Trouble with DNS and IP Listing

I’m having trouble with a DNS resolving to the wrong IP address and I’m wondering if it is because of Cert-Manager and Let’s Encrypt/ACME that I tried to use with my Azure kubernetes service.

I originally tried to use Cert-Manager and Let’s Encrypt for my AKS ingress so that it could be verified, but unfortunately it wasn’t working because of being a private DNSZone in Azure. I removed the Cert-Manager pods and setup, plus deleted the cluster to start over. However, when I look up markethound20-dev.com, using digwebinterface, it resolves to an IP address of 66.96.162.150. I used mxtoolbox.com and other things to find out that it is eigbox.net which is Endurance International Group, who is a domain provider.

I’m not seeing anything besides that with markethound20-dev.com as a name, so I’m wondering if something is stuck since I tried to use it with Cert-Manager.

Is there a way I can verify this? Is there a way I can delete the domain, account, or whatever else if it is true that it is stuck with ACME/Let’s Encrypt?

Thank you for the assistance!

Hi @jtmoney1996

is markethound20-dev.com your domain?

If yes, this is the public visible ip address ( https://check-your-website.server-daten.de/?q=markethound20-dev.com ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
markethound20-dev.com A 66.96.162.150
Burlington/Massachusetts/US yes 1 0
AAAA yes
www.markethound20-dev.com A 66.96.162.150
Burlington/Massachusetts/US yes 1 0
AAAA yes

And

markethound20-dev.com
	•  ns1.domain.com / bosextdns13.eigbox.net

is the name server.

So check your name server entry and change it.

1 Like

Yes, it is my domain.

I’m not sure how I can change that information considering it isn’t showing anywhere that I can see to change it in Azure.

It’s your Domain management - DNS. There you should be able to change the ip address.

2 Likes

I’ve checked everywhere that I can for a DNS record that shows the 66.96.162.150 in Azure, but unfortunately it isn’t showing up anywhere. I also tore down the AKS clusters to make sure their DNS servers weren’t the problem, but still not able to resolve this issue.

There is a non-authoritative server out there that has the domain linked to that IP address, however. I can’t find where it is at. The only thing I could think of is that the Let’s Encrypt settings were still holding onto some record that it won’t get rid of.

I can’t verify the domain or do anything with it since the IP address is wrong. I tried using cert-manager again to see if it was something stuck with it, but instead I get a Unexpected response code ‘SERVFAIL’ for markethound20-dev.com.letsencrypt.vdeck.eigdyn.com, which google indicates that Let’s Encrypt is unable to process the certificate due to not being able to verify the domain.
I see the acme_challenge TXT record being created, but it won’t update the IP address to the one specified for the DNSZone.

The domain isn’t using Azure DNS.

markethound20-dev.com.  172800  IN      NS      ns1.domain.com.
markethound20-dev.com.  172800  IN      NS      ns2.domain.com.

Edit:

So the A record can probably be changed or removed in Domain.com’s control panel.

I’m unsure why Let’s Encrypt couldn’t resolve the _acme-challenge record set. It works for me.

_acme-challenge.markethound20-dev.com. 3600 IN CNAME markethound20-dev.com.letsencrypt.vdeck.eigdyn.com.
markethound20-dev.com.letsencrypt.vdeck.eigdyn.com. 1 IN TXT "chVxiPFesXwH65QL8crFgwSYv2DZxMpVvZVfM6vu3C8"
markethound20-dev.com.letsencrypt.vdeck.eigdyn.com. 1 IN TXT "TtqDot1wqX-8rebAyt-Itbr0ucUzS7KfTOjh0RMvBSI"
2 Likes

These are the repetitive messages I receive for the challenge record:
1 controller.go:206] challenges controller: syncing item ‘cert-manager/markethound20-cert-dev-959823159-0’
I0612 22:23:02.007207 1 dns.go:101] Checking DNS propagation for “markethound20-dev.com” using name servers: [10.0.0.10:53]
I0612 22:23:02.068279 1 wait.go:70] Updating FQDN: _acme-challenge.markethound20-dev.com. with it’s CNAME: markethound20-dev.com.letsencrypt.vdeck.eigdyn.com.
I0612 22:23:02.123128 1 sync.go:176] propagation check failed: Could not determine the zone for “markethound20-dev.com.letsencrypt.vdeck.eigdyn.com.”: Unexpected response code ‘SERVFAIL’ for markethound20-dev.com.letsencrypt.vdeck.eigdyn.com.

I’m going to see if I can talk to domain.com since I don’t have an account with them that I know of.

I’m working to see if I can get into the domain.com account for it to update the A record on their site. Thank you for the suggestions @mnordhoff and @JuergenAuer!! I appreciate all your help!

(Still not sure why you can validate the challenge record and I can’t though. :wink: )

1 Like

Oh, the SERVFAIL error is coming from your ACME client. I assumed it was coming from the CA.

That gives you more opportunity to debug it, but I don’t know how

Can you turn up a higher log level, or run tcpdump and see what DNS queries it’s making and what’s going on?