Getting SERVFAIL on request, OK everywhere else


Please fill out the fields below so we can help you better.

My domain is:

I ran this command: Request from DirectAdmin

It produced this output: Challenge is invalid. Details: DNS problem: SERVFAIL looking up A for Exiting…

My operating system is (include version): CentOS 6

My web server is (include version): Apache 2.4

My hosting provider, if applicable, is: Own

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): DirectAdmin


There appears to be a DNSSEC configuration issue with the name:

For what it’s worth, i have a resolver using the same software Let’s Encrypt uses (Unbound), though it’s configured totally differently. Mine also returns SERVFAIL.

I would guess that Unbound considers the above DNSSEC problem a fatal error, but i can’t say for certain.


Seems to be working now


Broken again. The zone doesn’t have a DNSKEY but the parent zone nl. still has a DS record, indicating that the zone must be signed.


That’s actually different than the issue i originally saw:


It looks like someone tried to disable DNSSEC but forgot to remove the anchor at his registrar.


The problem was with DirectAdmin adding a subdomain as new zone confusing DNSSEC in different key records since the zone did not have any but did


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.