer.com

My web server is (include version):
XAMPP for Linux 7.2.31-1
The operating system my web server runs on is (include version):
centos 7
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

_az · January 9, 2023, 5:50am

I think the problem is probably that ns2.banglaphone.net.bd (IP address 180.210.130.3) doesn't respond to DNS queries over TCP.

This is a misconfiguration by the operators of that server.

Since your domain depends on that nameserver, it is causes issues for the issuance of your certificate.

Your choices include:

Contact banglaphone, ask them to fix that nameserver, and wait for them to action it.
Change your domain to use nameservers that are working properly (Cloudflare is a good free one, but there are many choices).

Bruce5051 · January 9, 2023, 4:03pm

This is what I presently see with nslookup

$ nslookup
> set q=ns
> mobionizer.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
mobionizer.com  nameserver = ns1.banglaphone.net.bd.
mobionizer.com  nameserver = ns2.banglaphone.net.bd.

Authoritative answers can be found from:
> server ns1.banglaphone.net.bd.
Default server: ns1.banglaphone.net.bd.
Address: 180.210.129.3#53
> set q=a
> mobionizer.com
Server:         ns1.banglaphone.net.bd.
Address:        180.210.129.3#53

Name:   mobionizer.com
Address: 180.210.129.103
> www.mobionizer.com
Server:         ns1.banglaphone.net.bd.
Address:        180.210.129.3#53

Name:   www.mobionizer.com
Address: 180.210.129.103
> set q=aaaa
> mobionizer.com
Server:         ns1.banglaphone.net.bd.
Address:        180.210.129.3#53

*** Can't find mobionizer.com: No answer
> www.mobionizer.com
Server:         ns1.banglaphone.net.bd.
Address:        180.210.129.3#53

*** Can't find www.mobionizer.com: No answer
> server ns2.banglaphone.net.bd.
Default server: ns2.banglaphone.net.bd.
Address: 180.210.130.3#53
> set q=a
> mobionizer.com
Server:         ns2.banglaphone.net.bd.
Address:        180.210.130.3#53

Name:   mobionizer.com
Address: 180.210.129.103
> www.mobionizer.com
Server:         ns2.banglaphone.net.bd.
Address:        180.210.130.3#53

Name:   www.mobionizer.com
Address: 180.210.129.103
> set q=aaaa
> mobionizer.com
Server:         ns2.banglaphone.net.bd.
Address:        180.210.130.3#53

*** Can't find mobionizer.com: No answer
> www.mobionizer.com
Server:         ns2.banglaphone.net.bd.
Address:        180.210.130.3#53

*** Can't find www.mobionizer.com: No answer
> exit

Bruce5051 · January 9, 2023, 4:14pm

You have some DNS issue(s).

Using the online tool https://dnsspy.io/ both Performance and Resilience & Security did not score well.
DNS Spy report for mobionizer.com

And with this online tool https://www.hardenize.com/ shows DNS Zone issues
Hardenize Report: mobionizer.com

This online tool https://dnsviz.net/ shows issues with mobionizer.com
mobionizer.com | DNSViz
but not showing issues with www.mobionizer.com
www.mobionizer.com | DNSViz

nazmun · January 12, 2023, 4:20am

Thank you for your response. I have contacted with banglaphone. They will check the configuration

nazmun · January 15, 2023, 2:53am

Hello.

This is the current status, no errors. But we are still unable to complete the cert process.

We have run this below command:
"certbot certonly --standalone -d www.mobionizer.com"

Still getting following issue:

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.mobionizer.com
Type: dns
Detail: DNS problem: query timed out looking up A for
www.mobionizer.com; DNS problem: query timed out looking up AAAA
for www.mobionizer.com

_az · January 15, 2023, 3:18am

Mmm. I think your network (Bangla Phone) is blocking Let's Encrypt's IPs entirely.

For evidence, I tried pointing one of my domains at your web server's IP address, and it still produces a connection timeout, so the problem is not DNS related at all.

Since your nameservers are hosted on the same network as your web server, I think it's likely that both timeouts can be explained by a firewall block or other similar networking issue.

system · February 14, 2023, 3:19am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Query timed out looking up A Help	7	378	November 24, 2022
During secondary validation: DNS problem: query timed out looking up A for Help	2	465	March 2, 2021
Query timed out looking up A, but resolved by other DNS Help	5	950	May 28, 2021
The server could not connect to the client to verify the domain :: DNS problem: query timed out Help	4	1038	February 7, 2018
DNS query always get timeout Help	4	541	September 28, 2023

DNS problem: query timed out looking up A for domain-name

Related topics