Error 400 - DNS problem

alfa · February 8, 2021, 11:46pm

hey

MASTER DCV: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (During secondary validation: DNS problem: SERVFAIL looking up A for ankaraokey.org - the domain's nameservers may be malfunctioning) 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (During secondary validation: DNS problem: SERVFAIL looking up TXT for _acme-challenge.ankaraokey.org - the domain's nameservers may be malfunctioning)

What can be the problem? Do you have an idea?

rg305 · February 9, 2021, 12:08am

The name servers responsible for ankaraokey.org are:

ankaraokey.org  nameserver = ns1.zafer2.com
ankaraokey.org  nameserver = ns2.zafer2.com

The name servers responsible for zafer2.com are:

zafer2.com      nameserver = web1.sekershell.net
zafer2.com      nameserver = web2.sekershell.net

The name servers responsible for sekershell.net are:

sekershell.net  nameserver = g15.sekershell.net
sekershell.net  nameserver = g14.sekershell.net

The glue records for g14 & g15.sekershell.net is: [only one IP]

- g14.sekershell.net
          185.9.37.106
          sekershell.net
- g15.sekershell.net
          185.9.37.106
          sekershell.net

nslookup -q=a web1.sekershell.net 185.9.37.106

Name:    web1.sekershell.net
Address: 185.9.37.83

nslookup -q=a web2.sekershell.net 185.9.37.106

Name:    web2.sekershell.net
Address: 185.9.37.84

nslookup -q=a ns1.zafer2.com 185.9.37.83
nslookup -q=a ns1.zafer2.com 185.9.37.84
nslookup -q=a ns2.zafer2.com 185.9.37.83
nslookup -q=a ns2.zafer2.com 185.9.37.84
[all return the same IP: 217.182.214.65]

Name:    ns1.zafer2.com
Address: 217.182.214.65
Name:    ns2.zafer2.com
Address: 217.182.214.65

nslookup -q=a ankaraokey.org 217.182.214.65

Name:    ankaraokey.org
Address: 54.36.33.114

Which seems to work, when processed manually [step by step].
But something must be amiss somewhere, because I sometimes see things like this:

nslookup -q=ns sekershell.net 208.67.222.222
Server:  resolver1.opendns.com
sekershell.net  nameserver = g14.sekershell.net
sekershell.net  nameserver = g15.sekershell.net

nslookup -q=ns sekershell.net 208.67.222.222
Server:  resolver1.opendns.com
sekershell.net  nameserver = woz.ns.cloudflare.com
sekershell.net  nameserver = rita.ns.cloudflare.com

Two completely different set of servers shown.

griffin · February 9, 2021, 12:50am

Cross-linking to jillian's post here:

rg305 · February 9, 2021, 12:57am

Thanks @griffin , but I think there is more here that needs to be addressed:

the primary name servers use the same IP [only one name server]
neither primary name server has a glue record [this necessitates an extra lookup]
the servers that resolve that name server domain also point both to another single IP.
and neither of those name servers have glue records either [which necessitates yet another lookup]
multiple single points of failure/contention found

griffin · February 9, 2021, 12:59am

I completely concur, my friend.

I just wanted anyone looking to know that the staff has acknowledged the "secondary" aspect.

sekershell · February 9, 2021, 1:06pm

zafer2.com

web1.sekershell.net
web2.sekershell.net
It is hosted as web hosting on the server connected to the nameserv addresses. If ankaraokey.org;
ns1.zafer2.com
ns2.zafer2.com

They are hosted on a different server with their nameserv addresses.

And we have been using it this way for years, there is a problem for 3 days.

system · March 11, 2021, 1:06pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.