Unable to locate TXT record

Help
1

I have the domain "c01.red" with the following TXT records configured:

dig ns c01.red
; <<>> DiG 9.10.6 <<>> ns c01.red
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28567
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;c01.red.			IN	NS

;; ANSWER SECTION:
c01.red.		3599	IN	NS	ns1.c01.red.

;; Query time: 82 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Apr 28 20:36:23 +08 2021
;; MSG SIZE  rcvd: 54

dig @ns1.c01.red TXT _acme-challenge.c01.red
; <<>> DiG 9.10.6 <<>> @ns1.c01.red TXT _acme-challenge.c01.red
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16466
;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;_acme-challenge.c01.red.	IN	TXT

;; ANSWER SECTION:
_acme-challenge.c01.red. 604800	IN	TXT	"dDF-UaCdp0mzpKHJJoSaPPEjcq7LfWlZKHYlrbxb5dw"

;; Query time: 15 msec
;; SERVER: 18.136.214.207#53(18.136.214.207)
;; WHEN: Wed Apr 28 20:37:19 +08 2021
;; MSG SIZE  rcvd: 97

Certbot claims that LetsEncrypt is unable to locate the TXT record for _acme-challenge.c01.red. Looking at the results from https://unboundtest.com/m/TXT/_acme-challenge.c01.red/3UV64NRI, that appears to be the case as well but I am not sure what the cause of the problem is.

Any ideas? Thanks!

2

Your DNS servers seem really weird to me:

https://dnsviz.net/d/c01.red/dnssec/

I think one big problem is that they don't respond over TCP, and Let's Encrypt (and unboundtest) use a buffer size of 512 for UDP, so it's trying to switch to TCP which your server doesn't support.

 dig +trace TXT +bufsize=512 _acme-challenge.c01.red

Shows me it finding the IP of your name server, but at the end shows

;; Connection to 18.136.214.207#53(18.136.214.207) for _acme-challenge.c01.red failed: timed out.

I don't think that's all your problem, though, as DNSViz also says this:

red to c01.red: The following NS name(s) were found in the delegation NS RRset (i.e., in the red zone), but not in the authoritative NS RRset: ns2.c01.red

Which sounds like your ns2 nameserver isn't configured right at all.

3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.