queryNs ESERVFAIL on one domain only
-
wrote on Feb 10, 2025, 11:07 PM last edited by joseph Feb 12, 2025, 6:23 AM
Hey,
I've got a weird problem adding a domain name where it comes up with the error message "queryNs ESERVFAIL". I've tried a few suggestions on here to fix it but nothing about it makes sense. The domain is not new, nor have the nameservers been changed recently. I have tried adding it both manually and using a DigitalOcean token which both give the same error. Running host -t NS shows the correct nameservers and the existing A records point to the Cloudron server. I've tried restarting various services and even the whole server. It's only affecting this specific domain name though. I tried adding a different domain name using Manual DNS and that added with no problem, so I'm at a loss. Wonder if anyone can shed some light on this?
-
wrote on Feb 11, 2025, 3:34 PM last edited by
I get not found: 2(SERVFAIL) when I specify 127.0.0.150. If I don't specify that it shows the correct DNS servers. The domain resolves, it even loads the default cloudron page.
-
@nebsekhem 127.0.0.150 is the internal unbound DNS. When you don't specify it, it uses the system DNS.
Can you try disabling DNSSEC or maybe forwarding queries for that specific domain to your other DNS server ? See https://docs.cloudron.io/networking/#dns
-
-
wrote on Feb 12, 2025, 12:38 PM last edited by
So it turns out DNSSEC is the problem. Unbeknownst to me, the previous registrar had enabled DNSSEC by default, when I transferred the domain some time ago, the records were not removed when the new registrar updated the nameservers. As they don't have DNSSEC management and my DNS resolver doesn't validate DNSSEC, I didn't notice anything was amiss.
Thank you for your help with this! -