[Pdns-users] Wrong A-Record is retuned for CNAME that can not be resolved to A
frank+pdns at tembo.be
frank+pdns at tembo.be
Thu Sep 26 10:27:10 UTC 2019
Hi Kevin,
> ===========>% ===========
> C:\Users\kolbrich>nslookup -q=CNAME _91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de <http://91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de/>. 8.8.8.8
> Server: dns.google <http://dns.google/>
> Address: 8.8.8.8
>
> Nicht autorisierende Antwort:
> _91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de <http://91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de/> canonical name = _c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws
>
> My NS has a catch-all zone using "." including SOA to be authoritative for all new domains that do not yet have a zone (async processing).
> This allows us to be responsive for zones we actually did not yet create or have not been replicated.
>
> It's seems, that AWS uses the same authoritative NS to resolv it's own CNAME (which does not resolve at all in public):
I doubt that’s the problem (and note that acm-validations.aws is a valid domain name and points to AWS).
I believe the problem might be here:
~ ❯❯❯ dig SOA expose.graf-borstar.de <http://expose.graf-borstar.de/>
; <<>> DiG 9.10.6 <<>> SOA expose.graf-borstar.de <http://expose.graf-borstar.de/>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58518
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;expose.graf-borstar.de <http://expose.graf-borstar.de/>. IN SOA
;; ANSWER SECTION:
expose.graf-borstar.de <http://expose.graf-borstar.de/>. 3593 IN CNAME fae31f3b-08a0-4b3c-8767-7f1b1baec2af.iexendpoints.de <http://fae31f3b-08a0-4b3c-8767-7f1b1baec2af.iexendpoints.de/>.
;; AUTHORITY SECTION:
iexendpoints.de <http://iexendpoints.de/>. 293 IN SOA ns-660.awsdns-18.net <http://ns-660.awsdns-18.net/>. awsdns-hostmaster.amazon.com <http://awsdns-hostmaster.amazon.com/>. 1 7200 900 1209600 86400
;; Query time: 19 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Thu Sep 26 12:20:56 CEST 2019
;; MSG SIZE rcvd: 199
You have a CNAME in place for expose.graf-borstar.de <http://expose.graf-borstar.de/>. Does that belong there? This might cause issues.
Could you also clarify the problem you are having? It’s not 100% clear to me at this point.
Kind Regards,
Frank
Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190926/88992d81/attachment.htm>
More information about the Pdns-users
mailing list