Trouble with DNS and IP Listing

I’m having trouble with a DNS resolving to the wrong IP address and I’m wondering if it is because of Cert-Manager and Let’s Encrypt/ACME that I tried to use with my Azure kubernetes service.

I originally tried to use Cert-Manager and Let’s Encrypt for my AKS ingress so that it could be verified, but unfortunately it wasn’t working because of being a private DNSZone in Azure. I removed the Cert-Manager pods and setup, plus deleted the cluster to start over. However, when I look up, using digwebinterface, it resolves to an IP address of I used and other things to find out that it is which is Endurance International Group, who is a domain provider.

I’m not seeing anything besides that with as a name, so I’m wondering if something is stuck since I tried to use it with Cert-Manager.

Is there a way I can verify this? Is there a way I can delete the domain, account, or whatever else if it is true that it is stuck with ACME/Let’s Encrypt?

Thank you for the assistance!

Hi @jtmoney1996

is your domain?

If yes, this is the public visible ip address ( ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout A
Burlington/Massachusetts/US yes 1 0
AAAA yes A
Burlington/Massachusetts/US yes 1 0
AAAA yes

	• /

is the name server.

So check your name server entry and change it.

1 Like

Yes, it is my domain.

I’m not sure how I can change that information considering it isn’t showing anywhere that I can see to change it in Azure.

It's your Domain management - DNS. There you should be able to change the ip address.


I’ve checked everywhere that I can for a DNS record that shows the in Azure, but unfortunately it isn’t showing up anywhere. I also tore down the AKS clusters to make sure their DNS servers weren’t the problem, but still not able to resolve this issue.

There is a non-authoritative server out there that has the domain linked to that IP address, however. I can’t find where it is at. The only thing I could think of is that the Let’s Encrypt settings were still holding onto some record that it won’t get rid of.

I can’t verify the domain or do anything with it since the IP address is wrong. I tried using cert-manager again to see if it was something stuck with it, but instead I get a Unexpected response code ‘SERVFAIL’ for, which google indicates that Let’s Encrypt is unable to process the certificate due to not being able to verify the domain.
I see the acme_challenge TXT record being created, but it won’t update the IP address to the one specified for the DNSZone.

The domain isn’t using Azure DNS.  172800  IN      NS  172800  IN      NS


So the A record can probably be changed or removed in’s control panel.

I’m unsure why Let’s Encrypt couldn’t resolve the _acme-challenge record set. It works for me. 3600 IN CNAME 1 IN TXT "chVxiPFesXwH65QL8crFgwSYv2DZxMpVvZVfM6vu3C8" 1 IN TXT "TtqDot1wqX-8rebAyt-Itbr0ucUzS7KfTOjh0RMvBSI"

These are the repetitive messages I receive for the challenge record:
1 controller.go:206] challenges controller: syncing item ‘cert-manager/markethound20-cert-dev-959823159-0’
I0612 22:23:02.007207 1 dns.go:101] Checking DNS propagation for “” using name servers: []
I0612 22:23:02.068279 1 wait.go:70] Updating FQDN: with it’s CNAME:
I0612 22:23:02.123128 1 sync.go:176] propagation check failed: Could not determine the zone for “”: Unexpected response code ‘SERVFAIL’ for

I’m going to see if I can talk to since I don’t have an account with them that I know of.

I’m working to see if I can get into the account for it to update the A record on their site. Thank you for the suggestions @mnordhoff and @JuergenAuer!! I appreciate all your help!

(Still not sure why you can validate the challenge record and I can’t though. :wink: )

1 Like

Oh, the SERVFAIL error is coming from your ACME client. I assumed it was coming from the CA.

That gives you more opportunity to debug it, but I don't know how...

Can you turn up a higher log level, or run tcpdump and see what DNS queries it's making and what's going on?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.