SERVFAIL looking up A for

yglodt · July 3, 2017, 8:45pm

I ran this command:
letsencrypt --dry-run renew (certbot is version 0.14.1)

It produced this output:
Domain: lxsky.flibsy.com
Type: connection
Detail: DNS problem: SERVFAIL looking up A for lxsky.flibsy.com

My web server is (include version):
Apache/2.4.6

The operating system my web server runs on is (include version):
CentOS 7

My hosting provider, if applicable, is:
www.hetzner.de

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

As visible above, letsencrypt refuses to renew a domain which is currently in use. What could be wrong here?

rg305 · July 3, 2017, 9:03pm

doesn't resolve to any IP.

[edit]
most global DNS systems can't (yet) resolve the nameservers for that domain. (a few can)

maybe in a few hours global DNS will sync...

The domain must be very new: flibsy.com whois lookup - who.is

yglodt · July 3, 2017, 9:22pm

Strange … the domain was registered in February, and works fine here.

What I did is I migrated to different DNS-servers end of last week.

Strange that this does not seem to be propagated yet.

Even then, the “old” DNS-servers had the same configuration.

[yves@yves ~]$ host -a flibsy.com
Trying “flibsy.com”
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6721
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;flibsy.com. IN ANY

;; ANSWER SECTION:
flibsy.com. 86376 IN RRSIG DS 8 2 86400 20170707045614 20170630034614 27302 com. DRzXPdZQtW+eDG2mRrnAzwBWWvXMsJRUZd+EtQXktifrM7f4iSnCFqaQ G3Si2f1BMcQoolqHxEbRWz0GGccV024WanHV9gLHjDhS3EDpKh2oXZJH 8U6h7TTjQdwZMxjdrFOPhRK64IxhygMlBoXbXZEF9h6+0Ju2jneFbUW9 jEM=
flibsy.com. 86376 IN DS 36271 8 1 903D30E53CDD130155B3DA04ADEA75BF8FFB2EC3
flibsy.com. 86380 IN NS ns1.eurodns.com.
flibsy.com. 86380 IN NS ns3.eurodns.com.
flibsy.com. 86380 IN NS ns4.eurodns.com.
flibsy.com. 86380 IN NS ns2.eurodns.com.

[yves@yves ~]$ host -a lxsky.flibsy.com
Trying “lxsky.flibsy.com”
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50844
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;lxsky.flibsy.com. IN ANY

;; ANSWER SECTION:
lxsky.flibsy.com. 3576 IN A 78.46.225.225

rg305 · July 3, 2017, 9:28pm

to see what some others see, try:
host -a flibsy.com 8.8.8.8
host -a lxsky.flibsy.com 8.8.8.8

Snowflake · July 3, 2017, 9:32pm

Broken DNSSEC: http://dnsviz.net/d/lxsky.flibsy.com/dnssec/

yglodt · July 4, 2017, 12:29pm

Thanks for all your comments. I removed the broken DNSSEC and now it works.

system · August 3, 2017, 12:30pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.