Symptoms
When accessing Email Deliverability in WHM or cPanel to manage a domain, the following is seen with "timeout!".
The system failed to complete validation of “yourdomain.com”’s “DKIM” because of an error: (XID mctmch) DNS query (default._domainkey.yourdomain.com/TXT) timeout!
Similar for SPF as well.
The system failed to complete validation of “yourdomain.com”’s “SPF” because of an error: (XID uys7kv) DNS query (yourdomain.com/TXT) timeout!
Description
The error indicates that the cPanel server cannot query the domain's authoritative name servers configured at the registrar. This often occurs because of either local firewall rules or external firewalls blocking these connections.
Workaround
There isn't anything that can be done via cPanel or WHM to alleviate this, but if there is a software-based firewall, that firewall should be checked to ensure outbound UDP and TCP port 53 are allowed and/or that the IPs of the name servers are not denied. It's also possible you may need to contact your service provider.
Using the dig command, you can test queries from the cPanel server to see what is occurring. You can do this manually by querying the ROOT DNS servers and then the top level domain name servers, and then the authoritative DNS servers or using dig with trace.
The following command, for example, will trace the query from the root DNS server to the authoritative DNS servers, and if there are timeouts, those will be evident in the output.
dig cpanel.net +trace
Example normal output.
# dig cpanel.net +trace
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.10 <<>> cpanel.net +trace
;; global options: +cmd
. 480255 IN NS e.root-servers.net.
. 480255 IN NS h.root-servers.net.
. 480255 IN NS l.root-servers.net.
. 480255 IN NS i.root-servers.net.
. 480255 IN NS a.root-servers.net.
. 480255 IN NS d.root-servers.net.
. 480255 IN NS c.root-servers.net.
. 480255 IN NS b.root-servers.net.
. 480255 IN NS j.root-servers.net.
. 480255 IN NS k.root-servers.net.
. 480255 IN NS g.root-servers.net.
. 480255 IN NS m.root-servers.net.
. 480255 IN NS f.root-servers.net.
. 480255 IN RRSIG NS 8 0 518400 20221116200000 20221103190000 18733 . rVsDiGUA73jI0n2mRh0BbEGY0lLBRZ0HsPZBtI6wfUPCfWb+JGSjwUwP WNnukFVkRSH9YwRUp8s0qQHdwO7v8DfF/PqwHVXdFLX9fyHrkn3eIGvx lUEpmLlSM0FjX96HGqBONviYYU2QKafmum/un8yNhUrlZvPz+bBCU+2X amc34KXvVmKymK9hSD6IgGNhmoS/SJSg2NnNSzST2NQdCrKp7wXy20rt f7qSNaqTOXWzlhrphzVjSSAyluhPkRKIDTvQCnV/rYJGfQkAo3LBsFyO AVk2brwwGKlmxEVqy4pIA8gRZHnuVf2gk5q5Qz3eIU99v1D0Ji1IRu2V hj0XFQ==
;; Received 525 bytes from 10.0.18.100#53(10.0.18.100) in 1 ms
net. 172800 IN NS a.gtld-servers.net.
net. 172800 IN NS b.gtld-servers.net.
net. 172800 IN NS c.gtld-servers.net.
net. 172800 IN NS d.gtld-servers.net.
net. 172800 IN NS e.gtld-servers.net.
net. 172800 IN NS f.gtld-servers.net.
net. 172800 IN NS g.gtld-servers.net.
net. 172800 IN NS h.gtld-servers.net.
net. 172800 IN NS i.gtld-servers.net.
net. 172800 IN NS j.gtld-servers.net.
net. 172800 IN NS k.gtld-servers.net.
net. 172800 IN NS l.gtld-servers.net.
net. 172800 IN NS m.gtld-servers.net.
net. 86400 IN DS 35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8BD973EE
net. 86400 IN RRSIG DS 8 1 86400 20221117050000 20221104040000 18733 . nbt7R9Ao2duW03PoUcH9j72NUzA4/foAuvRnsABDtB8/zaXJwUy9irjg PbbZOCfvPaiYMHIvr9mEBpq/bUj5di7mplzoriwcYEmV8UtV+h1TZ2DT a1h50YnAtiOyLxiB4a9cdt+cHoyS101fkNkwEMZtEPmfRcSQ8Oe3T+L8 YjO5xj5srtn+I/zxKsDr3rTHGT2ofZQa9wTsUjfaboFLs6m268jGpYFa ndoCjiQp5g5Q8VmGZtqKnKb3xIPI124iDXe2iDfTFfggE5EippMvTbrA hwGCgIpJ1JHPzC/5vlvgWTr4XZXx2Z3qWOb3dJZIqiMzdTnnsvbKQ+QS 7C5eMQ==
;; Received 1167 bytes from 199.7.83.42#53(l.root-servers.net) in 33 ms
cpanel.net. 172800 IN NS c.cpanel.net.
cpanel.net. 172800 IN NS hg.cpanel.net.
cpanel.net. 172800 IN NS mn.cpanel.net.
cpanel.net. 172800 IN NS ns.cpanel.net.
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 - A1RTLNPGULOGN7B9A62SHJE1U3TTP8DR NS SOA RRSIG DNSKEY NSEC3PARAM
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20221111072530 20221104051530 57635 net. J0JLT0okUKMtCjMaHZdH8JcN7v3PCOwSeNI8bp44Sea+wgJdQxxE03M8 X4bWpDCHkgNyrUCEKGzatMQYSLvG5sK6wiE+wepc++ed194tgFJBY0FU Vnz0t+c5JcMY42hY0eLTi478Q+RPHOroAi7QC98vtitdPwW9J+EGBmVp 6pahIP83snSkSYWkz7O4AvzMqIM5dhh99KAvGAVjPCtmXw==
BL8BVPPKB6SDVNNH6V1B4NCH2A2KSRVT.net. 86400 IN NSEC3 1 1 0 - BL8EG8FO3RS8IAORKG4B1AVUV8UDR5G4 NS DS RRSIG
BL8BVPPKB6SDVNNH6V1B4NCH2A2KSRVT.net. 86400 IN RRSIG NSEC3 8 2 86400 20221108072722 20221101051722 57635 net. FwC5HC6Kg7PI2cSDJHEj4vGIYBznHrYJIemJVwIlmXmG7X/k6e6wgUQP MmNz8evIlF9/nqsDS+otvB0Mgtopv82t0UnVRBuMMZWwZrzB/NtEIUav jqPYO4vET4LrkdNbU9mJOiRYewpCkt7JVYFc3wbQzlzkQ5heehuFK8ER ZzCAJO4K0ffH6wIGzyKPLhJqndxRh7PjnqdMxV9cbd+luQ==
;; Received 803 bytes from 192.54.112.30#53(h.gtld-servers.net) in 40 ms
cpanel.net. 300 IN A 208.74.123.84
cpanel.net. 300 IN A 208.74.121.151
cpanel.net. 14400 IN NS mn.cpanel.net.
cpanel.net. 14400 IN NS c.cpanel.net.
cpanel.net. 14400 IN NS hg.cpanel.net.
;; Received 253 bytes from 208.74.121.57#53(hg.cpanel.net) in 1 ms
#
Any timeouts seen here need to be corrected and are outside our software. The issue would be with a local software based firewall or an external firewall not allowing those connections.