Opened 13 days ago
Closed 13 days ago
#13617 closed Bug/Something is broken (fixed)
DNS not propogating for palantetech.coop/palantetech.com
Reported by: | https://id.mayfirst.org/jessie | Owned by: | https://id.mayfirst.org/jamie |
---|---|---|---|
Priority: | High | Component: | Tech |
Keywords: | Cc: | k054 | |
Sensitive: | no |
Description
Hey There folks,
We noticed some DNS records we added a few hours ago are not propagating even when we query a.ns.mayfirst.org
npap-demo.palantetech.coop being the main one we need
Change History (6)
comment:1 Changed 13 days ago by https://id.mayfirst.org/jessie
- Cc k054 added
comment:2 Changed 13 days ago by https://id.mayfirst.org/jessie
- Priority changed from Medium to High
comment:3 Changed 13 days ago by https://id.mayfirst.org/jaimev
- Owner set to https://id.mayfirst.org/jamie
- Status changed from new to assigned
comment:4 Changed 13 days ago by https://id.mayfirst.org/jamie
I'm taking a look now. knot is complaining about a semantic check failing on your zone file...
comment:5 Changed 13 days ago by https://id.mayfirst.org/jamie
- Resolution set to fixed
- Status changed from assigned to feedback
Can you try again? It should be working now.
The problem was that our DNS server is quite strict about CNAME. If you set a domain (like puppet.palantetech.coop) to a CNAME then knot knows that anytime someone requests that domain name it will return the results of the CNAME.
A problem arises if you try to configure a domain name to be a CNAME and you define something else (in your case, you set a AAAA record for puppet.palantetech.coop). Knot refuses to load it because if someone requests the AAAA record for puppet.palantetech.coop knot doesn't know whether to deliver the AAAA record you have defined or the AAAA record of the CNAME domain.
To immediately resolve the problem I just disabled your AAAA record for puppet.palantetech.coop.
We have a validation rule that is supposed to stop you from entering a CNAME record for a record that already exists.
But I think it failed because there is no check in the opposite directory (to prevent you from adding an AAAA record for a domain that already has a CNAME).
comment:6 Changed 13 days ago by https://id.mayfirst.org/jamie
- Status changed from feedback to closed
See #13618
Please login to add comments to this ticket.
Let's get jamie to look at this.