Opened 10 days ago

Closed 4 days ago

#14287 closed Bug/Something is broken (fixed)

DNS entry not publishing

Reported by: https://id.mayfirst.org/takethestreets Owned by: https://id.mayfirst.org/jamie
Priority: High Component: Tech
Keywords: dns Cc:
Sensitive: no

Description

I created an A DNS record for "agbu2.megaphonetech.com" about an hour ago. After about 30 minutes it didn't appear, so I resaved the record - 30 minutes later and it's still not there. I used

dig +short agbu2.megaphonetech.com @a.ns.mayfirst.org
dig +short agbu2.megaphonetech.com @b.ns.mayfirst.org

to ensure that it wasn't just a propagation issue - the MFPL DNS servers seem not to have it published either.

Thanks for checking it out! Jon

Change History (4)

comment:1 Changed 10 days ago by https://id.mayfirst.org/jaimev

  • Owner set to https://id.mayfirst.org/jamie
  • Status changed from new to assigned

Let's get jamie's help with checking on the DNS servers.

comment:2 Changed 8 days ago by https://id.mayfirst.org/jamie

  • Resolution set to fixed
  • Status changed from assigned to feedback

I'm sorry this took me so long to go to (PTP has been running a powerbase training all week).

The problem is with the domain name: acd.megaphonetech.com

It has both an A ip address assigned to it and it also had a CNAME pointing to a different domain.

I've tried to write validation code to prevent this, but somehow it seems to still sneak in (maybe one record was disabled and then re-enabled?).

In any event, I disabled the A record and now things should work again.

Note: the reason it was a different domain that failed is because knot has a failsafe mechanism. if it detects and error in a zone file, it simply keeps the old zone file in place and refuses to make changes. So, once the cname/a conflict happened, no new changes were allowed in that zone.

Jaime: I found the error by:

  1. Log into kennedy or gamiz
  2. systemctl reload knot
  3. journal -u knot and look for errors

comment:3 Changed 4 days ago by https://id.mayfirst.org/takethestreets

  • Resolution fixed deleted
  • Status changed from feedback to assigned

Thanks for looking into this Jamie! I update the DNS records via the API, so perhaps the validation code is at the form level. The CNAME predated my Ansible script, but now I know what to look for.

comment:4 Changed 4 days ago by https://id.mayfirst.org/jamie

  • Resolution set to fixed
  • Status changed from assigned to closed

Ah, the api is an excellent tip. I'll try testing there...

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.