DigitalOcean A records and CNAMEs not propogating? - dns

I am having some issues with DigitalOcean A records and CNAMEs. An A record for www.schoolproject.me was created, and DO would not let me make one for just schoolproject.me (do I need to make one for #.schoolproject.me instead?).
When checking both of those domain names for A records on either MXToolbox or a propagation checker, neither of them provide any response whatsoever. For subdomains of this, I have CNAMEs done in DO as well (this is an Evilginx project, so ones for api.twitter.com.schoolproject.me, abs.twitter.com.schoolproject.me, and twitter.com.schoolproject.me) which also don't have CNAMEs in MXToolbox.
The nameservers were set up in Namecheap, as nsX.schoolproject.me - 1-3 as X that point to the IP of the DO droplet, as suggested in Evilginx setup guides.
The question is, why aren't these A records and CNAMEs showing up in any tool? When Evilginx attempts to get SSL certs from LetsEncrypt I am met with this -
[abs.twitter.com.schoolproject.me] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for abs.twitter.com.schoolproject.me - check that a DNS record exists for this domain, url:
[api.twitter.com.schoolproject.me] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for api.twitter.com.schoolproject.me - check that a DNS record exists for this domain, url:
[twitter.com.schoolproject.me] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for twitter.com.schoolproject.me - check that a DNS record exists for this domain, url:
...which is the big issue I'm having, but the simple way to check this is to just drop it into MXToolbox online and it does the same thing.
Thanks in advance. I've done some easier DNS stuff before, but this is a bit over what I have done prior.

Fixed it. In Namecheap, make sure to add your nameservers you made under Advanced DNS settings to the Custom Nameserver section of the site. Ugh. That was too easy.

Related

Point Route53's domain to VULTR's host

Recently, I just purchased a domain from AWS by using Route 53. The problem is that I want to point this domain to a wordpress website that lies in Vultr host, but even thought I changed the NS record on Route 53 to Vulture's and test it by using https://www.dnswatch.info/, it still cannot open my website when I enter new domain to browser. I got little knowledge when it comes to DNS so please help ..
This is Vultr's DNS setting
and Route53 setting (I have changed the sensetive info)
I believe the issue here is you are attempting to add the Vultr Nameservers as NS records in Route53. So, Route53 would still be your primary nameservers.
Instead you want to specifically change over the primary Nameservers / glue records (separate UI / settings area than DNS records). See the final section on this page for details on how to do this -
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-name-servers-glue-records.html#updating-name-servers-other-dns-service

Pointing a domain to AWS Route 53

I am having difficulties getting my domain to point to my EC2 properly. I searched through a few third party guides online, and got slightly swamped in the official AWS documentation, but despite this I still cant get it to work.
Ive have Route 53 set up like this:
Type: A
Value: ??.??.??.?? (IP address)
Type: NS
Value: ns-1403.awsdns-47.org.
ns-1696.awsdns-20.co.uk.
ns-632.awsdns-15.net.
ns-431.awsdns-53.com.
Type: SOA
Value: ns-431.awsdns-53.com.
awsdns-hostmaster.amazon.com
And on my domain host I have the DNS Records set up like this:
Hostname: www
Type: NS
Value: ns-1403.awsdns-47.org
ns-1696.awsdns-20.co.uk
ns-632.awsdns-15.net
ns-431.awsdns-53.com
I think I am doing something fundamentally wrong. Firstly Im not sure if I got the Hostname part right on my DNS records. On the site it says .domain after the input box for the Hostname, which makes me think its a sub domain specifier. Am I right in thinking the # symbol works for no subdomain? (i.e. domain.com instead of www.domain.com)
Secondly should I remove the NS record set from Route 53, as its already specified in the DNS Records on the domain host?
Many thanks
There are two missing pieces here: telling your registrar to use Route53 instead of their own NS servers, and telling Route53 about your EC2 instance.
First, you need to set up your registrar. In this step you're telling the registrar to tell the global DNS system to look at Route53 for information about domain.com. Here's a quick tutorial for Namecheap and here's one for GoDaddy. Other registrars are similar, just google for YourRegistrarHere assign nameservers.
Second, to tell Route53 about your EC2 instance you should set an A record for domain.com within Route53 pointing at the elastic IP address that your EC2 instance is assigned. You should also create another A record for www.domain.com pointing at the same IP.
For your second question, as soon as you set up your registrar correctly the interface for creating records should just go away. You'll be managing all of your DNS records through Route53 instead.

DNS: authorative vs. dynamic , can I have dynamic forward all requests to authorative nameservers

Ok, in a nutshell, for my own reaons, I am trying to "build" a solution that extracts my DNS from the location / company where my webserver is located. I need to be able to make DNS changes on the fly for my domains. I have nameservers set-up for the webserver, on the webserver. I basically want to know if I can point my domain registration DNS details, to lets say, a DYN.com dynamic DNS address, and have that dynamic address setup to just forward all traffic onto my nameservers on the webserver.
This way, I can change the dyndns "pointer" if you will, to any other webserver/nameservers immedietly should the need arise.
P.S. I know a dynamic address probably won't work, and If I have to go for a paid up service with DYN, thats fine, but I don't want to create all the records on DYN. I just want it to forward any requests to the actual ip of the name server on the webserver.
I.E.
Domain NS1 -> Dyn.com Record 1 (no specific domain records) -> ns1.mywebserver.com
Domain NS2 -> Dyn.com Record 2 (no specific domain records) -> ns2.mywebserver.com
Can this be acieved, if not, do you get what I am trying to do, and are there other ways of doing this?
I ideally don't want to create a dedicated linux VM somewhere to manage the DNS.
Thanks in advance.
I think my other question, posted after this one, solves this question.
BIND . Registrar says it cant find the nameserver. nslookup shows the domain is being handled by bind
Cheers

DNS servers pointing to site saying "owner knows site is down"?

When my site goes down, I want to change my registrar DNS settings to
point to (for example):
ns1.this_site_is_down.com
ns2.this_site_is_down.com
ns3.this_site_is_down.com
ns4.this_site_is_down.com
where these nameservers would return a fixed IP with a low TTL for all
queries (or even a CNAME), and a webpage on that IP address would read
something like:
The owner of this website knows it is down and is working to fix
it. Once the site is fixed, you will no longer see this message.
To use this service, set your DNS servers to ... [as above]
Does such a service exist?
I realize this system wouldn't be perfect, but it would be useful.
DNS and "site is offline" messages
discusses creating your own 2nd nameserver to do this, but I'm looking
to do this with an existing service/server.
It doesn't exist for A records or CNAME records (the closest you can get here is using a round robin, but that doesn't solve your issue).
Your looking for a priority tag, which exists in MX only records.
I'm afraid your best option is just on the servers send out a 503 error with a HTML page as the ErrorDocument.

Can the authoritative NS be the same as the domain served?

Let's say I have a server (DNS and other), myserver.com. Now I register a domain, mydomain.com, and set it's NS at the registrar to myserver.com - it is therefore the authoritative server, if there is any such thing.
In the authoritative records for mydomain.com, can I set the NS to ns.mydomain.com?
I have two domains set up like that, one works, the other one seems reluctant to propagate. So I'm wondering if there is something wrong with that - I mean how can you resolve the name of the NS when you need to resolve the name of the NS to resolve the name of the NS...
And, If yes, how come parallels plesk sets them automatically in this way?
Ps: there is an A record for ns.mydomain.com on that same server, pointing to the proper IP
There's a solution for this problem - it's called "glue records", i.e. A records hosted in the parent zone that contain the IP addresses of the name servers.
See http://en.wikipedia.org/wiki/Domain_Name_System#Circular_dependencies_and_glue_records
Why would you want to set the NS record for the "mydomain.com":
to "myserver.com" in the delegation record that goes into the parent zone (com.), but
to "ns.mydomain.com" at the zone apex (inside the mydomain.com. zone)
? This creates an inconsistency (two different DNS servers answer the same question with two different answers) without any apparent benefit. You should try to help the DNS system as a whole issue consistent answers.
Unless you have a good reason to make the DNS inconsistent, you should decide what the correct, canonical name for your nameserver is, and publish that name in the NS record both in the delegation and at the zone apex for "mydomain.com".
That being said, it will still work:
If a recursive resolver which does not yet know anything about "mydomain.com" asks about it, it will be told by the gTLD servers to go look at "myserver.com". The gTLD will also issue A and AAAA glue records to help find "myserver.com", but even if they don't, you have A and AAAA records for "myserver.com" in the "myserver.com" zone file (right?).
If a recursive resolver which wants to refresh its cache for the "mydomain.com" NS record, it may query the authoritative server it already knows about. This server will answer that the nameserver is "ns.mydomain.com", with a glue record. This is different from what it had in its cache before, but ultimately it will map to a server with the same IP address.
As for "parallels plesk", I know nothing about that.

Resources