#13617 closed Bug/Something is broken (fixed)

DNS not propogating for palantetech.coop/palantetech.com

Reported by: https://id.mayfirst.org/jessie Owned by: https://id.mayfirst.org/jamie
Priority: High Component: Tech
Keywords: Cc: k054
Sensitive: no


Hey There folks,

We noticed some DNS records we added a few hours ago are not propagating even when we query a.ns.mayfirst.org

npap-demo.palantetech.coop being the main one we need

Change History (6)

comment:1 Changed 12 months ago by https://id.mayfirst.org/jessie

  • Cc k054 added

comment:2 Changed 12 months ago by https://id.mayfirst.org/jessie

  • Priority changed from Medium to High

comment:3 Changed 12 months ago by https://id.mayfirst.org/jaimev

  • Owner set to https://id.mayfirst.org/jamie
  • Status changed from new to assigned

Let's get jamie to look at this.

comment:4 Changed 12 months ago by https://id.mayfirst.org/jamie

I'm taking a look now. knot is complaining about a semantic check failing on your zone file...

comment:5 Changed 12 months ago by https://id.mayfirst.org/jamie

  • Resolution set to fixed
  • Status changed from assigned to feedback

Can you try again? It should be working now.

The problem was that our DNS server is quite strict about CNAME. If you set a domain (like puppet.palantetech.coop) to a CNAME then knot knows that anytime someone requests that domain name it will return the results of the CNAME.

A problem arises if you try to configure a domain name to be a CNAME and you define something else (in your case, you set a AAAA record for puppet.palantetech.coop). Knot refuses to load it because if someone requests the AAAA record for puppet.palantetech.coop knot doesn't know whether to deliver the AAAA record you have defined or the AAAA record of the CNAME domain.

To immediately resolve the problem I just disabled your AAAA record for puppet.palantetech.coop.

We have a validation rule that is supposed to stop you from entering a CNAME record for a record that already exists.

But I think it failed because there is no check in the opposite directory (to prevent you from adding an AAAA record for a domain that already has a CNAME).

comment:6 Changed 12 months ago by https://id.mayfirst.org/jamie

  • Status changed from feedback to closed

See #13618

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.