[Pdns-users] Wrong A-Record is retuned for CNAME that can not be resolved to A
Kevin Olbrich
ko at sv01.de
Thu Sep 26 21:47:50 UTC 2019
Thanks for the explanation!
This setup is part of a configuration wizard by Flowfact (realestate
management software).
The CNAME is one of the settings that have to be set according to
their tool - it also validates successfully.
The problem is, their tool raises an "unknown error" and the helpdesk tells
me, they don't support this part of their software (wtf?).
I thought this might be something obvious but as Thomas pointed out, a
CNAME to TXT should be fine (which I never tried or thought would work).
My assumption that CNAME must return an IP address simply was wrong.
This makes me more confident, my side is actually working correctly and
there is something broken at Flowfact.
Thanks again!
Kind regards
Kevin
Am Do., 26. Sept. 2019 um 12:27 Uhr schrieb frank+pdns--- via Pdns-users <
pdns-users at mailman.powerdns.com>:
> Hi Kevin,
>
> ===========>% ===========
> C:\Users\kolbrich>nslookup -q=CNAME _
> 91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de. 8.8.8.8
> Server: dns.google
> Address: 8.8.8.8
>
> Nicht autorisierende Antwort:
> _91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de canonical
> name = _c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws
>
>
> My NS has a catch-all zone using "." including SOA to be authoritative for
> all new domains that do not yet have a zone (async processing).
> This allows us to be responsive for zones we actually did not yet create
> or have not been replicated.
>
>
>
>
> It's seems, that AWS uses the same authoritative NS to resolv it's own
> CNAME (which does not resolve at all in public):
>
>
> I doubt that’s the problem (and note that acm-validations.aws is a valid
> domain name and points to AWS).
>
> I believe the problem might be here:
>
> ~ ❯❯❯ dig SOA expose.graf-borstar.de
>
> ; <<>> DiG 9.10.6 <<>> SOA expose.graf-borstar.de
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58518
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1280
> ;; QUESTION SECTION:
> ;expose.graf-borstar.de. IN SOA
>
> ;; ANSWER SECTION:
> expose.graf-borstar.de. 3593 IN CNAME
> fae31f3b-08a0-4b3c-8767-7f1b1baec2af.iexendpoints.de.
>
> ;; AUTHORITY SECTION:
> iexendpoints.de. 293 IN SOA ns-660.awsdns-18.net.
> awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
>
> ;; Query time: 19 msec
> ;; SERVER: 192.168.2.1#53(192.168.2.1)
> ;; WHEN: Thu Sep 26 12:20:56 CEST 2019
> ;; MSG SIZE rcvd: 199
>
>
> You have a CNAME in place for expose.graf-borstar.de. Does that belong
> there? This might cause issues.
>
> Could you also clarify the problem you are having? It’s not 100% clear to
> me at this point.
>
> Kind Regards,
>
> Frank
> Frank Louwers
> PowerDNS Certified Consultant @ Kiwazo.be
>
>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190926/fbcf0af2/attachment.htm>
More information about the Pdns-users
mailing list