Opened 13 days ago

Closed 13 days ago

#13617 closed Bug/Something is broken (fixed)

DNS not propogating for palantetech.coop/palantetech.com

Reported by: https://id.mayfirst.org/jessie Owned by: https://id.mayfirst.org/jamie
Priority: High Component: Tech
Keywords: Cc: k054
Sensitive: no

Description

Hey There folks,

We noticed some DNS records we added a few hours ago are not propagating even when we query a.ns.mayfirst.org

npap-demo.palantetech.coop being the main one we need

Change History (6)

comment:1 Changed 13 days ago by https://id.mayfirst.org/jessie

  • Cc k054 added

comment:2 Changed 13 days ago by https://id.mayfirst.org/jessie

  • Priority changed from Medium to High

comment:3 Changed 13 days ago by https://id.mayfirst.org/jaimev

  • Owner set to https://id.mayfirst.org/jamie
  • Status changed from new to assigned

Let's get jamie to look at this.

comment:4 Changed 13 days ago by https://id.mayfirst.org/jamie

I'm taking a look now. knot is complaining about a semantic check failing on your zone file...

comment:5 Changed 13 days ago by https://id.mayfirst.org/jamie

  • Resolution set to fixed
  • Status changed from assigned to feedback

Can you try again? It should be working now.

The problem was that our DNS server is quite strict about CNAME. If you set a domain (like puppet.palantetech.coop) to a CNAME then knot knows that anytime someone requests that domain name it will return the results of the CNAME.

A problem arises if you try to configure a domain name to be a CNAME and you define something else (in your case, you set a AAAA record for puppet.palantetech.coop). Knot refuses to load it because if someone requests the AAAA record for puppet.palantetech.coop knot doesn't know whether to deliver the AAAA record you have defined or the AAAA record of the CNAME domain.

To immediately resolve the problem I just disabled your AAAA record for puppet.palantetech.coop.

We have a validation rule that is supposed to stop you from entering a CNAME record for a record that already exists.

But I think it failed because there is no check in the opposite directory (to prevent you from adding an AAAA record for a domain that already has a CNAME).

comment:6 Changed 13 days ago by https://id.mayfirst.org/jamie

  • Status changed from feedback to closed

See #13618

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.