queryNs ESERVFAIL example.com - on all domains?

jayonrails

Hi,

I cannot change the DNS Server settings in my domain settings for a domain, because Cloudron says:

queryNs ESERVFAIL example.com

When trying on the terminal as stated here:

@girish said in Domain setup shows 'queryNs ESERVFAIL':

@SignalScout On the server, please try host -t NS example.com 127.0.0.1 . Does that work? Sometimes, it takes a bit for the NS of a new domain to propagate. One just has to wait it out.

root@my ~ # host -t NS example.com
example.com name server root-dns.netcup.net.
example.com name server third-dns.netcup.net.
example.com name server second-dns.netcup.net.
root@my ~ # host -t NS example.com 127.0.0.1
;; communications error to 127.0.0.1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
;; no servers could be reached

I don't know how to fix that, I cannot get my domains running. The result is the same for all domains, so I think it is a general error on my server.

How to get deeper on this?

Troubleshooter says:

root@my ~ # cloudron-support --troubleshoot
Vendor: Hetzner Product:
Linux: 6.8.0-52-generic
Ubuntu: noble 24.04
Processor: AMD Ryzen 5 3600 6-Core Processor
BIOS AMD Ryzen 5 3600 6-Core Processor Unknown CPU @ 3.6GHz x 12
RAM: 65758340KB
Disk: /dev/md2 26G
[OK] node version is correct
[OK] IPv6 is enabled and public IPv6 address is working
[OK] docker is running
[OK] docker version is correct
[OK] MySQL is running
[OK] nginx is running
[OK] dashboard cert is valid
[OK] dashboard is reachable via loopback
[OK] box v8.2.4 is running
[OK] netplan is good
[OK] DNS is resolving via systemd-resolved
[OK] Dashboard is reachable via domain name
[WARN] Domain example-host.de expiry check skipped because whois does not have this information
[OK] unbound is running

I am lost and don't know what to do next, I appreciate any tips on this.

Best
Jay

joseph

@jayonrails host -t NS example.com 127.0.0.1 is obsolete from Cloudron 8.2 . This is not expected to work.

• host -t NS example.com - this should also work. this is system dns
• host -t NS example.com 127.0.0.150 - this should work. this is unbound

jayonrails

Thanks for clarification. This works, but doesn't solve the problem that I cannot add new domains to Cloudron with the error

queryNs ESERVFAIL example.com

Any idea on that?

joseph

@jayonrails So both commands work but still you get ESERVFAIL . Hmmm... Does this happen for all your domains or just a single one? Cloudron is internally querying host -t NS example.com 127.0.0.150 , not sure how the output can be different

jayonrails

Thanks for the information, I will wait for one day for all the DNS changes to take place and then try again.

joseph

@jayonrails sounds good. Otherwise, if both commands work and things are still failing, please send a mail to support@cloudron.io to debug this further. Can't see how it fails.

ImatBagjaGumilar

I have the same problem. I can't add my new domain. I usually use bunny to add domains, including the apikey from bunny and the domain from namecheap. Usually, propagation is quite easy and fast for namecheap. But it's been 2 days since I can't add my domain.

joseph

@ImatBagjaGumilar can you check host -t NS <domain.com> 127.0.0.150 on your server? You can also try to run cloudron-support --troubleshoot to check if DNS is working on the server.

mattewwade06

@jayonrails said in queryNs ESERVFAIL example.com - on all domains?:

Hi,

I cannot change the DNS Server settings in my domain settings for a domain, because Cloudron says:

queryNs ESERVFAIL example.com

When trying on the terminal as stated here:

@girish said in Domain setup shows 'queryNs ESERVFAIL':

@SignalScout On the server, please try host -t NS example.com 127.0.0.1 . Does that work? Sometimes, it takes a bit for the NS of a new domain to propagate. One just has to wait it out.

root@my ~ # host -t NS example.com
example.com name server root-dns.netcup.net.
example.com name server third-dns.netcup.net.
example.com name server second-dns.netcup.net.
root@my ~ # host -t NS example.com 127.0.0.1
;; communications error to 127.0.0.1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
;; no servers could be reached

I don't know how to fix that, I cannot get my domains running. The result is the same for all domains, so I think it is a general error on my server.

How to get deeper on this?

Troubleshooter says:

root@my ~ # cloudron-support --troubleshoot
Vendor: Hetzner Product:
Linux: 6.8.0-52-generic
Ubuntu: noble 24.04
Processor: AMD Ryzen 5 3600 6-Core Processor
BIOS AMD Ryzen 5 3600 6-Core Processor Unknown CPU @ 3.6GHz x 12
RAM: 65758340KB
Disk: /dev/md2 26G
[OK] node version is correct
[OK] IPv6 is enabled and public IPv6 address is working
[OK] docker is running
[OK] docker version is correct
[OK] MySQL is running
[OK] nginx is running
[OK] dashboard cert is valid
[OK] dashboard is reachable via loopback
[OK] box v8.2.4 is running
[OK] netplan is good
[OK] DNS is resolving via systemd-resolved
[OK] Dashboard is reachable via domain name
[WARN] Domain example-host.de and real estate agents london expiry check skipped because whois does not have this information
[OK] unbound is running

I am lost and don't know what to do next, I appreciate any tips on this.

Best
Jay

Thanks for bringing this up. An SERVFAIL on all domains usually points to either a misconfiguration in DNS settings or an upstream resolver issue. Double-checking the domain’s authoritative nameservers and ensuring there’s no DNSSEC misconfiguration often helps. Curious to know if you already tested with an external tool like dig or nslookup outside of Cloudron to see if the problem persists?