Hi @Swati! Welcome.
I can confirm that from my laptop at home, I get a NOERRROR answer for this:
$ dig CAA premiersteel.com.cn
; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> CAA premiersteel.com.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41867
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;premiersteel.com.cn. IN CAA
;; AUTHORITY SECTION:
premiersteel.com.cn. 3600 IN SOA ns1.myhostadmin.net. dnsconct.myhostadmin.net. 2019111839 3600 300 604800 3600
;; Query time: 300 msec
;; SERVER: 2001:558:feed::1#53(2001:558:feed::1)
;; WHEN: Thu Apr 16 15:56:56 PDT 2020
;; MSG SIZE rcvd: 112
So that suggests that the authoritative DNS servers for
premiersteel.com.cn don’t always return SERVFAIL for this CAA query. Also, looking at our logs, it seems we have successfully looked up CAA records for this hostname in the past.
My recommendation is: Try to get your system to create a new order with the same hostnames. I think there’s a good chance the SERVFAIL here was a temporary blip for the authoritative DNS servers for
premiersteel.com.cn and the check will succeed next time.