DNS Record (A) Failed to Found - Even if it's there


#1

My domain is: sxhssatyanagar.in

I ran this command: sudo certbot --apache -d sxhssatyanagar.in www.sxhssatyanagar.in

It produced this output:

Detail: DNS problem: SERVFAIL looking up A for [www.sxhssatyanagar.in ]

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

The problem is I have proper A records at my registrar (GoDaddy) and I checked with https://www.whatsmydns.net/#A/sxhssatyanagar.in - it’s all good (with few locations not working).

What do I need to do more in order to issues a Let’s Encrypt SSL certificate?


#2

It seems as if your domain was only recently registered and some global DNS systems can’t yet resolve it.
For me, both of these failed:
nslookup -q=ns sxhssatyanagar.in 8.8.8.8
nslookup -q=ns sxhssatyanagar.in 1.1.1.1

While this one succeeded:
nslookup -q=ns sxhssatyanagar.in 4.2.2.1


#3

Hi @ankushdas9

I see your two domains.

http://www.sxhssatyanagar.in/ 301 http://sxhssatyanagar.in/ 0.473 D
http://sxhssatyanagar.in/ 200 1.270 H
https://sxhssatyanagar.in/ 200 7.837 N
Certificate error: RemoteCertificateNameMismatch
https://www.sxhssatyanagar.in/ 200 7.010 N

But there are 5 dns server with errors.

Same with your www-version.

But

https://www.uptrends.com/de/tools/uptime

looks terrible.


#4

Thank you for the details. Any suggestions to fix this issue?


#5

It’s been there for over 2 years but DNS records were modified recently.


#6

Give the DNS some time to settle and try again.

sxhssatyanagar.in
primary name server = ns59.domaincontrol.com
responsible mail addr = dns.jomax.net
serial = 2018112802
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 604800 (7 days)
default TTL = 600 (10 mins)


#7

It’s not stable. Checked again, a mix of DNS Lookup Error and Http Protocol Error.

Checked with one of my own sites it’ completely green.

So wait one or two hours, then check it again.


#8

Hi,

Have you recently switched your primary DNS (authoritive DNS) servers?

The NS servers glued at GoDaddy are:

Name Server: NS59.DOMAINCONTROL.COM Name Server: NS60.DOMAINCONTROL.COM DNSSEC: signedDelegation

Also, please notice that you have DNSSEC setup at your registrar (GoDaddy).
However, their DNS servers do not send rrsig with that DNSSEC.

You’ll need to either remove the DNSSEC or purchase Premium DNS from GoDaddy or switch to another DNS provider that supports DNSSEC to make your website works again. (Because GoDaddy basic/free DNS does not support DNSSEC)
https://www.godaddy.com/help/enable-dnssec-in-my-premium-dns-account-6420

I think the DNSSEC issue is why there are SERVFAIL for Let’s Encrypt lookup. (Since LE honors DNSSEC)

Thank you


#9

Thanks for the information. Interesting, Yes, I experimented a while back and enabled DNSSEC without being aware of it - I removed it. Let’s see if that helps.

I’ll keep you posted if this was the accurate solution to my problem.


#10

I can confirm that this solved my issues. Disabled DNSSEC. Voila! Thanks!