I am trying to add 2 CNAMEs to my CloudFront distribution, but I am getting this error message:
com.amazonaws.services.cloudfront.model.CNAMEAlreadyExistsException: One or more of the CNAMEs you provided are already associated with a different resource. (Service: AmazonCloudFront; Status Code: 409; Error Code: CNAMEAlreadyExists;
I don't have another CloudFront distrubution, and I don't think anyone else has a distribution with these names since they are very unique:
"www.plataformalatina.com" and "plataformalatina.com"
Can anyone please help?
I contacted AWS support and turns out someone else had a CloudFront distribution associated with that CNAME.
Did you get confirmation from AWS to know if they're or wild card is not added somewhere else?
You can try this:
Try creating CNAME record instead of alias
www.plataformalatina.com CNAME dxxxxxxx.cloudfront.net
Try to add this www.plataformalatina.com to your Distribution.
If this works, remove alias for plataformalatina.com as well and try to add it to CloudFront.
CloudFront performs check before it allows you to add any CNAME and in case of Route53 alias record, it sees that it resolves to CloudFront IP address but it doesn't know where is it added.
If above doesn't work:
https://aws.amazon.com/premiumsupport/knowledge-center/resolve-cnamealreadyexists-error/
Follow above article and submit proof to Amazon that this domain belong to you and they're add the CNAME on half of you.
Related
Suppose that I own example.com that is served by my own DNS server and I can create every records that I want.
Now imagine that one of my friends get a new domain called new-domain.com and I want to help him manage his domain with his own DNS server.
So in my dns system for example.com, I create two A records as:
my.ns1.example.com -> some.ip.addr
and
my.ns2.example.com -> some.ip.addr
(some.ip.addr is the ip address of his DNS server)
and ask him to set my.ns1.example.com and my.ns2.example.com as name servers for his domain.
But he cannot set them because it gets invalid nameserver error!
Its my understanding that because example.com is working properly in DNS system and thus my.ns1.example.com and my.ns2.example.com are resolved to the IP address properly, so nothing can prevent them to be used as nameservers.
I searched around and found that some people say the nameservers should be registered. I understand registering when we have to ask for setting glue records, but for this case I have no idea why would we need to register those name.
To be more specific with real life example, why would jobs.ns.cloudflare.com is a valid nameserver but www.cloudflare.com is not?
I asked the same question on serverfault.com with this link
There, I quote important part of the answer here,
From a pure DNS perspective, an authoritative nameserver (such as those for com) should not perform any kind of recursion to learn the IP address of the nameservers that are defined in your example.com zone. Instead, the registry permits registrars to add glue records to the com domain, and those registrars can provide a user interface so that the owners of the domains that these custom nameservers live in can do so. (example: Namecheap - How do I register personal nameservers for my domain?)
(To address the elephant in the room...no, these glue records are not strictly required. But policies are policies, and if the registrar interface requires the registry level glue to be present, you have little choice in the matter.)
While the answer does not answer my updated part of the question, I picked it as the answer and decided to ask another question.
The problem does not lie in the names: my.ns1.example.com and my.ns2.example.com are fine.
The registry, and sometimes even the registrar, normally perform a few checks before approving a nameserver change. If your nameservers are rejected as invalid they are most likely not yet correctly configured for your friend's domain. I mean, the servers at my.ns1.example.com and my.ns2.example.com do not contain the minimum required records for new-domain.com.
That said, the registrar support team should be able to provide more details: if it's them who reject the change they should let you know what part of the automatic tests fails and even provide the test output so you can see by yourself. On the other hand, if they just pass the change to the registry (your friend should see a "operation pending at registry level" notice in his control panel for some time) they could do the extra effort of helping you out by providing hints based on their experience with that particular TLD. That is, if your friend didn't grab a promo offer in the 0.99$-5.99$ a year range for the domain: if he pays them something in the 20$-50$ a year range then he should expect and demand a proper, helpful support. I use one of the cheapest registrars and if my nameserver change gets rejected I still get a full report:
Dear customer,
The registry did not accept the nameservers you tried assigning to
new-domain.com because they did not pass the registry tests. Please
check the report we got from the registry below, fix the errors
and try assigning the nameservers again.
Nameservers Resolvable Test: ERROR
my.ns1.example.com. ERROR Unresolvable host my.ns1.example.com.
my.ns2.example.com. ERROR Unresolvable host my.ns2.example.com.
my.ns3.example.com. OK
my.ns4.example.com. OK
SOAQueryAnswerTest: ERROR
my.ns1.example.com. ERROR java.net.SocketTimeoutException
my.ns2.example.com. ERROR java.net.SocketTimeoutException
my.ns3.example.com. OK
my.ns4.example.com. OK
... ... ...
Update: The OP posted an update saying that as soon as the nameservers were registered with the registry, they were accepted in his friend's control panel. It appears that particular registrar checks for glue records and rejects the nameservers if they have none. This is an unnecessary check because glue records are only needed if the nameservers are within the same domain they serve, as explained in these questions. Registrars usually explain this very clearly or at least mention this above the nameserver change form:
Please note that in most cases the ip address is not required and will actually be ignored. It is only necessary if the nameservers you are entering are sub-domains of the selected domain (also called custom nameservers or vanity nameservers).
We can conclude that the friend's registrar performs an unnecessary blocking test and does not respond to user inquiries in a helpful matter. Since the OP has the following need (citation from his updated post on serverfault):
I need to be able to create dynamic nameservers programmatically and ask my users to enter their specific nameservers for their domains in their registrars.
I warmly recommend he does some research looking for a decent and reasonably priced registrar he can point his customers/friends to in case they have any issues with their current ones.
My OS is CentOS 6.7 with Plesk 12.5.x
There are always some errors when I am checking DNS records in any DNS diagnostic tool. Can anybody please advise what records are necessary to set for all domains?
Here is my Plesk=>Tools & Settings => DNS Template
Here is error screen shot:
Another domain throwing the following error:
Thanks in anticipation
So the first major problem I see with your domain is that two of the nameservers listed do not reply.
ns1.onlinenics.net. ns1.wellnessbd.com. Maybe they are firewalled ?
And looking at the whois record it shows these as the registered nameservers;
NSSEC.ONLINE.NET NS1.ONLINENICS.NET
I'd check that first - it may just be a config error, or there may be a firewall/IPtables in the way blocking the query.
to fix the spf record you need something like this in your zone with the addresses of your valid sender(s);
"v=spf1 mx ip4:<ips of valid senders>/<cidr> -all"
If you have a way to export your zone file that would be a help and much easier to read and provide corrections too, sadly I'm no use with control panel type affairs.
I found a better online web tool which tests your dns. Specific results for your domain are here
So i have a senario, where i have an application which can be assigned to any client's domain without doing anything on the application side. Client just adds the Cnames (the long url that is assigned to every Beanstalk app) of the Elastic Beanstalk URL.
So when client goes to www.example1.com they will see the website, similarly when another client goes to www.example2.com they will also see the same website. Now the issue is that i use clean url's without the www. In order to do that i have to Use A records, but Godaddy only let A records to be assigned to IP addresses but in the case of AWS beanstalk. I know you cant assign IP addresses to the Application url as the instances get deleted when scaled, so is there any other solution to this problem?
I have read somewhere that cloudflare can help but have no idea how to use it.
Well i know the question is not related to programming but i can see many similar questions asked over here, so i guess it should be OK.
As always, any help is appreciated. Thankyou :)
Use Route53 with ALIAS.
You can do something manually, but the changes won't be permanent. See here for the full list of options: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options.html#command-options-general
Create a hosted zone "example1.com." in route53 and create an alias record "example1.com" pointing to the ELB of your environment in this hosted zone.
Now you can give the name servers for your route53 hosted zone to GoDaddy. Let me know if this setup does not work for you.
I am having difficulties getting my domain to point to my EC2 properly. I searched through a few third party guides online, and got slightly swamped in the official AWS documentation, but despite this I still cant get it to work.
Ive have Route 53 set up like this:
Type: A
Value: ??.??.??.?? (IP address)
Type: NS
Value: ns-1403.awsdns-47.org.
ns-1696.awsdns-20.co.uk.
ns-632.awsdns-15.net.
ns-431.awsdns-53.com.
Type: SOA
Value: ns-431.awsdns-53.com.
awsdns-hostmaster.amazon.com
And on my domain host I have the DNS Records set up like this:
Hostname: www
Type: NS
Value: ns-1403.awsdns-47.org
ns-1696.awsdns-20.co.uk
ns-632.awsdns-15.net
ns-431.awsdns-53.com
I think I am doing something fundamentally wrong. Firstly Im not sure if I got the Hostname part right on my DNS records. On the site it says .domain after the input box for the Hostname, which makes me think its a sub domain specifier. Am I right in thinking the # symbol works for no subdomain? (i.e. domain.com instead of www.domain.com)
Secondly should I remove the NS record set from Route 53, as its already specified in the DNS Records on the domain host?
Many thanks
There are two missing pieces here: telling your registrar to use Route53 instead of their own NS servers, and telling Route53 about your EC2 instance.
First, you need to set up your registrar. In this step you're telling the registrar to tell the global DNS system to look at Route53 for information about domain.com. Here's a quick tutorial for Namecheap and here's one for GoDaddy. Other registrars are similar, just google for YourRegistrarHere assign nameservers.
Second, to tell Route53 about your EC2 instance you should set an A record for domain.com within Route53 pointing at the elastic IP address that your EC2 instance is assigned. You should also create another A record for www.domain.com pointing at the same IP.
For your second question, as soon as you set up your registrar correctly the interface for creating records should just go away. You'll be managing all of your DNS records through Route53 instead.
I've got an organization page set up and running in GitHub and things seem to be working...but I'm a little confused. I'd like to actually understand the process since the GitHub Help article refers to taking advantage of their CDN and DoS services, so bear with me.
Step 1: Created CNAME file in repo with domain 'example.com'
Step 2: Grabbed IP from dig example.github.io +nostats +nocomments +nocmd
Step 3: Entered IP from Step 2 into the 'A' record (see image below)
I decided to stop here and see where it got me, and to my surprise it seems to have done the trick. The example.github.io domain correctly redirects to the example.com domain and displays the content from the repo.
However I was informed that after the DNS props, you can dig example.com and see the CNAME record pointing to example.github.io. I do not see this, and I dislike thinking that I didn't set things up correctly. Any thoughts/comments/tips welcome, thanks!
In order to take advantage of the CDN and DoS services provided by GitHub Pages, you'll need to set up a Subdomain (eg www.example.com or blog.example.com) instead of an Apex domain (example.com).
From the GitHub Help page you referenced:
If you are using an apex domain (example.com) instead of a subdomain
(www.example.com) and your DNS provider does not support ALIAS
records, then your only option is to use A records for your DNS. This
will not give you the benefit of our Content Delivery Network.
Here's a setup (looks like you're using GoDaddy for DNS) that would work to get your Organization Pages working as desired:
This is actually for a Project Page within an Organization, but for either one, you'll set the CNAME record for www to organization.github.io, not something like organization.github.io/project. Don't change the A record for # (mine is the default from GoDaddy).
If you want to get your Apex domain (example.com) to redirect to the new subdomain (www.example.com), then you can point your Apex to your subdomain with Domain Forwarding like this:
With that setup, you'll get to take advantage of GitHub's CDN, which you may notice is provided through fastly. Here's how my domain looks to dig:
It is also possible to use a CNAME record for an APEX domain using the free DNS service provided by CloudFlare in which case you can also use your domain without the www (or any other subdomain) and still benefit from CDN & DoS.
I've written a step-by-step guide here: Speed up your GitHub Pages website with CloudFlare
PS: Apparently using ALIAS records is a bad idea... click here to see why.
DNS records are publicly available. There's no way of masking them in this instance. From the way you describe it, you have done everything right. There is nothing that makes me thing you set this up incorrectly.