Propagated Domain CAA Records Not Matching Configuration - dns

I am using Cloudflare DNS and everything mostly works fine but I can't seem to get my CAA records to get saved correctly. The records I want to be present are below:
0 issuewild letsencrypt.org; validationmethods=dns-01; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/<number>
0 issue letsencrypt.org; validationmethods=dns-01; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/<number>
The records are saved and no error is shown so I assume they are correct, but if you try to check the CAA records for my domain (bluecom.dev) with online tools or host -t type257 bluecom.dev it shows entirely different records. Is there anything I'm doing wrong or will they propagate eventually? They've been set up this way for a few months so I assume not the latter, but how would I go about making it work?

Since, Let'sEncrypt is already fulfilled by CloudFlare automatically I'm not sure what are you trying exactly to do.
By the way, CloudFlare adds to CAA record automatically this (In order to work with Cloudflare's Universal SSL):
example.com. IN CAA 0 issue "comodoca.com"
example.com. IN CAA 0 issue "digicert.com"
example.com. IN CAA 0 issue "letsencrypt.org"
example.com. IN CAA 0 issuewild "comodoca.com"
example.com. IN CAA 0 issuewild "digicert.com"
example.com. IN CAA 0 issuewild "letsencrypt.org"
At your domain (bluecom.dev) it registers something similar:
bluecom.dev. 3600 IN CAA 0 issue "digicert.com cansignhttpexchanges=yes"
bluecom.dev. 3600 IN CAA 0 issuewild "digicert.com cansignhttpexchanges=yes"
bluecom.dev. 3600 IN CAA 0 issue "comodoca.com"
bluecom.dev. 3600 IN CAA 0 issue "letsencrypt.org"
bluecom.dev. 3600 IN CAA 0 issuewild "comodoca.com"
bluecom.dev. 3600 IN CAA 0 issuewild "letsencrypt.org"
I recommend you to disable CloudFlare Universal SSL, as this is the cause of these records being added automatically as soon as the first CAA record is added; this in order to fix your problem.
But really, I would not recommend adding CAA records or disabling CloudFlare Universal SSL as this is usually only required to maintain policy compliance in very rare cases.
You can learn more about your issue at: CloudFlare Help Center - CAA

Related

GCloud DNS, A and TXT record sets not being published?

This is my first time using GCloud DNS, looking to configure a public zone for Hodl.Art. Opted for GCloud because their DNSSEC supports RSASHA256 (GoDaddy doesn't, nor the rest of my registrars), compatible with ENS.Domains for renaming a digital wallet.
My problem is that, try as I may, GCloud doesn't want to publish/make-public my A and TXT record sets. The zone currently looks like this in the console but no resolution!?
Am I overlooking something obvious or need to turn on some other functionality?
#.hodl.art. A 300 46.252.205.197
_ens.hodl.art. TXT 300 "a=0x40974E5e819064c7159E2198E2ab540eE8C874bd"
hodl.art. NS 21600
ns-cloud-c1.googledomains.com.
ns-cloud-c2.googledomains.com.
ns-cloud-c3.googledomains.com.
ns-cloud-c4.googledomains.com.
hodl.art. SOA 21600
ns-cloud-c1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300
www.hodl.art. CNAME 300 #.
If you are using the # as the origin, for Google Cloud DNS leave the entry field blank.
hodl.art. A 300 46.252.205.197
www.hodl.art. CNAME 300 hodl.art.
Google Cloud DNS Managing records
"To create a wildcard DNS record, enter an asterisk—for example, *.example.com.
Note: Adding the # symbol in this field causes the record to fail."
---Google Cloud DNS Managing records---

Cloudflare CNAME Error 1014 Cross-User Banned

I previously had my GitHub pages site set up correctly with my custom domain and my Cloudflare DNS, however, I was playing around with my CNAME records but decided I wanted to revert back to how things were before.
I set my CNAME records to what they were previously, however, when I go to my custom domain I get the error.
Error 1014: CNAME Cross-User Banned
Never seen this error before, how can I fix this. Screenshots of settings attached
GitHub
Cloudflare
This is solving it for me.
https://twitter.com/stefanprodan/status/834872543790174209
#stefanprodan -
1:08 PM - 23 Feb 2017
If you use #Cloudflare with #Github pages change your CNAME to
http://github.map.fastly.net to fix Error 1014 CNAME Cross-User
Banned

Local DNS wont route users to WPengine blog

I'm trying to fix a DNS issue at my office. We run a local Bind server to handle requests to locally run sub domains that are only available in the office. Recently we moved our blog to wpengine.com for hosting. They also provide the ability for DNS control. Basically I need our local DNS to point office users to the wpengine site for our blog subdomain but nothing I do to our local zone file settings makes a difference. Our browsers always get directed to our primary ecom site which originally hosted the blog. I've tried adding sub domain delegation entries to our local zone file to no effect.
WPengine's settings has a primary DNS config of blog.fractureme.com with a CNAME entry of fracture.wpengine.com pointing to blog.fractureme.com . I'm wondering if there's some sort of circular logic going on here with our local office, our primary and Wpengine's DNS that keeps pointing us in the office to the wrong server when we try to go to blog.fractureme.com in a browser? Our primary domain hosting service also has a CNAME zone entry that points blog.fractureme.com to fracture.wpengine.com .
Meanwhile our office zone file looks like this.
(i did add * to local IP entries. I know thats probably silly trying to balance security with getting the best help). The last entry in the zone file is supposed to be directing blog.fractureme.com to the IP of fracture.wpengine.com. I've also tried a NS type entry with a 'glue' record with no luck.
;
; BIND data file for local loopback interface
;
$TTL 604800
# IN SOA fractureme.com. root.fractureme.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
# IN NS ns1.fractureme.com.
# IN NS dns2.registrar-servers.com.
ns1 IN A 192.168.1.150
ns2 IN A 85.25.136.102
fractureme.com. IN A 64.235.53.182
* IN A 64.235.53.182
mobile IN A 64.235.53.182
itslog IN A 64.235.53.182
blog IN CNAME fracture.wpengine.com
m IN CNAME ghs.google.com.
# IN TXT "v=spf1 a mx ptr a:fractureme.com a:mail.fractureme.com a:mail1.fractureme.com include:_spf.google.com ~all"
# IN MX 10 ASPMX.L.GOOGLE.COM.
# IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
# IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
# IN MX 30 ASPMX2.GOOGLEMAIL.COM.
# IN MX 30 ASPMX3.GOOGLEMAIL.COM.
# IN MX 30 ASPMX4.GOOGLEMAIL.COM.
# IN MX 30 ASPMX5.GOOGLEMAIL.COM.
;
; Fracture private addresses
;
prod IN A x.x.x.x
raid IN A x.x.x.x
dev IN A 64.238.189.200
alex IN A x.x.x.x
caldera IN A x.x.x.x
cnc IN A x.x.x.x
laser IN A x.x.x.x
encrypted-prod IN A x.x.x.x
$ORIGIN prod.staging.fractureme.com.
* IN A 64.238.189.199
$ORIGIN itslog.fractureme.com.
* IN A 64.235.53.182
$ORIGIN mobile.fractureme.com.
* IN A 64.235.53.182
$ORIGIN dev.fractureme.com.
* IN A 64.238.189.200
$ORIGIN prod.fractureme.com.
* IN A x.x.x.x
live IN A 64.235.53.182
$ORIGIN blog.fractureme.com.
* IN A 166.78.99.121
Couple suggestions--
Check that you have the correct IP for your site set up in your DNS zone file. There's been some migrations at WPE and this may cause the routing issues.
You can find the updated IP in your my.wpengine.com overview.
If this is a multisite, make sure the domains are added to their user portal as well, one per line with none redirecting to the primary.
Also if multisite, make sure you are using the Wordpress MU domain mapping plugin to direct the domains to the correct subsite rather than trying to do this custom.

How to set DNS pointing for tumblr, when the nameserver opens for my website?

Ok so I did everything tumblr asks to use a custom domain
A record pointing mydomain.com to 66 6 44 4
A record pointing www mydomain com to 66 6 44 4
Cname - pointing to domains tumblr com
And Tumblr says we don't have to change/erase our nameservers
BUT turns out that mydomain keeps opening the website from my server, instead of tumblr. Which sounds natural to me, so I can't understand how can the A record own my domain instead of the nameserver?
1-) I can't leave the nameserver empty, my domain hoster doesn't allow
2-) tumblr doesn't allow their IP to be pointed as nameservers.
help :(
What you did is right, all you need are A records for domain.com and for www.domain.com. Nameservers are not relevant here.
The fact that your setup does not work originates from some other reason, maybe old records cached somewhere etc...

Do CNAME records also forward MX requests?

My DNS has a set up for the domain base.com that consists of A and MX records. There are several other domains that are set up with CNAME records, pointing to base.com.
Do I need to set up anything special (like extra MX records) for the CNAME domains, or will the CNAME records also forward any MX requests.
Example:
Will an email sent to info#otherdomain.com be delivered correctly to the MX of base.com if these (and only these) DNS records are in place:
; A and MX set up for base.com
base.com. 3600 IN A 123.45.67.89
mail.base.com. 3600 A 123.45.67.89
base.com. 3600 IN MX 10 mail.base.com.
; CNAME set up for otherdomain.com
otherdomain.com. CNAME IN A base.com.
CNAME causes queries for all RR types (excluding CNAME itself) to be directed to the target name. That includes MX. So yes, the above zone data will cause queries for otherdomain.com.'s MX to resolve to mail.base.com..
Experiment with dig or your favorite DNS client. Not only will you confirm the result for sure, but you won't have to wait 4 hours for someone to answer your SO question before you get your answer!
Unfortunately, in this particular case, if your domain is really of the form otherdomain.com., you would not be able to configure a CNAME resource records for it. This is because domains that have CNAME records cannot have any other type of resource record at the same time. Yet if otherdomain.com. is directly below com. (or another gTLD), it is necessarily at the top of a zone and so it needs at least SOA and NS records.

Resources