diff --git a/ceod/model/VHostManager.py b/ceod/model/VHostManager.py
index 1d91a36..747520b 100644
--- a/ceod/model/VHostManager.py
+++ b/ceod/model/VHostManager.py
@@ -110,17 +110,21 @@ class VHostManager:
             # not implemented: check domain name exists?
             # look up for TXT record `csc-verification` at root
             rootname = tldextract.extract(domain).registered_domain
-            records = dns.resolver.resolve(rootname, "TXT").rrset
-            if records is None:
+            try:
+                records = dns.resolver.resolve(rootname, "TXT").rrset
+                for x in records:
+                    if record in x.to_text():
+                        print(f"found correct`csc-verification` record at {rootname}")
+                        return True
+
+            except dns.resolver.NoAnswer as e:
+                if "The DNS response does not contain an answer to the question: . IN TXT" not in repr(e):
+                    raise
+
                 # TODO: handle errors separately, return errors to user
                 print(f"{rootname} does not contain any TXT records.")
                 return False
 
-            for x in records:
-                if record in x.to_text():
-                    print(f"found correct`csc-verification` record at {rootname}")
-                    return True
-
             print(f"cannot find a `csc-verification` record at {rootname}")
 
             return False  # deny by default
diff --git a/requirements.txt b/requirements.txt
index dbf8cab..568e421 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
 click==8.1.3
 cryptography==35.0.0
-dnspython==2.2.1
+dnspython==2.4.2
 Flask==2.1.2
 gssapi==1.6.14
 gunicorn==20.1.0
@@ -11,7 +11,7 @@ psycopg2==2.9.1
 python-augeas==1.1.0
 requests==2.26.0
 requests-gssapi==1.2.3
-tldextract==3.4.0
+tldextract==5.0.1
 urwid==2.1.2
 Werkzeug==2.1.2
 zope.component==5.0.1