I'm trying to verify a Gitlab pages domain
So, in my DNS provider, I add a TXT register like:
_gitlab-pages-verification-code.mysite.example TXT gitlab-pages-verification-code=08206beaab9ad1079993f245f1419a22
but I already have
# 3600 IN TXT "v=spf1 mx include:_spf.google.com ?all"
that seems to override all my TXT entries.
When I do
dig +short txt mysite.example
I will not see the TXT entry as long as I don't delete the google entry.
How should I do that? I also read that I can't delete Google entry because it will periodically check it.
Any ideas?
EDIT:
I added
instructions changed, and now letsencrypt ask me that:
Please deploy a DNS TXT record under the name
_acme-challenge.mysite.io with the following value:
gcnw0KaBOs8lMALx9YvIYsq8ZCWyxCLieMfqxxxxx
Before continuing, verify the record is deployed.
so, I removed # TXT even if not necessary... and added the TXT entry:
# 10800 IN A 35.185.44.232
imap 10800 IN CNAME access.mail.gandi.net.
pop 10800 IN CNAME access.mail.gandi.net.
smtp 10800 IN CNAME relay.mail.gandi.net.
webmail 10800 IN CNAME webmail.gandi.net.
www 10800 IN CNAME mysite.io.
# 10800 IN MX 50 fb.mail.gandi.net.
# 10800 IN MX 10 spool.mail.gandi.net.
_acme-challenge.mysite.io 300 IN TXT "gcnw0KaBOs8lMALx9YvIYsq8ZCWyxCLieMxxxxxxx"
I waited a whole night, and when I execute:
dig +short txt _acme-challenge.mysite.io
It doesn't give me anything.
PD: Sorry about not being a programming question, what is the place where I should post ?
Do dig _gitlab-pages-verification-code.mysite.example TXT and you will see your TXT record for Gitlab verification.
When you do dig mysite.example TXT it returns only TXT records on the mysite.example record, not all TXT records in your zone.
Related
I have a DNS setup with IBM SOFTLAYER with below setup
$ORIGIN mydomain.com.
$TTL 86400
# IN SOA ns1.softlayer.com. support.softlayer.com. (
2018110900 ; Serial
7200 ; Refresh
600 ; Retry
1728000 ; Expire
43200) ; Minimum
# 86400 IN NS ns1.softlayer.com.
# 86400 IN NS ns2.softlayer.com.
# 60 IN TXT v=spf1 include:_spf.google.com ~all
google._domainkey 86400 IN TXT v=DKIM1; k=rsa; p=AB
_dmarc.mydomain.com. 86400 IN TXT v=DMARC1; p=quarantine; pct=100; rua=mailto:support#mydomain.com
* 900 IN CNAME mydomain.com.
devadmin 86400 IN CNAME admin.mydomain.com.
ftp 86400 IN CNAME admin.mydomain.com.
# 86400 IN A 100.100.100.100
admin 86400 IN A 200.200.200.200
This setup works fine and I can resolve queries like mydomain.com, devmedia.mydomain.com, x.devmedia.mydomain.com
The issue arises when I add another TXT record for Lets Encrypt domain validation.
_acme-challenge.devmedia 60 IN TXT txttestrest
Once added, domains with devmedia.mydomain.com stop resolving.
Is this normal behavior or some bug in DNS.
Do I need to add devmedia.mydomain.com explicitly in my DNS or there is some other way to do this.
CNAME records are not allowed to co-exist with other records. Since you have a CNAME defined for devmedia, you can't create a acme-challenge.devmedia. So either you need to change devmedia to an A record, or handle it some other way.
It might work to create acme-challenge.admin instead, since that is where the CNAME points, but I am not sure if they will actually check that way.
I have a question about SPF records (i not a huge expert of DNS)
In main domain (mydomain.com) we have mail server and our DNS have such a records (mx, a and txt):
IN MX 10 mail.mydomain.com.
mail IN A 1.1.1.1
mail IN A 2.2.2.2
mydomain.com. IN TXT "v=spf1 ip4:1.1.1.1 ip4:2.2.2.2 a:mail.mydomain.com ~all"
Now we have to install additional mail serwer in dedicate subdomain (mysubdomain.mydomain.com).
I have plan to send emails from this subdomain using zimbra.
I have a question so records in DNS are correct::
IN MX 10 mail.mydomain.com.
mysubdomain IN MX 10 mail1.mydomain.com.
mail IN A 1.1.1.1
mail IN A 2.2.2.2
mail1 IN A 3.3.3.3
mail1 IN A 4.4.4.4
mysubdomain IN A 3.3.3.3
mysubdomain IN A 4.4.4.4
mydomain.com. IN TXT "v=spf1 ip4:1.1.1.1 ip4:2.2.2.2 a:mail.mydomain.com ~all"
mysubdomain.mydomain.com. IN TXT "v=spf1 ip4:3.3.3.3 ip4:4.4.4.4 a:mail1.mydomain.com ~all"
Please tell me, so is are correct or i should done some changes?
Best regards,
bcteam
Your records look OK apart from the mail servers. Instead of explicitly using a clauses and the mail server host names, just use an mx clause. Instead of:
mydomain.com. IN TXT "v=spf1 ip4:1.1.1.1 ip4:2.2.2.2 a:mail.mydomain.com ~all"
mysubdomain.mydomain.com. IN TXT "v=spf1 ip4:3.3.3.3 ip4:4.4.4.4 a:mail1.mydomain.com ~all"
say:
mydomain.com. IN TXT "v=spf1 ip4:1.1.1.1 ip4:2.2.2.2 mx ~all"
mysubdomain.mydomain.com. IN TXT "v=spf1 ip4:3.3.3.3 ip4:4.4.4.4 mx ~all"
When you're done, test your setup on Scott Kitterman's site.
I'm trying to fix a DNS issue at my office. We run a local Bind server to handle requests to locally run sub domains that are only available in the office. Recently we moved our blog to wpengine.com for hosting. They also provide the ability for DNS control. Basically I need our local DNS to point office users to the wpengine site for our blog subdomain but nothing I do to our local zone file settings makes a difference. Our browsers always get directed to our primary ecom site which originally hosted the blog. I've tried adding sub domain delegation entries to our local zone file to no effect.
WPengine's settings has a primary DNS config of blog.fractureme.com with a CNAME entry of fracture.wpengine.com pointing to blog.fractureme.com . I'm wondering if there's some sort of circular logic going on here with our local office, our primary and Wpengine's DNS that keeps pointing us in the office to the wrong server when we try to go to blog.fractureme.com in a browser? Our primary domain hosting service also has a CNAME zone entry that points blog.fractureme.com to fracture.wpengine.com .
Meanwhile our office zone file looks like this.
(i did add * to local IP entries. I know thats probably silly trying to balance security with getting the best help). The last entry in the zone file is supposed to be directing blog.fractureme.com to the IP of fracture.wpengine.com. I've also tried a NS type entry with a 'glue' record with no luck.
;
; BIND data file for local loopback interface
;
$TTL 604800
# IN SOA fractureme.com. root.fractureme.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
# IN NS ns1.fractureme.com.
# IN NS dns2.registrar-servers.com.
ns1 IN A 192.168.1.150
ns2 IN A 85.25.136.102
fractureme.com. IN A 64.235.53.182
* IN A 64.235.53.182
mobile IN A 64.235.53.182
itslog IN A 64.235.53.182
blog IN CNAME fracture.wpengine.com
m IN CNAME ghs.google.com.
# IN TXT "v=spf1 a mx ptr a:fractureme.com a:mail.fractureme.com a:mail1.fractureme.com include:_spf.google.com ~all"
# IN MX 10 ASPMX.L.GOOGLE.COM.
# IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
# IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
# IN MX 30 ASPMX2.GOOGLEMAIL.COM.
# IN MX 30 ASPMX3.GOOGLEMAIL.COM.
# IN MX 30 ASPMX4.GOOGLEMAIL.COM.
# IN MX 30 ASPMX5.GOOGLEMAIL.COM.
;
; Fracture private addresses
;
prod IN A x.x.x.x
raid IN A x.x.x.x
dev IN A 64.238.189.200
alex IN A x.x.x.x
caldera IN A x.x.x.x
cnc IN A x.x.x.x
laser IN A x.x.x.x
encrypted-prod IN A x.x.x.x
$ORIGIN prod.staging.fractureme.com.
* IN A 64.238.189.199
$ORIGIN itslog.fractureme.com.
* IN A 64.235.53.182
$ORIGIN mobile.fractureme.com.
* IN A 64.235.53.182
$ORIGIN dev.fractureme.com.
* IN A 64.238.189.200
$ORIGIN prod.fractureme.com.
* IN A x.x.x.x
live IN A 64.235.53.182
$ORIGIN blog.fractureme.com.
* IN A 166.78.99.121
Couple suggestions--
Check that you have the correct IP for your site set up in your DNS zone file. There's been some migrations at WPE and this may cause the routing issues.
You can find the updated IP in your my.wpengine.com overview.
If this is a multisite, make sure the domains are added to their user portal as well, one per line with none redirecting to the primary.
Also if multisite, make sure you are using the Wordpress MU domain mapping plugin to direct the domains to the correct subsite rather than trying to do this custom.
My DNS has a set up for the domain base.com that consists of A and MX records. There are several other domains that are set up with CNAME records, pointing to base.com.
Do I need to set up anything special (like extra MX records) for the CNAME domains, or will the CNAME records also forward any MX requests.
Example:
Will an email sent to info#otherdomain.com be delivered correctly to the MX of base.com if these (and only these) DNS records are in place:
; A and MX set up for base.com
base.com. 3600 IN A 123.45.67.89
mail.base.com. 3600 A 123.45.67.89
base.com. 3600 IN MX 10 mail.base.com.
; CNAME set up for otherdomain.com
otherdomain.com. CNAME IN A base.com.
CNAME causes queries for all RR types (excluding CNAME itself) to be directed to the target name. That includes MX. So yes, the above zone data will cause queries for otherdomain.com.'s MX to resolve to mail.base.com..
Experiment with dig or your favorite DNS client. Not only will you confirm the result for sure, but you won't have to wait 4 hours for someone to answer your SO question before you get your answer!
Unfortunately, in this particular case, if your domain is really of the form otherdomain.com., you would not be able to configure a CNAME resource records for it. This is because domains that have CNAME records cannot have any other type of resource record at the same time. Yet if otherdomain.com. is directly below com. (or another gTLD), it is necessarily at the top of a zone and so it needs at least SOA and NS records.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have a problem with setting the DNS in order to use Google Apps on specific domains. I can easily set the DNS for domains that are controlled via some control panel (eg. GoDaddy) but I have problems for domains that are controlled via zone files on the server.
If I configure the zone file like following:
MYDOMAIN.COM. 3600 IN SOA some.domaincontrol.com. name.mail.com (
2012041904
28800
7200
604800
3600
)
; A Records
# 3600 IN A 000.000.000.000
; CNAME Records
mail 3600 IN CNAME ghs.google.com
calendar 3600 IN CNAME ghs.google.com
docs 3600 IN CNAME ghs.google.com
www 3600 IN CNAME #
test 3600 IN CNAME #
; MX Records
# 3600 IN MX 1 ASPMX.L.GOOGLE.COM
# 3600 IN MX 5 ALT1.ASPMX.L.GOOGLE.COM
# 3600 IN MX 5 ALT2.ASPMX.L.GOOGLE.COM
# 3600 IN MX 10 ASPMX2.GOOGLEMAIL.COM
# 3600 IN MX 10 ASPMX3.GOOGLEMAIL.COM
; TXT Records
# 3600 IN TXT "google-site-verification=blah-blah-12345"
; NS Records
# 3600 IN NS some.domaincontrol.com
# 3600 IN NS another.domaincontrol.com
Then the MX records reported by Google Apps, and some DNS query sites (like Network Tools), are having as suffix the domain itself:
MX 1 ASPMX.L.GOOGLE.COM.MYDOMAIN.COM
MX 5 ALT1.ASPMX.L.GOOGLE.COM.MYDOMAIN.COM
MX 5 ALT2.ASPMX.L.GOOGLE.COM.MYDOMAIN.COM
MX 10 ASPMX2.GOOGLEMAIL.COM.MYDOMAIN.COM
MX 10 ASPMX3.GOOGLEMAIL.COM.MYDOMAIN.COM
Also, the "mail", "docs" and "calendar" subdomains are not being redirected to Google Apps.
I have also tried with the following configuration for the MX records, in hope that this will properly point to external (Google) mail exchange:
; MX Records
3600 MX 1 ASPMX.L.GOOGLE.COM.
3600 MX 5 ALT1.ASPMX.L.GOOGLE.COM.
3600 MX 5 ALT2.ASPMX.L.GOOGLE.COM.
3600 MX 10 ASPMX2.GOOGLEMAIL.COM.
3600 MX 10 ASPMX3.GOOGLEMAIL.COM.
But this resulted with no MX record being retrieved by Google Apps and DNS queries. Some sort of misconfiguration in the DNS zone file is occurring
How can I properly configure domain via zone file to properly point to external MX and CNAME lcoations? Particularly to Google Apps?
Sandman answered on Serverfault, where I have repeated the question.
The cause of original problem: missing trailing dot on the records. (check the link for more details).