Similar to other problems reported with DNS resolver on Let’s Encrypt, I can’t figure out why A lookup fails for this domain.
I’ve tested from multiple geographical locations against the primary DNS (from SOA), which is ns1.chmurka.pl, and it never failed. It is strange to see SERVFAIL - it would imply that it is NOT a connection error (which could be temporary).
- The following errors were reported by the server:
Domain: da3.chmurka.pl
Type: connection
Detail: DNS problem: SERVFAIL looking up A for da3.chmurka.pl
I proceeded to capture traffic to ns1.chmurka.pl relevant to this domain name. Here is the pcap file. All the queries are answered with NOERROR.
I have no idea where LE takes the SERVFAIL from.
I can see your dns servers return always a lowercase response. Let’s Encrypt uses unbound resolver to check your domain and this resolver uses randomly mixed-case queries (because it adds entropy to the query to avoid spoofing) so it expects your server to respond with the same case
I mean, right now a query to dA3.cHMurkA.pL returns this:
dig @ns1.chmurka.pl dA3.cHMurkA.pL
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @ns1.chmurka.pl dA3.cHMurkA.pL
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56910
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;da3.chmurka.pl. IN A
;; ANSWER SECTION:
da3.chmurka.pl. 300 IN A 198.27.127.55
;; AUTHORITY SECTION:
chmurka.pl. 300 IN NS ns1.chmurka.pl.
chmurka.pl. 300 IN NS ns2.chmurka.pl.
;; ADDITIONAL SECTION:
ns1.chmurka.pl. 300 IN A 37.187.89.68
ns1.chmurka.pl. 300 IN AAAA 2001:41d0:a:3144::
ns2.chmurka.pl. 300 IN A 37.187.31.139
ns2.chmurka.pl. 300 IN AAAA 2001:41d0:a:1f8b::
;; Query time: 5 msec
;; SERVER: 37.187.89.68#53(37.187.89.68)
;; WHEN: Wed Apr 27 00:45:39 CEST 2016
;; MSG SIZE rcvd: 282
But it should respond like this (same case as query):
dig @ns1.chmurka.pl dA3.cHMurkA.pL
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @ns1.chmurka.pl dA3.cHMurkA.pL
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56910
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;dA3.cHMurkA.pL. IN A
;; ANSWER SECTION:
dA3.cHMurkA.pL. 300 IN A 198.27.127.55
;; AUTHORITY SECTION:
chmurka.pl. 300 IN NS ns1.chmurka.pl.
chmurka.pl. 300 IN NS ns2.chmurka.pl.
;; ADDITIONAL SECTION:
ns1.chmurka.pl. 300 IN A 37.187.89.68
ns1.chmurka.pl. 300 IN AAAA 2001:41d0:a:3144::
ns2.chmurka.pl. 300 IN A 37.187.31.139
ns2.chmurka.pl. 300 IN AAAA 2001:41d0:a:1f8b::
;; Query time: 5 msec
;; SERVER: 37.187.89.68#53(37.187.89.68)
;; WHEN: Wed Apr 27 00:45:39 CEST 2016
;; MSG SIZE rcvd: 282