[Pdns-users] CNAME Resoluion

Sinisa Burina sburina at gmail.com
Tue Dec 6 12:44:31 UTC 2022 

Hello!

icfd3.org and icdf3.org 🙂

Looks like these are two different domain names.

Kind regards,
        Sinisa "Sonny" Burina

On Mon, Dec 5, 2022, 12:58 Tony Annese via Pdns-users <
pdns-users at mailman.powerdns.com> wrote:

> So PDNS is reporting these CNAMEs as errors/being out of zone
>
>
>
> root at nspower:~# pdnsutil check-zone icfd3.org
>
> Dec 05 09:42:24 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0
> removed
>
> [Error] Record 'enterpriseenrollment.icdf3.org IN CNAME
> enterpriseenrollment.manage.microsoft.com' in zone 'icfd3.org' is
> out-of-zone.
>
> [Error] Record 'enterpriseregistration.icdf3.org IN CNAME
> enterpriseregistration.windows.net' in zone 'icfd3.org' is out-of-zone.
>
> [Error] Record 'lyncdiscover.icdf3.org IN CNAME webdir.online.lync.com'
> in zone 'icfd3.org' is out-of-zone.
>
> [Error] Record 'selector1._domainkey.icdf3.org IN CNAME
> selector1-icfd3-org._domainkey.SouthWhidbeyFE.onmicrosoft.com' in zone '
> icfd3.org' is out-of-zone.
>
> [Error] Record 'selector2._domainkey.icdf3.org IN CNAME
> selector2-icfd3-org._domainkey.SouthWhidbeyFE.onmicrosoft.com' in zone '
> icfd3.org' is out-of-zone.
>
> [Error] Record 'sip.icdf3.org IN CNAME sipdir.online.lync.com' in zone '
> icfd3.org' is out-of-zone.
>
> [Error] Record '_sip._tls.icdf3.org IN SRV 100 1 443
> sipdir.online.lync.com' in zone 'icfd3.org' is out-of-zone.
>
> [Error] Record '_sipfederationtls._tcp.icdf3.org IN SRV 100 1 5061
> sipfed.online.lync.com' in zone 'icfd3.org' is out-of-zone.
>
> Checked 31 records of 'icfd3.org', 8 errors, 0 warnings.
>
>
>
> So how do I tell PDNS to allow out-of-zone CNAME (and SRV) records?
>
>
>
>
>
> *From: *Pdns-users <pdns-users-bounces at mailman.powerdns.com> on behalf of
> Markus Ehrlicher via Pdns-users <pdns-users at mailman.powerdns.com>
> *Date: *Monday, December 5, 2022 at 3:36 AM
> *To: *'pdns-users at mailman.powerdns.com' <pdns-users at mailman.powerdns.com>
> *Subject: *Re: [Pdns-users] CNAME Resoluion
>
> Hello,
>
>
>
> what does „pdnsutil check-zone icfd3.org“ on the Master say?
>
>
>
> best regards,
>
> Markus
>
>
>
> *Von:* Pdns-users <pdns-users-bounces at mailman.powerdns.com> *Im Auftrag
> von *Tony Annese via Pdns-users
> *Gesendet:* Montag, 5. Dezember 2022 12:20
> *An:* pdns-users at mailman.powerdns.com
> *Betreff:* Re: [Pdns-users] CNAME Resoluion
>
>
>
> *Externe E-Mail*
>
> Vorsicht! Links und Anhänge können Schadcode enthalten oder nachladen.
> Auffällige E-Mails als Anhang bitte an virencheck at komsa.de zur Prüfung
> weiterleiten.
>
>
>
>
> Those were wildcard entries for the whole domain icfd3.org.
>
>
>
> I’ve removed those and get the same behavior. It also doesn’t explain why
> barracuda058130353572.icfd3.org does resolve.
>
>
>
> PDNS is my master server and ns.whidbey.net/ns.whidbey.com are my slaves.
> I just added testing.icfd3.org and it was pushed out to the 2 slaves but
> the CNAME for sip.icfd3.org isn’t even being pushed out to the slaves.
>
>
>
>
>
> *From: *Brian Candler <b.candler at pobox.com>
> *Date: *Sunday, December 4, 2022 at 11:20 PM
> *To: *Tony Annese <tony.annese at whidbeytel.com>,
> pdns-users at mailman.powerdns.com <pdns-users at mailman.powerdns.com>
> *Subject: *Re: [Pdns-users] CNAME Resoluion
>
> On 05/12/2022 05:03, Tony Annese via Pdns-users wrote:
>
> Here is the unobfuscated data.
>
> Thank you, because that now makes it possible to help you:
>
> $ dig +norec @ns.whidbey.net. sip.icfd3.org. any
> ...
>
> ;; ANSWER SECTION:
> sip.icfd3.org.        3600    IN    TXT    "v=spf1 mx include:
> ess.barracudanetworks.com include:spf.protection.outlook.com ~all"
> sip.icfd3.org.        3600    IN    MX    0
> d227914a.ess.barracudanetworks.com.
> sip.icfd3.org.        3600    IN    MX    10
> d227914b.ess.barracudanetworks.com.
>
> You cannot have other resource records alongside a CNAME.  That's a
> requirement of the DNS, not of Powerdns specifically.
>
> You should put A/AAAA records there.  Or if you want to avoid the
> duplication of information, you can look into ALIAS records which do this
> for you.
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20221206/74f837d7/attachment.htm>

More information about the Pdns-users mailing list