Intermittent CAA SERVFAILs Across Two DNS Providers

I don't see the CNAME...

Since it's on the root record it's flattened by Cloudflare and returned as an A record. My point mainly there was the more complex delegation going on for that domain is sort of invisible to the end-user (Let's Encrypt)

It uses Cloudflare CDN?

Addresses: 2606:4700::6810:e650

If so, that's a bit different than the other FQDN.

1 Like

If you look at as an example it CNAME's to

That then has some subdomain delegation on, somewhat similar to is configured identically as

OK but both names had the same problem:

1 Like

OK but both names had the same problem:

Yep :+1:

I might open up a support ticket with Cloudflare too alongside this thread to see if they can offer any advice, or have any observations from their internal tooling that might help to figure this out.
I'll also look at making the change to to delegate differently, but might be later on in the week before I'm able to make that change


The two authoritative nameservers resolve to 12 IPs (six IPv6 and six IPv4):

Addresses: 2803:f800:50::6ca2:c1a4

Addresses: 2606:4700:50::adf5:3aab

I've checked them all via TCP and UDP for CAA records of both FQDNs and can't spot any malfunction

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.