Trouble with DNS and IP Listing

I’m having trouble with a DNS resolving to the wrong IP address and I’m wondering if it is because of Cert-Manager and Let’s Encrypt/ACME that I tried to use with my Azure kubernetes service.

I originally tried to use Cert-Manager and Let’s Encrypt for my AKS ingress so that it could be verified, but unfortunately it wasn’t working because of being a private DNSZone in Azure. I removed the Cert-Manager pods and setup, plus deleted the cluster to start over. However, when I look up markethound20-dev.com, using digwebinterface, it resolves to an IP address of 66.96.162.150. I used mxtoolbox.com and other things to find out that it is eigbox.net which is Endurance International Group, who is a domain provider.

I’m not seeing anything besides that with markethound20-dev.com as a name, so I’m wondering if something is stuck since I tried to use it with Cert-Manager.

Is there a way I can verify this? Is there a way I can delete the domain, account, or whatever else if it is true that it is stuck with ACME/Let’s Encrypt?

Thank you for the assistance!

Hi @jtmoney1996

is markethound20-dev.com your domain?

If yes, this is the public visible ip address ( https://check-your-website.server-daten.de/?q=markethound20-dev.com ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
markethound20-dev.com A 66.96.162.150
Burlington/Massachusetts/US yes 1 0
AAAA yes
www.markethound20-dev.com A 66.96.162.150
Burlington/Massachusetts/US yes 1 0
AAAA yes

And

markethound20-dev.com
	•  ns1.domain.com / bosextdns13.eigbox.net

is the name server.

So check your name server entry and change it.

1 Like

Yes, it is my domain.

I’m not sure how I can change that information considering it isn’t showing anywhere that I can see to change it in Azure.

It’s your Domain management - DNS. There you should be able to change the ip address.

2 Likes

I’ve checked everywhere that I can for a DNS record that shows the 66.96.162.150 in Azure, but unfortunately it isn’t showing up anywhere. I also tore down the AKS clusters to make sure their DNS servers weren’t the problem, but still not able to resolve this issue.

There is a non-authoritative server out there that has the domain linked to that IP address, however. I can’t find where it is at. The only thing I could think of is that the Let’s Encrypt settings were still holding onto some record that it won’t get rid of.

I can’t verify the domain or do anything with it since the IP address is wrong. I tried using cert-manager again to see if it was something stuck with it, but instead I get a Unexpected response code ‘SERVFAIL’ for markethound20-dev.com.letsencrypt.vdeck.eigdyn.com, which google indicates that Let’s Encrypt is unable to process the certificate due to not being able to verify the domain.
I see the acme_challenge TXT record being created, but it won’t update the IP address to the one specified for the DNSZone.

The domain isn’t using Azure DNS.

markethound20-dev.com.  172800  IN      NS      ns1.domain.com.
markethound20-dev.com.  172800  IN      NS      ns2.domain.com.

Edit:

So the A record can probably be changed or removed in Domain.com’s control panel.

I’m unsure why Let’s Encrypt couldn’t resolve the _acme-challenge record set. It works for me.

_acme-challenge.markethound20-dev.com. 3600 IN CNAME markethound20-dev.com.letsencrypt.vdeck.eigdyn.com.
markethound20-dev.com.letsencrypt.vdeck.eigdyn.com. 1 IN TXT "chVxiPFesXwH65QL8crFgwSYv2DZxMpVvZVfM6vu3C8"
markethound20-dev.com.letsencrypt.vdeck.eigdyn.com. 1 IN TXT "TtqDot1wqX-8rebAyt-Itbr0ucUzS7KfTOjh0RMvBSI"
2 Likes

These are the repetitive messages I receive for the challenge record:
1 controller.go:206] challenges controller: syncing item ‘cert-manager/markethound20-cert-dev-959823159-0’
I0612 22:23:02.007207 1 dns.go:101] Checking DNS propagation for “markethound20-dev.com” using name servers: [10.0.0.10:53]
I0612 22:23:02.068279 1 wait.go:70] Updating FQDN: _acme-challenge.markethound20-dev.com. with it’s CNAME: markethound20-dev.com.letsencrypt.vdeck.eigdyn.com.
I0612 22:23:02.123128 1 sync.go:176] propagation check failed: Could not determine the zone for “markethound20-dev.com.letsencrypt.vdeck.eigdyn.com.”: Unexpected response code ‘SERVFAIL’ for markethound20-dev.com.letsencrypt.vdeck.eigdyn.com.

I’m going to see if I can talk to domain.com since I don’t have an account with them that I know of.

I’m working to see if I can get into the domain.com account for it to update the A record on their site. Thank you for the suggestions @mnordhoff and @JuergenAuer!! I appreciate all your help!

(Still not sure why you can validate the challenge record and I can’t though. :wink: )

1 Like

Oh, the SERVFAIL error is coming from your ACME client. I assumed it was coming from the CA.

That gives you more opportunity to debug it, but I don’t know how

Can you turn up a higher log level, or run tcpdump and see what DNS queries it’s making and what’s going on?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.