[Pdns-users] Wrong A-Record is retuned for CNAME that can not be resolved to A

Kevin Olbrich ko at sv01.de
Thu Sep 26 10:06:30 UTC 2019


I've now met a problem where I don't know how to proceed:

===========>% ===========
C:\Users\kolbrich>nslookup -q=CNAME _
Server:  dns.google

Nicht autorisierende Antwort:
_91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de        canonical
name = _c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws
===========>% ===========

My NS has a catch-all zone using "." including SOA to be authoritative for
all new domains that do not yet have a zone (async processing).
This allows us to be responsive for zones we actually did not yet create or
have not been replicated.

It's seems, that AWS uses the same authoritative NS to resolv it's own
CNAME (which does not resolve at all in public):

  ===========>% ===========
        primary name server = ns01.srvfarm.net
        responsible mail addr = dnsnoc.dolphin-it.de
        serial  = 2
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 3600 (1 hour)
Server:  UnKnown

Name:    _c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws
Addresses:  2a06:9500:1002:0:185:118:197:123

  ===========>% ===========

Do I need to adjust the "graf-borstar.de"-zone? If yes, how?
I am running dnsdist in front, should I adjust something there?

Kind regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190926/0b25e6e3/attachment-0001.htm>

More information about the Pdns-users mailing list