Re: [Pdns-users] Wrong A-Record is retuned for CNAME that can not be resolved to A

Thu, 26 Sep 2019 03:28:09 -0700 

Hi Kevin,

> ===========>% ===========
> C:\Users\kolbrich>nslookup -q=CNAME 
> _91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de 
> <http://91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de/>. 8.8.8.8
> Server:  dns.google <http://dns.google/>
> Address:  8.8.8.8
> 
> Nicht autorisierende Antwort:
> _91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de 
> <http://91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de/>        
> canonical name = 
> _c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws
> 

> My NS has a catch-all zone using "." including SOA to be authoritative for 
> all new domains that do not yet have a zone (async processing).
> This allows us to be responsive for zones we actually did not yet create or 
> have not been replicated.


> 
> It's seems, that AWS uses the same authoritative NS to resolv it's own CNAME 
> (which does not resolve at all in public):

I doubt that’s the problem (and note that acm-validations.aws is a valid domain 
name and points to AWS).

I believe the problem might be here:

~ ❯❯❯ dig SOA expose.graf-borstar.de <http://expose.graf-borstar.de/>

; <<>> DiG 9.10.6 <<>> SOA expose.graf-borstar.de 
<http://expose.graf-borstar.de/>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58518
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;expose.graf-borstar.de <http://expose.graf-borstar.de/>.               IN      
SOA

;; ANSWER SECTION:
expose.graf-borstar.de <http://expose.graf-borstar.de/>.        3593    IN      
CNAME   fae31f3b-08a0-4b3c-8767-7f1b1baec2af.iexendpoints.de 
<http://fae31f3b-08a0-4b3c-8767-7f1b1baec2af.iexendpoints.de/>.

;; AUTHORITY SECTION:
iexendpoints.de <http://iexendpoints.de/>.      293     IN      SOA     
ns-660.awsdns-18.net <http://ns-660.awsdns-18.net/>. 
awsdns-hostmaster.amazon.com <http://awsdns-hostmaster.amazon.com/>. 1 7200 900 
1209600 86400

;; Query time: 19 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Thu Sep 26 12:20:56 CEST 2019
;; MSG SIZE  rcvd: 199


You have a CNAME in place for expose.graf-borstar.de 
<http://expose.graf-borstar.de/>. Does that belong there? This might cause 
issues.

Could you also clarify the problem you are having? It’s not 100% clear to me at 
this point. 

Kind Regards,

Frank
Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be





_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to