[Pdns-users] Wrong A-Record is retuned for CNAME that can not be resolved to A
Thomas Mieslinger
miesi at mail.com
Thu Sep 26 12:53:29 UTC 2019
I don't understand what the problem is.
_91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de. 3600 IN CNAME
_c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws.
_c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws. TXT
"98b89819ca31466e81cf73925fe2c6ea"
It is a cname pointing to a TXT record. should be good enough for a
validation.
On 26.09.19 12:06, Kevin Olbrich wrote:
> Hi!
>
> I've now met a problem where I don't know how to proceed:
>
> ===========>% ===========
> C:\Users\kolbrich>nslookup -q=CNAME
> _91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de
> <http://91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de>. 8.8.8.8
> Server: dns.google
> Address: 8.8.8.8
>
> Nicht autorisierende Antwort:
> _91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de
> <http://91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de>
> canonical name =
> _c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws
> ===========>% ===========
>
> My NS has a catch-all zone using "." including SOA to be authoritative
> for all new domains that do not yet have a zone (async processing).
> This allows us to be responsive for zones we actually did not yet create
> or have not been replicated.
>
> It's seems, that AWS uses the same authoritative NS to resolv it's own
> CNAME (which does not resolve at all in public):
>
> ===========>% ===========
> C:\Users\kolbrich>nslookup
> _c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws.
> 10.100.0.210
> (root)
> primary name server = ns01.srvfarm.net <http://ns01.srvfarm.net>
> responsible mail addr = dnsnoc.dolphin-it.de
> <http://dnsnoc.dolphin-it.de>
> serial = 2
> refresh = 10800 (3 hours)
> retry = 3600 (1 hour)
> expire = 604800 (7 days)
> default TTL = 3600 (1 hour)
> Server: UnKnown
> Address: 10.100.0.210
>
> Name: _c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws
> Addresses: 2a06:9500:1002:0:185:118:197:123
> 185.118.197.123
> ===========>% ===========
>
> Do I need to adjust the "graf-borstar.de <http://graf-borstar.de>"-zone?
> If yes, how?
> I am running dnsdist in front, should I adjust something there?
>
> Kind regards
> Kevin
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
More information about the Pdns-users
mailing list