I'am using OpenSuse Harlequin, and yast DNS (named) for my domain DNS server, and got something that i don't understand = nslookup or dig resolve server.zone.domaine and don't resolve zone.domaine.
edserv:~ # dig edserv.nobugg.fr
; <<>> DiG 9.9.6-P1 <<>> edserv.nobugg.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28633
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;edserv.nobugg.fr. IN A
;; ANSWER SECTION:
edserv.nobugg.fr. 172800 IN A 192.168.0.3
edserv.nobugg.fr. 172800 IN A 82.234.159.172
;; AUTHORITY SECTION:
nobugg.fr. 172800 IN NS edserv.
nobugg.fr. 172800 IN NS slv2.1and1.fr.
nobugg.fr. 172800 IN NS edserv.nobugg.fr.
;; Query time: 0 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Wed May 11 17:21:52 CEST 2016
;; MSG SIZE rcvd: 136
and for the zone
edserv:~ # dig nobugg.fr
; <<>> DiG 9.9.6-P1 <<>> nobugg.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55706
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nobugg.fr. IN A
;; AUTHORITY SECTION:
nobugg.fr. 86400 IN SOA edserv. root.edserv. 2016051107 10800 3600 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Wed May 11 17:22:13 CEST 2016
;; MSG SIZE rcvd: 85
there is no answers.
the same with nslookup
edserv:~ # nslookup nobugg.fr
Server: 192.168.0.3
Address: 192.168.0.3#53
***** Can't find nobugg.fr: No answer**
edserv:~ # nslookup edserv.nobugg.fr
Server: 192.168.0.3
Address: 192.168.0.3#53
Name: edserv.nobugg.fr
Address: 192.168.0.3
Name: edserv.nobugg.fr
Address: 82.234.159.172
When there is the servername it is ok. When there is only the zone it doesn't worK
edserv:~ # dig www.nobugg.fr
; <<>> DiG 9.9.6-P1 <<>> www.nobugg.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57239
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.nobugg.fr. IN A
;; ANSWER SECTION:
www.nobugg.fr. 172800 IN A 82.234.159.172
;; AUTHORITY SECTION:
nobugg.fr. 172800 IN NS edserv.
nobugg.fr. 172800 IN NS slv2.1and1.fr.
nobugg.fr. 172800 IN NS edserv.nobugg.fr.
;; ADDITIONAL SECTION:
edserv.nobugg.fr. 172800 IN A 192.168.0.3
edserv.nobugg.fr. 172800 IN A 82.234.159.172
;; Query time: 0 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Wed May 11 17:38:24 CEST 2016
;; MSG SIZE rcvd: 156
I think nobugg.fr should be resolved by nslookup normally, but it is not the case.
here my named.conf
options {directory "/var/lib/named/";
managed-keys-directory "/var/lib/named/dyn/";
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
listen-on port 53 { 127.0.0.1;192.168.0.3 ;};
notify no;
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
include "/etc/named.d/forwarders.conf";
listen-on-v6 { any;};
allow-query {any;};
allow-recursion {any;};
hostname "edserv.nobugg.fr";
};
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
include "/etc/named.conf.include";
logging {
category default { log_syslog; };
channel log_syslog { syslog; };
};
zone "nobugg.fr" in {
file "dyn/nobugg.frXXX";
type master;
allow-transfer { any; localhost; localnets; };
allow-update { key 1; };
};
zone "nobugg.fr.in-addr.arpa" in {
file "dyn/nobugg.fr.in-addr.arpaXX";
type master;
allow-transfer { any; localhost; localnets; };
allow-update { key 1; };
};
/var/lib/named/dyn/nobugg.frXXX
$TTL 172800
# IN SOA edserv. root.edserv. (
2016051107
10800
3600
604800
86400)
IN NS edserv.nobugg.fr.
IN NS slv2.1and1.fr.
IN NS edserv
IN NS edserv.
IN MX 0 mx00.1and1.fr.
www.nobugg.fr. IN A 82.234.159.172
nobugg.fr IN NS edserv.nobugg.fr.
nobugg.fr IN A 192.168.0.3
nobugg.fr IN A 82.234.159.172
localhost IN A 127.0.0.1
slv2 IN NS slv2.1and1.fr.
edserv.nobugg.fr. IN A 192.168.0.3
edserv.nobugg.fr. IN A 82.234.159.172
/var/lib/named/dyn/nobugg.fr.in-addr.arpaXX
$TTL 172800
# IN SOA edserv. root.edserv. (
2016051105
10800
3600
604800
86400)
IN NS edserv.nobugg.fr.
IN NS slv2.1and1.fr.
3.0.168.192 IN PTR edserv.nobugg.fr.
172.159.234.82 IN PTR edserv.nobugg.fr.
172.159.234.82 IN PTR www.nobugg.fr.
172.159.234.82 IN PTR nobugg.fr.
nobugg.fr IN NS edserv.
slv2 IN NS slv2.1and1.fr.
resolv.conf
search nobugg.fr free.fr
nameserver 192.168.0.3
nameserver 212.27.40.240
nameserver 212.27.40.241
172.159.234.82 is my public IP. The domain come from 1and1, where i have declared first server name = 172.159.234.82 and second server slv2.1and1.fr.
212.27.40.240 is the dns of my provider (free.fr)
Thanks for any help. I'am looking for this problem since a week every days, i spended a lot of hours and don't found what happen.
OK, let's investigate :):
Check which name servers are responsible for .fr TLD:
[vagrant#localhost ~]$ dig fr ns #a.root-servers.net +noall +answer +authority
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> fr ns #a.root-servers.net +noall +answer +authority
;; global options: +cmd
fr. 172800 IN NS e.ext.nic.fr.
fr. 172800 IN NS f.ext.nic.fr.
fr. 172800 IN NS g.ext.nic.fr.
fr. 172800 IN NS d.nic.fr.
fr. 172800 IN NS d.ext.nic.fr.
Let's pick the d.nic.fr and use it to find authoritative name servers for nobugg.fr:
[vagrant#localhost ~]$ dig nobugg.fr ns #d.nic.fr +noall +answer +authority
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> nobugg.fr ns #d.nic.fr +noall +answer +authority
;; global options: +cmd
nobugg.fr. 172800 IN NS slv2.1and1.fr.
nobugg.fr. 172800 IN NS edserv.nobugg.fr.
Next, let's what the first one, slv2.1and1.fr., has to say about your zone:
[vagrant#localhost ~]$ dig nobugg.fr #slv2.1and1.fr
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> nobugg.fr #slv2.1and1.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 59911
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
Query refused, which probably means that slv2.1and1.fr has no idea about your domain! You should either remove this name server (using your domain registrar console - and provide another one since two is the minimum) or have them host your zone (since 1nd1 is your domain's registrar it should probably be doable but you need to check with their support hw to do it)
Until you fix that, we nned to check if at least edserv.nobugg.fr provides some sensible info about nobugg.fr domain:
[vagrant#localhost ~]$ dig nobugg.fr #edserv.nobugg.fr
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> nobugg.fr #edserv.nobugg.fr
;; global options: +cmd
;; connection timed out; no servers could be reached
If you take a closer look, we are trying to query server edserv.nobug.fr, and we still don't have any info about the nobugg.fr. That is not unusual but glue record is than needed at upstream nameserver, let's see if there is one at d.nic.fr:
[vagrant#localhost ~]$ dig #d.nic.fr nobugg.fr +noall +additional
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> #d.nic.fr nobugg.fr +noall +additional
; (2 servers found)
;; global options: +cmd
edserv.nobugg.fr. 172800 IN A 82.234.159.172
edserv.nobugg.fr. 172800 IN AAAA 2002::52ea:9fac
OK, we know that we should query #82.234.159.172 .But then it is a bit strange why our previous dog timed out, it should also be able to come with this info. Maybe the next steps will shed some light, let's check what 82.234.159.172 knows:
[vagrant#localhost ~]$ dig nobug.fr #82.234.159.172
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> nobug.fr #82.234.159.172
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35302
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nobug.fr. IN A
;; ANSWER SECTION:
nobug.fr. 1800 IN A 151.80.186.210
;; AUTHORITY SECTION:
nobug.fr. 1800 IN NS dns1.kalitys.com.
nobug.fr. 1800 IN NS dns2.kalitys.com.
;; Query time: 88 msec
;; SERVER: 82.234.159.172#53(82.234.159.172)
;; WHEN: Thu May 12 11:34:23 CEST 2016
;; MSG SIZE rcvd: 102
Well. It is either all f*cked up or OP is changing it as I write. Let's make a break :)
Related
I'm trying to parse a DIG request and I'm not quite sure what all the sections mean. My guess is that 151.101.53.164 is the authoritative name server's IP.
User-Desktop:Desktop user$ dig www.nytimes.com
; <<>> DiG 9.8.3-P1 <<>> www.nytimes.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1148
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;www.nytimes.com. IN A
;; ANSWER SECTION:
www.nytimes.com. 63 IN CNAME nytimes.map.fastly.net.
nytimes.map.fastly.net. 24 IN A 151.101.53.164
;; AUTHORITY SECTION:
fastly.net. 2204 IN NS ns3.fastly.net.
fastly.net. 2204 IN NS ns1.fastly.net.
fastly.net. 2204 IN NS ns2.fastly.net.
fastly.net. 2204 IN NS ns4.fastly.net.
;; ADDITIONAL SECTION:
ns1.fastly.net. 2344 IN A 23.235.32.32
ns2.fastly.net. 2344 IN A 104.156.80.32
ns3.fastly.net. 171545 IN A 23.235.36.32
ns4.fastly.net. 2345 IN A 104.156.84.32
;; Query time: 48 msec
;; SERVER: 131.252.120.128#53(131.252.120.128)
;; WHEN: Tue May 9 12:41:15 2017
;; MSG SIZE rcvd: 221
I have a domain (xanderflood.com) whose DNS is manged by Route 53. I'd like to delegate DNS for test.xanderflood.com to a server that'll be located at ns.test.xanderflood.com, so I added two records:
test.xanderflood.com IN NS ns.test.xanderflood.com
ns.test.xanderflood.com IN A 198.51.100.234
When I run dig +trace #75.75.75.75 media.test.xanderflood.com, I get
; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> +trace #75.75.75.75
media.test.xanderflood.com
; (1 server found)
;; global options: +cmd
. 503150 IN NS k.root-servers.net.
. 503150 IN NS l.root-servers.net.
. 503150 IN NS m.root-servers.net.
. 503150 IN NS a.root-servers.net.
. 503150 IN NS b.root-servers.net.
. 503150 IN NS c.root-servers.net.
. 503150 IN NS d.root-servers.net.
. 503150 IN NS e.root-servers.net.
. 503150 IN NS f.root-servers.net.
. 503150 IN NS g.root-servers.net.
. 503150 IN NS h.root-servers.net.
. 503150 IN NS i.root-servers.net.
. 503150 IN NS j.root-servers.net.
. 503150 IN RRSIG NS 8 0 518400 20190704170000 20190621160000 25266 . D5+HDC+b5kZ625Ac27BUxuBSBTATMWEGyjPXTJIR1WaWkb3uGBhNYV5G CC/aFJtwJZ0M5ki9mWfDMBr2TTr4ij9KViXbr7PDVDLHnqixT864P+8t KmHPL1uYIb94DkJza8gTMcJZoQlFEj+gEl2+qPBRc5oZbl4GkVva+La4 T/64g96mORdS8vZGn9aQSCZnPg8Ckt6sTIaELWLAnI3zTFrosg+zrG8D zVJFmFy55SmleFq6Gzs3BMk1DIs8FqrVjS5PPVVIGsjAMhLMeS0Sclps AFf8kjEMzXoREz4DeNYWgmf2nE3HUXSxd/XR7VAlzJmOUt8Suz0YkDr3 OGS+Ig==
;; Received 1041 bytes from 75.75.75.75#53(75.75.75.75) in 12 ms
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20190704170000 20190621160000 25266 . lc916tqVraGg10FCUk6/B5E0xeEbP4c5rnt3bPICTdHmSHgAZ/SpA8MF pIO426+YZ12p/lozYA2nUo6B7lVrjinglyNAnTBrVxYPtiC078gPU1Bq g8gEG6OZHoe/+UdYfvVtblW/ioSExKeyc9/C6KYfzZuD++T05/izeHov iiE+4ViTmaFaDgI+xSpqttRJT/nYRpn1tN9/35MV/rhXDhEGIUdLM98e wscQUzDbfkifK6NKb9Z6Vp689y2N7WV9dJKcDeNqcoRrMrWW9ioWOLqE Kxhv4O6AzL9clubwuzi+ufirwk6euOD8n6q6u51bcRhK8PdgUs2xy2Ms uVcCMQ==
;; Received 1214 bytes from 199.9.14.201#53(b.root-servers.net) in 60 ms
xanderflood.com. 172800 IN NS ns-426.awsdns-53.com.
xanderflood.com. 172800 IN NS ns-823.awsdns-38.net.
xanderflood.com. 172800 IN NS ns-1657.awsdns-15.co.uk.
xanderflood.com. 172800 IN NS ns-1471.awsdns-55.org.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190628044430 20190621033430 3800 com. E0fw9vzA0DqWNYImFXrvmV/qH2cH6hDM5E7X6/pCKrhCZp7Qb6iCkp3u PdwVPv5HIs65MaMNSGA9gXCs4JcXBjUx6cmjKUbUfGX2kQffmFm6dGfA WvtjYvzFfG1o/0SUU5awr6hes1fa/G1RxwVW8a4AAdhZ/cPpFS2RTlar i/0=
50C5NFS5N8S46COAHN2QFK40EQF0U3HS.com. 86400 IN NSEC3 1 1 0 - 50C7M61IFHEGFKLIRHD1569DD1CM9NV5 NS DS RRSIG
50C5NFS5N8S46COAHN2QFK40EQF0U3HS.com. 86400 IN RRSIG NSEC3 8 2 86400 20190626053147 20190619042147 3800 com. eYnghQKgo9br7ORy1m6Ago7kBLi6Hj5yYumps4YQNJs/CMlgLt8yuzhw SGIAyzMuRuCnW8N+rH813tURS/zaR8cOWqxqxG/sj7xDZ++kMveCA7VW MQZq8CCplfYqAMpaNqDf3Qi/21612pfQnRnVe1XNwS99rqv/wt7L/OaE 6Ek=
;; Received 693 bytes from 192.55.83.30#53(m.gtld-servers.net) in 25 ms
test.xanderflood.com. 300 IN NS ns.test.xanderflood.com.
^Ccouldn't get address for 'ns.test.xanderflood.com': not found
dig: couldn't get address for 'ns.test.xanderflood.com': no more
In the last stage, the route53 server doesn't seem to send the glue record along with the NS record. But when I check that specifically by running dig #ns-1471.awsdns-55.org test.test.xanderflood.com, it does sen the glue record:
; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> #ns-1471.awsdns-55.org test.test.xanderflood.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52944
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.test.xanderflood.com. IN A
;; AUTHORITY SECTION:
test.xanderflood.com. 300 IN NS ns.test.xanderflood.com.
;; ADDITIONAL SECTION:
ns.test.xanderflood.com. 300 IN A 198.51.100.234
;; Query time: 26 msec
;; SERVER: 205.251.197.191#53(205.251.197.191)
;; WHEN: Fri Jun 21 18:58:54 EDT 2019
;; MSG SIZE rcvd: 87
I tried all four of the listed AWS nameservers and they all included the glue record. Similarly, if I ask the AWS servers for ns.test.xanderflood.com, I get the A record, but when I use dig +trace and ask my ISPs recursive server, it gets to the NS record and can't go any further. Any ideas?
The problem is not with the +trace. Since a simple request for the nameserver name receives an error:
$ dig ns.test.xanderflood.com
; <<>> DiG 9.10.3-P4-Debian <<>> ns.test.xanderflood.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6793
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.test.xanderflood.com. IN A
;; Query time: 4625 msec
Because the problem is that this specific nameserver does not reply at all!
The parent correctly provides the glue:
$ dig #ns-1657.awsdns-15.co.uk. ns.test.xanderflood.com | grep 'IN A '
ns.test.xanderflood.com. 5m IN A 198.51.100.234
(+short does not work because the information is in the additional section, not the answer one)
But then:
$ dig #198.51.100.234 ns.test.xanderflood.com
; <<>> DiG 9.12.0 <<>> #198.51.100.234 ns.test.xanderflood.com
; (1 server found)
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30129
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: f266724ac73b2e54
;; QUESTION SECTION:
;ns.test.xanderflood.com. IN A
;; QUERY SIZE: 64
;; connection timed out; no servers could be reached
(the usual troubleshooting then involves trying +tcp/+notcp to debug UDP/TCP problems and +dnssec/+nodnssec to involve DNSSEC related problems. No options change the above result, the server does not reply)
This server does not reply. dig +trace finishes by asking this server but does not get a reply, hence the final error.
As soon as this nameserver starts to reply to DNS queries your problem will go away.
You can as well have a look at a monitoring service: http://dnsviz.net/d/ns.test.xanderflood.com/dnssec/
The popup on the name says: No response was received from server over UDP (tried 12 times.)
By the way, surely obvious, but just to be sure: it is a bad idea to delegate a domain to a single nameserver (especially if not anycasted)
I want to point my subdomain (w.example.com) to (ns1.w.example.com)
NS w.example.com directs to ns1.w.example.com.
A ns1.w.example.com directs to 192.0.2.139
>> dig w.example.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> w.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20571
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;w.example.com. IN A
;; Query time: 195 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Thu Feb 14 12:10:13 UTC 2019
;; MSG SIZE rcvd: 43
Why is it breaking DNS resolution & let me know the proper way to point my subdomain (w.example.com) to (ns1.w.example.com)
And what it is the proper way to do this?
At the zone of domain.com you need the delegation AND a glue record. Respectively the forlast and last record here:
$ORIGIN example.com.
# NS auth.dns.example
# NS auth.dns.example
# NS auth.dns.example
...
w NS ns1.w
ns1.w A 192.0.2.139
The glue record is "out-of-zone" data, needed to pre-indicate the address of that nameserver - as without that info a resolver can't guess it.
At the zone of w.example.com you need to have
$ORIGIN w.example.com.
# NS ns1
ns1 A 192.0.2.139
I have the domain icebuddha.com that I am trying to associate with a static Github Page (https://github.com/0xdabbad00/icebuddha). When I ping or dig this address I get no IP see here. I've configured this domain in Route53 as follows:
Name servers match NS record. I don't know what the SOA record is.
Other name server view:
dig records (normal, notice it has no A records):
$ dig icebuddha.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> icebuddha.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50957
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;icebuddha.com. IN A
;; Query time: 273 msec
;; SERVER: 192.168.106.2#53(192.168.106.2)
;; WHEN: Sat Jun 18 13:11:26 2016
;; MSG SIZE rcvd: 31
dig records when I specify the name server to use (notice it does have A records, which is good):
$ dig icebuddha.com #ns-10.awsdns-01.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> icebuddha.com #ns-10.awsdns-01.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18793
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;icebuddha.com. IN A
;; ANSWER SECTION:
icebuddha.com. 300 IN A 192.30.252.154
icebuddha.com. 300 IN A 192.30.252.153
;; AUTHORITY SECTION:
icebuddha.com. 172800 IN NS ns-10.awsdns-01.com.
icebuddha.com. 172800 IN NS ns-1447.awsdns-52.org.
icebuddha.com. 172800 IN NS ns-1607.awsdns-08.co.uk.
icebuddha.com. 172800 IN NS ns-737.awsdns-28.net.
;; Query time: 69 msec
;; SERVER: 205.251.192.10#53(205.251.192.10)
;; WHEN: Sat Jun 18 13:11:43 2016
;; MSG SIZE rcvd: 199
The solution was to ensure all three mentions of Name Servers and NS records are the same. By using that last image as the authoritive answer, and setting the middle image to those values, this worked.
i've tried really really (really) hard but i seem to be to stupid.
When i look into the cloudcontrol.com web interface I have the following aliases. The last two do show a "0", as in not verified / accepted.
production-appname.cloudcontrolapp.com
production-appname.cloudcontrolled.com
production.appname.cloudcontrolapp.com
production.appname.cloudcontrolled.com
appname.de
www.appname.de
Here is my hetzner DNS file:
$TTL 86400
# IN SOA ns1.first-ns.de. postmaster.robot.first-ns.de. (
2923281543 ; serial
14400 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
# IN NS robotns3.second-ns.com.
# IN NS robotns2.second-ns.de.
# IN NS ns1.first-ns.de.
# IN A 54.217.238.6
# IN A 54.217.235.238
# IN A 54.217.237.244
localhost IN A 127.0.0.1
mail IN A 54.217.238.6
ftp IN CNAME www
imap IN CNAME www
loopback IN CNAME localhost
pop IN CNAME www
relay IN CNAME www
smtp IN CNAME www
www IN CNAME production-appname.cloudcontrolapp.com.
# IN MX 10 mail
# IN TXT "cloudControl-verification: ..code.."
Using 213.239.242.238 (ns1.first-ns.de) as first line in my local laptops /etc/resolv.conf i get:
user#machine:~$ dig #ns1.first-ns.de appname.de ALL
; <<>> DiG 9.8.1-P1 <<>> #ns1.first-ns.de appname.de ALL
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19203
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;appname.de. IN A
;; ANSWER SECTION:
appname.de. 86400 IN A 54.217.238.6
appname.de. 86400 IN A 54.217.237.244
appname.de. 86400 IN A 54.217.235.238
;; AUTHORITY SECTION:
appname.de. 86400 IN NS robotns3.second-ns.com.
appname.de. 86400 IN NS robotns2.second-ns.de.
appname.de. 86400 IN NS ns1.first-ns.de.
;; ADDITIONAL SECTION:
ns1.first-ns.de. 86400 IN A 213.239.242.238
;; Query time: 65 msec
;; SERVER: 213.239.242.238#53(213.239.242.238)
;; WHEN: Sun Sep 15 14:34:56 2013
;; MSG SIZE rcvd: 190
;; connection timed out; no servers could be reached
user#machine:~$ dig #ns1.first-ns.de appname.de TXT
; <<>> DiG 9.8.1-P1 <<>> #ns1.first-ns.de appname.de TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3291
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;appname.de. IN TXT
;; ANSWER SECTION:
appname.de. 86400 IN TXT "cloudControl-verification: ..correct code i've checked.."
;; AUTHORITY SECTION:
appname.de. 86400 IN NS robotns3.second-ns.com.
appname.de. 86400 IN NS robotns2.second-ns.de.
appname.de. 86400 IN NS ns1.first-ns.de.
;; ADDITIONAL SECTION:
ns1.first-ns.de. 86400 IN A 213.239.242.238
;; Query time: 66 msec
;; SERVER: 213.239.242.238#53(213.239.242.238)
;; WHEN: Sun Sep 15 14:35:39 2013
;; MSG SIZE rcvd: 246
user#machine:~$ dig #ns1.first-ns.de www.appname.de ALL
; <<>> DiG 9.8.1-P1 <<>> #ns1.first-ns.de www.appname.de ALL
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64185
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.appname.de. IN A
;; ANSWER SECTION:
www.appname.de. 86400 IN CNAME production-appname.cloudcontrolapp.com.
;; AUTHORITY SECTION:
appname.de. 86400 IN NS robotns3.second-ns.com.
appname.de. 86400 IN NS robotns2.second-ns.de.
appname.de. 86400 IN NS ns1.first-ns.de.
;; ADDITIONAL SECTION:
ns1.first-ns.de. 86400 IN A 213.239.242.238
;; Query time: 66 msec
;; SERVER: 213.239.242.238#53(213.239.242.238)
;; WHEN: Sun Sep 15 14:35:53 2013
;; MSG SIZE rcvd: 206
;; connection timed out; no servers could be reached
Now when i just visit the site:
production-appname.cloudcontrolapp.com
everything works out and i see the app. when i visit:
production-appname.cloudcontrolapp.com. (with the dot!)
i get the whoopsy daisy thing from cloudcontrol. when i visit:
appname.de
i also get whoopsy daisy. when i visit
www.appname.de
i get Cannot resolve hostname.
I dont have much idea whats wrong :/
Alright, so first appname.de according to this config does not point to cloudControl at all. The www CNAME appears to be correct. The TXT record appears to be correct as well, but without knowing the domain name I can't verify that.
What you want to check is:
a) What does a query for the TXT record of the root domain return (e.g. $dig TXT appname.de)
b) And what does www.appname.de resolve to (e.g. $dig www.appname.de)?
If a) returns the correct verification code (side note: it's not secret) and b) the correct CNAME all you have to do is wait for the changes to propagate through the DNS system so that our system can pick them up. Then the alias will automatically be verified and the domain will start to work.