Getting SERVFAIL on request, OK everywhere else


#1

Please fill out the fields below so we can help you better.

My domain is:

I ran this command: Request from DirectAdmin

It produced this output: Challenge is invalid. Details: DNS problem: SERVFAIL looking up A for test.forcedesign.nl. Exiting…

My operating system is (include version): CentOS 6

My web server is (include version): Apache 2.4

My hosting provider, if applicable, is: Own

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): DirectAdmin


#2

There appears to be a DNSSEC configuration issue with the name:

http://dnsviz.net/d/test.forcedesign.nl/dnssec/

For what it’s worth, i have a resolver using the same software Let’s Encrypt uses (Unbound), though it’s configured totally differently. Mine also returns SERVFAIL.

I would guess that Unbound considers the above DNSSEC problem a fatal error, but i can’t say for certain.


#3

Seems to be working now


#4

Broken again. The zone forcedesign.nl. doesn’t have a DNSKEY but the parent zone nl. still has a DS record, indicating that the zone must be signed.


#5

That’s actually different than the issue i originally saw:

http://dnsviz.net/d/test.forcedesign.nl/WQxUUA/dnssec/


#6

It looks like someone tried to disable DNSSEC but forgot to remove the anchor at his registrar.


#7

The problem was with DirectAdmin adding a subdomain as new zone confusing DNSSEC in different key records since the zone test.forcedesign.nl did not have any but forcedesign.nl did


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.