DNS Returned "SERVFAIL" and AutoSSL says domains not managed
Answered
So, I tried the "get_nameservers_for_domain("domain.com")" and received the message "DNS query failure code 2 "SERVFAIL" in response to NS records. I am new to DNS management and I feel like I'm a little over my head on this one. I have an account set up with a domain name and the web server is serving the page and is currently under self-signed SSL. I wanted to attach it to be taken care of by AutoSSL with Let's Encrypt, but when I try, I get a lot on the logs...
Log for the AutoSSL run for “oneclickpic”: Wednesday, February 5, 2025 5:36:26 PM GMT-0600 (Let’s Encrypt™)
-
Hey there! Can you try the command posted here to see if that shows any odd behavior with the DNS? https://support.cpanel.net/hc/en-us/articles/6041680688279-AutoSSL-error-domain-tld-is-unmanaged-Verify-this-domain-s-registration-and-authoritative-nameserver-configuration-to-correct-this-problem
0 -
So, here's what I got:
for i in {a..m}; do echo -n "$i.root-servers.net: "; dig -4 "$i".root-servers.net @"$i".root-servers.net +short;done
a.root-servers.net: dig: couldn't get address for 'a.root-servers.net': failure
b.root-servers.net: dig: couldn't get address for 'b.root-servers.net': failure
c.root-servers.net: dig: couldn't get address for 'c.root-servers.net': failure
d.root-servers.net: dig: couldn't get address for 'd.root-servers.net': failure
e.root-servers.net: dig: couldn't get address for 'e.root-servers.net': failure
f.root-servers.net: dig: couldn't get address for 'f.root-servers.net': failure
g.root-servers.net: dig: couldn't get address for 'g.root-servers.net': failure
h.root-servers.net: dig: couldn't get address for 'h.root-servers.net': failure
i.root-servers.net: dig: couldn't get address for 'i.root-servers.net': failure
j.root-servers.net: dig: couldn't get address for 'j.root-servers.net': failure
k.root-servers.net: dig: couldn't get address for 'k.root-servers.net': failure
l.root-servers.net: dig: couldn't get address for 'l.root-servers.net': failure
m.root-servers.net: dig: couldn't get address for 'm.root-servers.net': failure0 -
That's going to be an issue for sure. Can you run this command post the results?
cat /etc/resolv.conf
0 -
This is what I have.
nameserver 66.11.XXX.XXX
nameserver 66.11.XXX.XXX0 -
Thanks for that information - you'll want to contact your host and let them know those resolvers aren't able to access the root-level nameservers listed above. They will either be able to fix that for you, or provider you with a different set of resolvers you can place in that configuration file to fix the issue.
0 -
The only issue there is I am the host. I have the metal license and my machine is sitting next to me. The IP addresses shown is the IP address that is dedicated from my ISP. It's weird because the server pages are being served, the web site I added is working, it's domain name pulls up the online index.php page I created, but I have this issue.
0 -
Ah, that won't work then :D
You'll need to use the Google public resolvers. Make that file look like this:
nameserver 8.8.8.8
nameserver 8.8.4.4and see if that changes the behavior of the root nameserver lookup.
0 -
"Make that file look like this:"
Sorry to be dense, but which file are you referencing?
0 -
Sorry if that wasn't clear - you'll need to edit the /etc/resolv.conf file and adjust it to use those public nameservers. After that, I would expect the DNS resolution to work better.
0 -
All right, made the changes and restarted powerdns. I checked on intodns.com and got all good with the exception being the reverse MX A records, which states that there are no reverse DNS (PTR) entries. I tried to add that in to my system, but it doesn't seem to be working. I created a zone called 179.242.11.66.in-addr.arpa but and created the PTR record but it's not working. Almost there I think.
0 -
You don't need to restart any services to make this change. This also wouldn't change any of the settings on public DNS that intodns would be able to scan.
You won't be able to create a reverse DNS record using a home network, as your ISP won't let you do that.
0 -
So the ISP will need to add the reverse DNS record (ptr) file to my IP address? So they would just need the domain to point it to to add it on their end? Or do they need something else? (Sorry, being dense again, but I think it's the hostname they need. Could I get verification on that?)
0 -
Yes, if they are willing to make that adjustment for you it would be the hostname that you'd want to use.
0 -
Thank you so much! You've been super great! I guess this one can be marked solved! :)
0 -
Thanks for the kind words - hopefully they are able to do that, but depending on your service plan they may not provide that rDNS service, but I do hope that works out as well!
1
Please sign in to leave a comment.
Comments
15 comments