<div dir="auto"><div>Hello!</div><div dir="auto"><br></div><div dir="auto"><a href="http://icfd3.org">icfd3.org</a> and <a href="http://icdf3.org">icdf3.org</a> 🙂</div><div dir="auto"><br></div><div dir="auto">Looks like these are two different domain names.<br><br><div data-smartmail="gmail_signature" dir="auto">Kind regards,<br>       Sinisa "Sonny" Burina</div><br><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">On Mon, Dec 5, 2022, 12:58 Tony Annese via Pdns-users <<a href="mailto:pdns-users@mailman.powerdns.com">pdns-users@mailman.powerdns.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="m_-6835085240545046230WordSection1">
<p class="MsoNormal"><span style="font-size:10.5pt">So PDNS is reporting these CNAMEs as errors/being out of zone<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"><u></u>Â <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:Consolas">root@nspower:~# pdnsutil check-zone <a href="http://icfd3.org" target="_blank" rel="noreferrer">icfd3.org</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:Consolas">Dec 05 09:42:24 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:Consolas">[Error] Record '<a href="http://enterpriseenrollment.icdf3.org" target="_blank" rel="noreferrer">enterpriseenrollment.icdf3.org</a> IN CNAME <a href="http://enterpriseenrollment.manage.microsoft.com" target="_blank" rel="noreferrer">enterpriseenrollment.manage.microsoft.com</a>' in zone '<a href="http://icfd3.org" target="_blank" rel="noreferrer">icfd3.org</a>' is out-of-zone.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:Consolas">[Error] Record '<a href="http://enterpriseregistration.icdf3.org" target="_blank" rel="noreferrer">enterpriseregistration.icdf3.org</a> IN CNAME <a href="http://enterpriseregistration.windows.net" target="_blank" rel="noreferrer">enterpriseregistration.windows.net</a>' in zone '<a href="http://icfd3.org" target="_blank" rel="noreferrer">icfd3.org</a>' is out-of-zone.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:Consolas">[Error] Record '<a href="http://lyncdiscover.icdf3.org" target="_blank" rel="noreferrer">lyncdiscover.icdf3.org</a> IN CNAME <a href="http://webdir.online.lync.com" target="_blank" rel="noreferrer">webdir.online.lync.com</a>' in zone '<a href="http://icfd3.org" target="_blank" rel="noreferrer">icfd3.org</a>' is out-of-zone.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:Consolas">[Error] Record 'selector1._<a href="http://domainkey.icdf3.org" target="_blank" rel="noreferrer">domainkey.icdf3.org</a> IN CNAME selector1-icfd3-org._<a href="http://domainkey.SouthWhidbeyFE.onmicrosoft.com" target="_blank" rel="noreferrer">domainkey.SouthWhidbeyFE.onmicrosoft.com</a>' in zone '<a href="http://icfd3.org" target="_blank" rel="noreferrer">icfd3.org</a>' is out-of-zone.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:Consolas">[Error] Record 'selector2._<a href="http://domainkey.icdf3.org" target="_blank" rel="noreferrer">domainkey.icdf3.org</a> IN CNAME selector2-icfd3-org._<a href="http://domainkey.SouthWhidbeyFE.onmicrosoft.com" target="_blank" rel="noreferrer">domainkey.SouthWhidbeyFE.onmicrosoft.com</a>' in zone '<a href="http://icfd3.org" target="_blank" rel="noreferrer">icfd3.org</a>' is out-of-zone.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:Consolas">[Error] Record '<a href="http://sip.icdf3.org" target="_blank" rel="noreferrer">sip.icdf3.org</a> IN CNAME <a href="http://sipdir.online.lync.com" target="_blank" rel="noreferrer">sipdir.online.lync.com</a>' in zone '<a href="http://icfd3.org" target="_blank" rel="noreferrer">icfd3.org</a>' is out-of-zone.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:Consolas">[Error] Record '_sip._<a href="http://tls.icdf3.org" target="_blank" rel="noreferrer">tls.icdf3.org</a> IN SRV 100 1 443 <a href="http://sipdir.online.lync.com" target="_blank" rel="noreferrer">sipdir.online.lync.com</a>' in zone '<a href="http://icfd3.org" target="_blank" rel="noreferrer">icfd3.org</a>' is out-of-zone.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:Consolas">[Error] Record '_sipfederationtls._<a href="http://tcp.icdf3.org" target="_blank" rel="noreferrer">tcp.icdf3.org</a> IN SRV 100 1 5061 <a href="http://sipfed.online.lync.com" target="_blank" rel="noreferrer">sipfed.online.lync.com</a>' in zone '<a href="http://icfd3.org" target="_blank" rel="noreferrer">icfd3.org</a>' is out-of-zone.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:Consolas">Checked 31 records of '<a href="http://icfd3.org" target="_blank" rel="noreferrer">icfd3.org</a>', 8 errors, 0 warnings.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt"><u></u>Â <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">So how do I tell PDNS to allow out-of-zone CNAME (and SRV) records?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u>Â <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><u></u>Â <u></u></span></p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span lang="DE" style="font-size:12.0pt;color:black">From:
</span></b><span lang="DE" style="font-size:12.0pt;color:black">Pdns-users <<a href="mailto:pdns-users-bounces@mailman.powerdns.com" target="_blank" rel="noreferrer">pdns-users-bounces@mailman.powerdns.com</a>> on behalf of Markus Ehrlicher via Pdns-users <<a href="mailto:pdns-users@mailman.powerdns.com" target="_blank" rel="noreferrer">pdns-users@mailman.powerdns.com</a>><br>
<b>Date: </b>Monday, December 5, 2022 at 3:36 AM<br>
<b>To: </b>'<a href="mailto:pdns-users@mailman.powerdns.com" target="_blank" rel="noreferrer">pdns-users@mailman.powerdns.com</a>' <<a href="mailto:pdns-users@mailman.powerdns.com" target="_blank" rel="noreferrer">pdns-users@mailman.powerdns.com</a>><br>
<b>Subject: </b>Re: [Pdns-users] CNAME Resoluion<u></u><u></u></span></p>
</div>
<p class="MsoNormal"><span lang="DE" style="font-size:11.0pt;color:#1f497d">Hello,</span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="DE" style="font-size:11.0pt;color:#1f497d">Â </span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="DE" style="font-size:11.0pt;color:#1f497d">what does „pdnsutil check-zone <a href="http://icfd3.org" target="_blank" rel="noreferrer">icfd3.org</a>“ on the Master say?</span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="DE" style="font-size:11.0pt;color:#1f497d">Â </span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="DE" style="font-size:11.0pt;color:#1f497d">best regards,</span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="DE" style="font-size:11.0pt;color:#1f497d">Markus</span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="DE" style="font-size:11.0pt;color:#1f497d">Â </span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span lang="DE" style="font-size:11.0pt">Von:</span></b><span lang="DE" style="font-size:11.0pt"> Pdns-users <<a href="mailto:pdns-users-bounces@mailman.powerdns.com" target="_blank" rel="noreferrer">pdns-users-bounces@mailman.powerdns.com</a>>
<b>Im Auftrag von </b>Tony Annese via Pdns-users<br>
<b>Gesendet:</b> Montag, 5. Dezember 2022 12:20<br>
<b>An:</b> <a href="mailto:pdns-users@mailman.powerdns.com" target="_blank" rel="noreferrer">pdns-users@mailman.powerdns.com</a><br>
<b>Betreff:</b> Re: [Pdns-users] CNAME Resoluion<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="DE" style="font-size:11.0pt">Â <u></u><u></u></span></p>
<table border="1" cellpadding="0" width="100%" style="width:100.0%;border:solid #ffd966 2.25pt">
<tbody>
<tr>
<td width="125" style="width:93.75pt;border:solid white 2.25pt;background:#0095a6;padding:3.75pt 3.75pt 3.75pt 3.75pt">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:white">Externe E-Mail</span></b><span style="font-size:11.0pt"><u></u><u></u></span></p>
</td>
<td style="border:solid white 2.25pt;background:white;padding:3.75pt 0in 3.75pt 0in;min-width:300px">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#006362">Vorsicht! Links und Anhänge können Schadcode enthalten oder nachladen. Auffällige E-Mails als Anhang bitte an
<a href="mailto:virencheck@komsa.de" target="_blank" rel="noreferrer"><span style="color:#006362">virencheck@komsa.de</span></a> zur Prüfung weiterleiten.</span><span style="font-size:11.0pt"><u></u><u></u></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><br>
<br>
<br>
</span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">Those were wildcard entries for the whole domain <a href="http://icfd3.org" target="_blank" rel="noreferrer">icfd3.org</a>.
</span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">Â </span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">I’ve removed those and get the same behavior. It also doesn’t explain why <a href="http://barracuda058130353572.icfd3.org" target="_blank" rel="noreferrer">barracuda058130353572.icfd3.org</a> does resolve.
</span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">Â </span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt">PDNS is my master server and <a href="http://ns.whidbey.net/ns.whidbey.com" target="_blank" rel="noreferrer">ns.whidbey.net/ns.whidbey.com</a> are my slaves. I just added <a href="http://testing.icfd3.org" target="_blank" rel="noreferrer">testing.icfd3.org</a> and it was pushed out to the 2 slaves but the CNAME for <a href="http://sip.icfd3.org" target="_blank" rel="noreferrer">sip.icfd3.org</a> isn’t even being pushed out to
the slaves.</span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Â </span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Â </span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black">From:
</span></b><span style="font-size:12.0pt;color:black">Brian Candler <<a href="mailto:b.candler@pobox.com" target="_blank" rel="noreferrer">b.candler@pobox.com</a>><br>
<b>Date: </b>Sunday, December 4, 2022 at 11:20 PM<br>
<b>To: </b>Tony Annese <<a href="mailto:tony.annese@whidbeytel.com" target="_blank" rel="noreferrer">tony.annese@whidbeytel.com</a>>,
<a href="mailto:pdns-users@mailman.powerdns.com" target="_blank" rel="noreferrer">pdns-users@mailman.powerdns.com</a> <<a href="mailto:pdns-users@mailman.powerdns.com" target="_blank" rel="noreferrer">pdns-users@mailman.powerdns.com</a>><br>
<b>Subject: </b>Re: [Pdns-users] CNAME Resoluion</span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">On 05/12/2022 05:03, Tony Annese via Pdns-users wrote:</span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Here is the unobfuscated data.</span><span lang="DE" style="font-size:11.0pt"><u></u><u></u></span></p>
</blockquote>
<p>Thank you, because that now makes it possible to help you:<span lang="DE"><u></u><u></u></span></p>
<p>$ dig +norec @<a href="http://ns.whidbey.net" target="_blank" rel="noreferrer">ns.whidbey.net</a>. <a href="http://sip.icfd3.org" target="_blank" rel="noreferrer">sip.icfd3.org</a>. any<br>
...<br>
<br>
;; ANSWER SECTION:<br>
<a href="http://sip.icfd3.org" target="_blank" rel="noreferrer">sip.icfd3.org</a>.      3600   IN   TXT   "v=spf1 mx include:<a href="http://ess.barracudanetworks.com" target="_blank" rel="noreferrer">ess.barracudanetworks.com</a> include:<a href="http://spf.protection.outlook.com" target="_blank" rel="noreferrer">spf.protection.outlook.com</a> ~all"<br>
<a href="http://sip.icfd3.org" target="_blank" rel="noreferrer">sip.icfd3.org</a>.      3600   IN   MX   0 <a href="http://d227914a.ess.barracudanetworks.com" target="_blank" rel="noreferrer">d227914a.ess.barracudanetworks.com</a>.<br>
<a href="http://sip.icfd3.org" target="_blank" rel="noreferrer">sip.icfd3.org</a>.      3600   IN   MX   10 <a href="http://d227914b.ess.barracudanetworks.com" target="_blank" rel="noreferrer">d227914b.ess.barracudanetworks.com</a>.<span lang="DE"><u></u><u></u></span></p>
<p>You cannot have other resource records alongside a CNAME. That's a requirement of the DNS, not of Powerdns specifically.<span lang="DE"><u></u><u></u></span></p>
<p>You should put A/AAAA records there. Or if you want to avoid the duplication of information, you can look into ALIAS records which do this for you.<span lang="DE"><u></u><u></u></span></p>
</div>
</div>
_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank" rel="noreferrer">Pdns-users@mailman.powerdns.com</a><br>
<a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" rel="noreferrer noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
</blockquote></div></div></div>