[Pdns-users] Wrong A-Record is retuned for CNAME that can not be resolved to A

Thomas Mieslinger miesi at mail.com
Thu Sep 26 12:53:29 UTC 2019


I don't understand what the problem is.

_91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de. 3600 IN CNAME
_c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws.

_c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws. TXT
"98b89819ca31466e81cf73925fe2c6ea"

It is a cname pointing to a TXT record. should be good enough for a
validation.

On 26.09.19 12:06, Kevin Olbrich wrote:
> Hi!
>
> I've now met a problem where I don't know how to proceed:
>
> ===========>% ===========
> C:\Users\kolbrich>nslookup -q=CNAME
> _91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de
> <http://91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de>. 8.8.8.8
> Server:  dns.google
> Address:  8.8.8.8
>
> Nicht autorisierende Antwort:
> _91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de
> <http://91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de>
>   canonical name =
> _c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws
> ===========>% ===========
>
> My NS has a catch-all zone using "." including SOA to be authoritative
> for all new domains that do not yet have a zone (async processing).
> This allows us to be responsive for zones we actually did not yet create
> or have not been replicated.
>
> It's seems, that AWS uses the same authoritative NS to resolv it's own
> CNAME (which does not resolve at all in public):
>
>    ===========>% ===========
> C:\Users\kolbrich>nslookup
> _c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws.
> 10.100.0.210
> (root)
>          primary name server = ns01.srvfarm.net <http://ns01.srvfarm.net>
>          responsible mail addr = dnsnoc.dolphin-it.de
> <http://dnsnoc.dolphin-it.de>
>          serial  = 2
>          refresh = 10800 (3 hours)
>          retry   = 3600 (1 hour)
>          expire  = 604800 (7 days)
>          default TTL = 3600 (1 hour)
> Server:  UnKnown
> Address:  10.100.0.210
>
> Name:    _c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws
> Addresses:  2a06:9500:1002:0:185:118:197:123
>            185.118.197.123
>    ===========>% ===========
>
> Do I need to adjust the "graf-borstar.de <http://graf-borstar.de>"-zone?
> If yes, how?
> I am running dnsdist in front, should I adjust something there?
>
> Kind regards
> Kevin
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>


More information about the Pdns-users mailing list