DNS problem: SERVFAIL looking up A for

bbb · August 30, 2016, 10:37am

Hi there,

I am running into problems with issuing an ssl certificate for a domain that is pointing to my server’s IP. There are many domains with a CNAME that point to our domain and for none of them this issue has occurred in the past, it’s only this one particular domain where I get

DNS problem: SERVFAIL looking up A for backoffice.cempa.pt

I tried running dig backoffice.cempa.pt as well as the same command for one of our other, working, domains. They both looked alright to me:

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20050
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;backoffice.cempa.pt.  		IN     	A

;; ANSWER SECTION:
backoffice.cempa.pt.   	3600   	IN     	CNAME  	domains.cobot.me.
domains.cobot.me.      	980    	IN     	A      	52.50.246.103

;; Query time: 97 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Aug 30 12:27:18 2016
;; MSG SIZE  rcvd: 83

Not quite sure how to continue looking for the solution, so any help is appreciated. I realize there are already a few other ppl asking similar questions, but none of the answers I read really helped me figuring out the problem.

Thanks in advance!

tialaramex · August 30, 2016, 10:58am

Hmm. I see the same DNS problem that Let’s Encrypt reports to you

[njl@totoro ~]$ dig backoffice.cempa.pt. 

; <<>> DiG 9.10.3-P4-RedHat-9.10.3-13.P4.fc23 <<>> backoffice.cempa.pt.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45422
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;backoffice.cempa.pt.           IN      A

;; Query time: 190 msec
;; SERVER: 217.169.20.20#53(217.169.20.20)
;; WHEN: Tue Aug 30 11:52:28 BST 2016
;; MSG SIZE  rcvd: 48

I think the fault may be with the name servers for cempa.pt, it seems that when the designated name servers for this 2LD are asked questions about it they assert that they’re not authorities for that domain. This seems wrong to me, if they don’t have authoritative answers, who does ?

system · September 29, 2016, 10:58am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.