Reason for Error ""DNS problem: SERVFAIL looking up A for"

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

dig -q CAA

It produced this output:

Query results for CAA

;; opcode: QUERY, status: NOERROR, id: 13029
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0


;; AUTHORITY SECTION: 0 IN SOA 2011116209 3600 600 604800 1800

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

According to dnsviz, it looks like you have some DNSSEC errors:

Thank you for your response. Is there a way to fix it without removing DNSSEC for the domain?

Most likely there is, but I’m afraid I don’t know what steps you would need to take. Removing DNSSEC would be the simplest option.

If we create a new zone for and disable DNSSEC on it. Does the validation still check for DNSSEC records going from .com to I believe if that is the case, the validation would still fail?

Yes, that is correct.

Your DS record is incorrect. You need to obtain the correct one from the Dyn control panel and correct it in the domain registration control panel.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.