queryNs ESERVFAIL on one domain only
-
Hey,
I've got a weird problem adding a domain name where it comes up with the error message "queryNs ESERVFAIL". I've tried a few suggestions on here to fix it but nothing about it makes sense. The domain is not new, nor have the nameservers been changed recently. I have tried adding it both manually and using a DigitalOcean token which both give the same error. Running host -t NS shows the correct nameservers and the existing A records point to the Cloudron server. I've tried restarting various services and even the whole server. It's only affecting this specific domain name though. I tried adding a different domain name using Manual DNS and that added with no problem, so I'm at a loss. Wonder if anyone can shed some light on this?
-
@nebsekhem 127.0.0.150 is the internal unbound DNS. When you don't specify it, it uses the system DNS.
Can you try disabling DNSSEC or maybe forwarding queries for that specific domain to your other DNS server ? See https://docs.cloudron.io/networking/#dns
-
J joseph marked this topic as a question
-
So it turns out DNSSEC is the problem. Unbeknownst to me, the previous registrar had enabled DNSSEC by default, when I transferred the domain some time ago, the records were not removed when the new registrar updated the nameservers. As they don't have DNSSEC management and my DNS resolver doesn't validate DNSSEC, I didn't notice anything was amiss.
Thank you for your help with this! -
J joseph has marked this topic as solved