emil
October 16, 2016, 2:16am
1
- The following errors were reported by the server:
Domain: tools.srv1.dk
Type: connection
Detail: DNS problem: SERVFAIL looking up CAA for tools.srv1.dk
Domain: librenms.srv1.dk
Type: connection
Detail: DNS problem: SERVFAIL looking up CAA for librenms.srv1.dk
Domain: files-origin.srv1.dk
Type: connection
Detail: DNS problem: SERVFAIL looking up CAA for
files-origin.srv1.dk
Domain: zitcom.srv1.dk
Type: connection
Detail: DNS problem: SERVFAIL looking up CAA for zitcom.srv1.dk
Why all the SERVFAILs? I don’t see any…
Nameserver
⋊> ~ dig tools.srv1.dk type257 @ns1.srv1.dk
; <<>> DiG 9.8.3-P1 <<>> tools.srv1.dk type257 @ns1.srv1.dk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6466
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;tools.srv1.dk. IN TYPE257
;; AUTHORITY SECTION:
srv1.dk. 600 IN SOA ns1.srv1.dk. dns.srv1.dk. 2016101502 14400 600 604800 600
;; Query time: 47 msec
;; SERVER: 128.199.51.147#53(128.199.51.147)
;; WHEN: Sun Oct 16 04:12:00 2016
;; MSG SIZE rcvd: 75
Google Public DNS
⋊> ~ dig tools.srv1.dk type257 @8.8.8.8
; <<>> DiG 9.8.3-P1 <<>> tools.srv1.dk type257 @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58034
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;tools.srv1.dk. IN TYPE257
;; AUTHORITY SECTION:
srv1.dk. 578 IN SOA ns1.srv1.dk. dns.srv1.dk. 2016101502 14400 600 604800 600
;; Query time: 59 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Oct 16 04:12:04 2016
;; MSG SIZE rcvd: 75
H Emil
There are a few good historic discussions on this matter.
Review them here: https://community.letsencrypt.org/search?q=caa
There are, but usually something is obviously wrong with the domain’s DNS. This time it seems okay, as far as i can tell.
(I run an Unbound forwarder, but not an Unbound recursor, and not necessarily the same version.)
emil
October 16, 2016, 11:27am
4
Hi @ahaw021
Yeah, I know. I have looked at them, but I doesn’t help me. A you can see there is no problem on my nameserver.
I wrote here to see if other have experienced the same and to get help from the Let’s Encrypt team to solve the issue.
pfg
October 16, 2016, 2:40pm
5
I’m not seeing anything that should be causing a SERVFAIL either. The only issue I found is that ns1.srv1.dk
returns a CAA record for srv1.dk
, while the other name servers don’t:
dig -t TYPE257 srv1.dk @ns1.srv1.dk
; <<>> DiG 9.8.3-P1 <<>> -t TYPE257 srv1.dk @ns1.srv1.dk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16018
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;srv1.dk. IN TYPE257
;; ANSWER SECTION:
srv1.dk. 600 IN TYPE257 \# 33 0005696F6465666D61696C746F3A6361612D7265706F727473407372 76312E646B
srv1.dk. 600 IN TYPE257 \# 22 000569737375656C657473656E63727970742E6F7267
;; Query time: 38 msec
;; SERVER: 128.199.51.147#53(128.199.51.147)
;; WHEN: Sun Oct 16 16:38:41 2016
;; MSG SIZE rcvd: 104
dig -t TYPE257 srv1.dk @ns2.srv1.dk
; <<>> DiG 9.8.3-P1 <<>> -t TYPE257 srv1.dk @ns2.srv1.dk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35430
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;srv1.dk. IN TYPE257
;; AUTHORITY SECTION:
srv1.dk. 600 IN SOA ns1.srv1.dk. dns.srv1.dk. 2016101502 14400 600 604800 600
;; Query time: 34 msec
;; SERVER: 5.79.70.116#53(5.79.70.116)
;; WHEN: Sun Oct 16 16:38:44 2016
;; MSG SIZE rcvd: 69
dig -t TYPE257 srv1.dk @ns3.srv1.dk
; <<>> DiG 9.8.3-P1 <<>> -t TYPE257 srv1.dk @ns3.srv1.dk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44491
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;srv1.dk. IN TYPE257
;; AUTHORITY SECTION:
srv1.dk. 600 IN SOA ns1.srv1.dk. dns.srv1.dk. 2016101502 14400 600 604800 600
;; Query time: 143 msec
;; SERVER: 94.231.110.90#53(94.231.110.90)
;; WHEN: Sun Oct 16 16:38:46 2016
;; MSG SIZE rcvd: 69
I don’t think this would cause a SERVFAIL, but it’s possibly something to look into.
emil
October 16, 2016, 7:01pm
6
@pfg There was issue in sync between the master and slaves. It is fixed now.
certbot is not failing anymore
2 Likes
system
Closed
November 15, 2016, 7:03pm
7
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.