I have a DNS setup with IBM SOFTLAYER with below setup
$ORIGIN mydomain.com.
$TTL 86400
# IN SOA ns1.softlayer.com. support.softlayer.com. (
2018110900 ; Serial
7200 ; Refresh
600 ; Retry
1728000 ; Expire
43200) ; Minimum
# 86400 IN NS ns1.softlayer.com.
# 86400 IN NS ns2.softlayer.com.
# 60 IN TXT v=spf1 include:_spf.google.com ~all
google._domainkey 86400 IN TXT v=DKIM1; k=rsa; p=AB
_dmarc.mydomain.com. 86400 IN TXT v=DMARC1; p=quarantine; pct=100; rua=mailto:support#mydomain.com
* 900 IN CNAME mydomain.com.
devadmin 86400 IN CNAME admin.mydomain.com.
ftp 86400 IN CNAME admin.mydomain.com.
# 86400 IN A 100.100.100.100
admin 86400 IN A 200.200.200.200
This setup works fine and I can resolve queries like mydomain.com, devmedia.mydomain.com, x.devmedia.mydomain.com
The issue arises when I add another TXT record for Lets Encrypt domain validation.
_acme-challenge.devmedia 60 IN TXT txttestrest
Once added, domains with devmedia.mydomain.com stop resolving.
Is this normal behavior or some bug in DNS.
Do I need to add devmedia.mydomain.com explicitly in my DNS or there is some other way to do this.
CNAME records are not allowed to co-exist with other records. Since you have a CNAME defined for devmedia, you can't create a acme-challenge.devmedia. So either you need to change devmedia to an A record, or handle it some other way.
It might work to create acme-challenge.admin instead, since that is where the CNAME points, but I am not sure if they will actually check that way.
Related
This is my first time using GCloud DNS, looking to configure a public zone for Hodl.Art. Opted for GCloud because their DNSSEC supports RSASHA256 (GoDaddy doesn't, nor the rest of my registrars), compatible with ENS.Domains for renaming a digital wallet.
My problem is that, try as I may, GCloud doesn't want to publish/make-public my A and TXT record sets. The zone currently looks like this in the console but no resolution!?
Am I overlooking something obvious or need to turn on some other functionality?
#.hodl.art. A 300 46.252.205.197
_ens.hodl.art. TXT 300 "a=0x40974E5e819064c7159E2198E2ab540eE8C874bd"
hodl.art. NS 21600
ns-cloud-c1.googledomains.com.
ns-cloud-c2.googledomains.com.
ns-cloud-c3.googledomains.com.
ns-cloud-c4.googledomains.com.
hodl.art. SOA 21600
ns-cloud-c1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300
www.hodl.art. CNAME 300 #.
If you are using the # as the origin, for Google Cloud DNS leave the entry field blank.
hodl.art. A 300 46.252.205.197
www.hodl.art. CNAME 300 hodl.art.
Google Cloud DNS Managing records
"To create a wildcard DNS record, enter an asterisk—for example, *.example.com.
Note: Adding the # symbol in this field causes the record to fail."
---Google Cloud DNS Managing records---
I'm trying to verify a Gitlab pages domain
So, in my DNS provider, I add a TXT register like:
_gitlab-pages-verification-code.mysite.example TXT gitlab-pages-verification-code=08206beaab9ad1079993f245f1419a22
but I already have
# 3600 IN TXT "v=spf1 mx include:_spf.google.com ?all"
that seems to override all my TXT entries.
When I do
dig +short txt mysite.example
I will not see the TXT entry as long as I don't delete the google entry.
How should I do that? I also read that I can't delete Google entry because it will periodically check it.
Any ideas?
EDIT:
I added
instructions changed, and now letsencrypt ask me that:
Please deploy a DNS TXT record under the name
_acme-challenge.mysite.io with the following value:
gcnw0KaBOs8lMALx9YvIYsq8ZCWyxCLieMfqxxxxx
Before continuing, verify the record is deployed.
so, I removed # TXT even if not necessary... and added the TXT entry:
# 10800 IN A 35.185.44.232
imap 10800 IN CNAME access.mail.gandi.net.
pop 10800 IN CNAME access.mail.gandi.net.
smtp 10800 IN CNAME relay.mail.gandi.net.
webmail 10800 IN CNAME webmail.gandi.net.
www 10800 IN CNAME mysite.io.
# 10800 IN MX 50 fb.mail.gandi.net.
# 10800 IN MX 10 spool.mail.gandi.net.
_acme-challenge.mysite.io 300 IN TXT "gcnw0KaBOs8lMALx9YvIYsq8ZCWyxCLieMxxxxxxx"
I waited a whole night, and when I execute:
dig +short txt _acme-challenge.mysite.io
It doesn't give me anything.
PD: Sorry about not being a programming question, what is the place where I should post ?
Do dig _gitlab-pages-verification-code.mysite.example TXT and you will see your TXT record for Gitlab verification.
When you do dig mysite.example TXT it returns only TXT records on the mysite.example record, not all TXT records in your zone.
I'm trying to fix a DNS issue at my office. We run a local Bind server to handle requests to locally run sub domains that are only available in the office. Recently we moved our blog to wpengine.com for hosting. They also provide the ability for DNS control. Basically I need our local DNS to point office users to the wpengine site for our blog subdomain but nothing I do to our local zone file settings makes a difference. Our browsers always get directed to our primary ecom site which originally hosted the blog. I've tried adding sub domain delegation entries to our local zone file to no effect.
WPengine's settings has a primary DNS config of blog.fractureme.com with a CNAME entry of fracture.wpengine.com pointing to blog.fractureme.com . I'm wondering if there's some sort of circular logic going on here with our local office, our primary and Wpengine's DNS that keeps pointing us in the office to the wrong server when we try to go to blog.fractureme.com in a browser? Our primary domain hosting service also has a CNAME zone entry that points blog.fractureme.com to fracture.wpengine.com .
Meanwhile our office zone file looks like this.
(i did add * to local IP entries. I know thats probably silly trying to balance security with getting the best help). The last entry in the zone file is supposed to be directing blog.fractureme.com to the IP of fracture.wpengine.com. I've also tried a NS type entry with a 'glue' record with no luck.
;
; BIND data file for local loopback interface
;
$TTL 604800
# IN SOA fractureme.com. root.fractureme.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
# IN NS ns1.fractureme.com.
# IN NS dns2.registrar-servers.com.
ns1 IN A 192.168.1.150
ns2 IN A 85.25.136.102
fractureme.com. IN A 64.235.53.182
* IN A 64.235.53.182
mobile IN A 64.235.53.182
itslog IN A 64.235.53.182
blog IN CNAME fracture.wpengine.com
m IN CNAME ghs.google.com.
# IN TXT "v=spf1 a mx ptr a:fractureme.com a:mail.fractureme.com a:mail1.fractureme.com include:_spf.google.com ~all"
# IN MX 10 ASPMX.L.GOOGLE.COM.
# IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
# IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
# IN MX 30 ASPMX2.GOOGLEMAIL.COM.
# IN MX 30 ASPMX3.GOOGLEMAIL.COM.
# IN MX 30 ASPMX4.GOOGLEMAIL.COM.
# IN MX 30 ASPMX5.GOOGLEMAIL.COM.
;
; Fracture private addresses
;
prod IN A x.x.x.x
raid IN A x.x.x.x
dev IN A 64.238.189.200
alex IN A x.x.x.x
caldera IN A x.x.x.x
cnc IN A x.x.x.x
laser IN A x.x.x.x
encrypted-prod IN A x.x.x.x
$ORIGIN prod.staging.fractureme.com.
* IN A 64.238.189.199
$ORIGIN itslog.fractureme.com.
* IN A 64.235.53.182
$ORIGIN mobile.fractureme.com.
* IN A 64.235.53.182
$ORIGIN dev.fractureme.com.
* IN A 64.238.189.200
$ORIGIN prod.fractureme.com.
* IN A x.x.x.x
live IN A 64.235.53.182
$ORIGIN blog.fractureme.com.
* IN A 166.78.99.121
Couple suggestions--
Check that you have the correct IP for your site set up in your DNS zone file. There's been some migrations at WPE and this may cause the routing issues.
You can find the updated IP in your my.wpengine.com overview.
If this is a multisite, make sure the domains are added to their user portal as well, one per line with none redirecting to the primary.
Also if multisite, make sure you are using the Wordpress MU domain mapping plugin to direct the domains to the correct subsite rather than trying to do this custom.
My DNS has a set up for the domain base.com that consists of A and MX records. There are several other domains that are set up with CNAME records, pointing to base.com.
Do I need to set up anything special (like extra MX records) for the CNAME domains, or will the CNAME records also forward any MX requests.
Example:
Will an email sent to info#otherdomain.com be delivered correctly to the MX of base.com if these (and only these) DNS records are in place:
; A and MX set up for base.com
base.com. 3600 IN A 123.45.67.89
mail.base.com. 3600 A 123.45.67.89
base.com. 3600 IN MX 10 mail.base.com.
; CNAME set up for otherdomain.com
otherdomain.com. CNAME IN A base.com.
CNAME causes queries for all RR types (excluding CNAME itself) to be directed to the target name. That includes MX. So yes, the above zone data will cause queries for otherdomain.com.'s MX to resolve to mail.base.com..
Experiment with dig or your favorite DNS client. Not only will you confirm the result for sure, but you won't have to wait 4 hours for someone to answer your SO question before you get your answer!
Unfortunately, in this particular case, if your domain is really of the form otherdomain.com., you would not be able to configure a CNAME resource records for it. This is because domains that have CNAME records cannot have any other type of resource record at the same time. Yet if otherdomain.com. is directly below com. (or another gTLD), it is necessarily at the top of a zone and so it needs at least SOA and NS records.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have a problem with setting the DNS in order to use Google Apps on specific domains. I can easily set the DNS for domains that are controlled via some control panel (eg. GoDaddy) but I have problems for domains that are controlled via zone files on the server.
If I configure the zone file like following:
MYDOMAIN.COM. 3600 IN SOA some.domaincontrol.com. name.mail.com (
2012041904
28800
7200
604800
3600
)
; A Records
# 3600 IN A 000.000.000.000
; CNAME Records
mail 3600 IN CNAME ghs.google.com
calendar 3600 IN CNAME ghs.google.com
docs 3600 IN CNAME ghs.google.com
www 3600 IN CNAME #
test 3600 IN CNAME #
; MX Records
# 3600 IN MX 1 ASPMX.L.GOOGLE.COM
# 3600 IN MX 5 ALT1.ASPMX.L.GOOGLE.COM
# 3600 IN MX 5 ALT2.ASPMX.L.GOOGLE.COM
# 3600 IN MX 10 ASPMX2.GOOGLEMAIL.COM
# 3600 IN MX 10 ASPMX3.GOOGLEMAIL.COM
; TXT Records
# 3600 IN TXT "google-site-verification=blah-blah-12345"
; NS Records
# 3600 IN NS some.domaincontrol.com
# 3600 IN NS another.domaincontrol.com
Then the MX records reported by Google Apps, and some DNS query sites (like Network Tools), are having as suffix the domain itself:
MX 1 ASPMX.L.GOOGLE.COM.MYDOMAIN.COM
MX 5 ALT1.ASPMX.L.GOOGLE.COM.MYDOMAIN.COM
MX 5 ALT2.ASPMX.L.GOOGLE.COM.MYDOMAIN.COM
MX 10 ASPMX2.GOOGLEMAIL.COM.MYDOMAIN.COM
MX 10 ASPMX3.GOOGLEMAIL.COM.MYDOMAIN.COM
Also, the "mail", "docs" and "calendar" subdomains are not being redirected to Google Apps.
I have also tried with the following configuration for the MX records, in hope that this will properly point to external (Google) mail exchange:
; MX Records
3600 MX 1 ASPMX.L.GOOGLE.COM.
3600 MX 5 ALT1.ASPMX.L.GOOGLE.COM.
3600 MX 5 ALT2.ASPMX.L.GOOGLE.COM.
3600 MX 10 ASPMX2.GOOGLEMAIL.COM.
3600 MX 10 ASPMX3.GOOGLEMAIL.COM.
But this resulted with no MX record being retrieved by Google Apps and DNS queries. Some sort of misconfiguration in the DNS zone file is occurring
How can I properly configure domain via zone file to properly point to external MX and CNAME lcoations? Particularly to Google Apps?
Sandman answered on Serverfault, where I have repeated the question.
The cause of original problem: missing trailing dot on the records. (check the link for more details).