DNS problem: SERVFAIL looking up A

@JuergenAuer, @_az, and @Phil_LE – This is a BUMP to see if any of you can help me with my last post (above) please?

Thank you!

If you see no output from that at all, then it still sounds like a firewalling issue to me.

Are you really really sure you haven’t blocked either of those addresses by accident?

iptables-save | grep -iE "(66\.|64\.)"

As I mentioned before, other hosts in your server’s subnet do not have this problem, so I believe it’s entirely localized to your server.

3 Likes

@JuergenAuer, @_az, and @Phil_LE

Aha! This command helped to make more sense of this. Thank you @_az !

Here is the output:

/$ iptables-save | grep -iE "(66\.|64\.)"
-A f2b-recidive -s 54.37.66.54/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 51.75.66.11/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 64.202.187.152/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 190.64.137.171/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 178.62.64.107/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 60.250.164.169/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 132.64.96.3/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 188.166.105.228/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 148.66.142.135/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 128.199.166.224/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 47.14.64.247/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 164.132.42.32/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 164.132.62.233/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 112.64.170.178/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 212.64.94.157/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-recidive -s 66.70.189.93/32 -j REJECT --reject-with icmp-port-unreachable

What is the best way to remedy this, please?

Your fail2ban setup doesn’t appear to be blocking 66.133.109.36 or 64.78.149.164. Are you able to create a new VPS and attempt issuance on that server? Can you ask White Label IT Solutions if they can assist with debugging inside their network?

1 Like

Hi @Phil_LE,
Thank you for your response. You read my mind. The further I dig into the problems on this VPS the more issues I’m finding. I agree with you. It’s time to ditch this one and spin up a new one.

I really appreciate everyone’s help on this!

@JuergenAuer, @_az, and @Phil_LE You guys ROCK!

3 Likes