SERVFAIL looking up CAA with namebright

I have a server with certificates for several domains successfully creating and renewing with Let’s Encrypt. One that has been working previously has started failing with “DNS problem: SERVFAIL looking up CAA for”.

DNS is hosted with namebright. Their DNS configuration screen did not seem to have option to configure a CAA record. I contacted their support and got this reply:


Our DNS system does not currently support the setting up of CAA records. If you are required to set that up, you will need to find a third-party DNS system that supports those records.

We apologize for any inconvenience this may cause.

Thank you,
NameBright Support

Are there any options shy of moving the DNS somewhere else?

Thanks in advance for any help.

The problem is not so much that your DNS provider does not allow setting CAA records, but rather that it’s currently replying with SERVFAIL. An empty response (i.e. no CAA records) would be fine, but SERVFAIL indicates a server failure and is not appropriate here. Here’s the relevant description (from RFC 1035):

            2               Server failure - The name server was
                            unable to process this query due to a
                            problem with the name server.

I’d try forwarding that information to NameBright to see if they can fix that behaviour (most likely by upgrading to a more recent version of their DNS software). If they’re unwilling to do that, you’ll have to move to a different DNS provider (CloudFlare would probably work just fine - they can be used as a DNS-only provider if you don’t want or need the CDN/proxying features).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.