Getting SERVFAIL on request, OK everywhere else

Please fill out the fields below so we can help you better.

My domain is:

I ran this command: Request from DirectAdmin

It produced this output: Challenge is invalid. Details: DNS problem: SERVFAIL looking up A for test.forcedesign.nl. Exiting…

My operating system is (include version): CentOS 6

My web server is (include version): Apache 2.4

My hosting provider, if applicable, is: Own

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): DirectAdmin

There appears to be a DNSSEC configuration issue with the name:

http://dnsviz.net/d/test.forcedesign.nl/dnssec/

For what it’s worth, i have a resolver using the same software Let’s Encrypt uses (Unbound), though it’s configured totally differently. Mine also returns SERVFAIL.

I would guess that Unbound considers the above DNSSEC problem a fatal error, but i can’t say for certain.

2 Likes

Seems to be working now

Broken again. The zone forcedesign.nl. doesn’t have a DNSKEY but the parent zone nl. still has a DS record, indicating that the zone must be signed.

That’s actually different than the issue i originally saw:

http://dnsviz.net/d/test.forcedesign.nl/WQxUUA/dnssec/

It looks like someone tried to disable DNSSEC but forgot to remove the anchor at his registrar.

1 Like

The problem was with DirectAdmin adding a subdomain as new zone confusing DNSSEC in different key records since the zone test.forcedesign.nl did not have any but forcedesign.nl did

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.