DNS Problem: SERVFAIL looking up A for mail.freighter.studio


#1

For some reason I’m getting a DNS error and for the love of god I can’t understand why. I checked my DNS with dig as well and it works for random upper-lowercase queries upon which my DNS server (CloudFlare) returns the correct host as well

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 MaIl.FrEiGhTer.stuDio
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19268
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;MaIl.FrEiGhTer.stuDio.		IN	A

;; ANSWER SECTION:
MaIl.FrEiGhTer.stuDio.	299	IN	A	54.190.199.236

;; Query time: 254 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Jan  9 11:06:39 2017
;; MSG SIZE  rcvd: 55

Anyone got any idea? Is it an issue on my end?


#2

It looks as if you have a few dnssec errors - http://dnsviz.net/d/mail.freighter.studio/dnssec/ which may be causing the failure


#3

Alright I see, I’ve seen the DNSSEC error before but I thought nothing more of it, but the problem is that I have actually added the DNSSEC records at my registrar. The DNSSEC is correct for freighter.studio I do believe. (at least according to CloudFlare it is)


#4

You also have errors for dnssec for freighter.studio from tests on multiple checker sites.

You either need to clear those errors, or turn off dnssec (correcting the errors is always better in my view). With the errors effectively saying that the nameservers you are using don’t have delegated authority, then Let’s Encrypt isn’t going to trust the response it gets from them.


#5

I registered the certificate with DNSSEC disabled, however do you think it is possible my domain name registrar doesn’t support the DNSSEC record provided by CloudFlare or something like that?


#6

I think I know the mistake with DNSSEC after some looking around. Thanks for the help though


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.