DNS errors with --force-renew and CNAME records

if you fully qualify it, it should end with a dot, like

gocompose 3600 in CNAME sam-memset.camart.co.uk.

so gocompose.camart.co.uk (the one I am in control of) now CNAMES to

sam-memset.camart.co.uk.
instead of
sam-memset [this was never dot suffixed]

propagation within the DNS provider itself is normally instant (one of the reasons I use this provider, some have quite a delay), but the fully qualified CNAME isn’t showing up with the ‘unbound’ test (yet?) … still showing the bizarre dot-suffixed subdomain

Same for me:

% for ns in `dig +short ns camart.co.uk`; do dig @$ns gocompose.camart.co.uk; done

; <<>> DiG 9.11.14-3ubuntu1-Ubuntu <<>> @dns2.mtgsy.co.uk. gocompose.camart.co.uk
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39355
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gocompose.camart.co.uk.		IN	A

;; ANSWER SECTION:
gocompose.camart.co.uk.	3600	IN	CNAME	sam-memset.
gocompose.camart.co.uk.	60	IN	A	54.72.52.58

;; AUTHORITY SECTION:
.			86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020030500 1800 900 604800 86400

;; Query time: 4 msec
;; SERVER: 74.207.254.12#53(74.207.254.12)
;; WHEN: gio mar 05 14:11:13 CET 2020
;; MSG SIZE  rcvd: 166


; <<>> DiG 9.11.14-3ubuntu1-Ubuntu <<>> @dns3.mtgsy.com. gocompose.camart.co.uk
; (3 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29315
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gocompose.camart.co.uk.		IN	A

;; ANSWER SECTION:
gocompose.camart.co.uk.	3600	IN	CNAME	sam-memset.
gocompose.camart.co.uk.	60	IN	A	54.72.52.58

;; AUTHORITY SECTION:
.			86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020030500 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 162.243.59.139#53(162.243.59.139)
;; WHEN: gio mar 05 14:11:13 CET 2020
;; MSG SIZE  rcvd: 166


; <<>> DiG 9.11.14-3ubuntu1-Ubuntu <<>> @dns4.mtgsy.com. gocompose.camart.co.uk
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43265
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gocompose.camart.co.uk.		IN	A

;; ANSWER SECTION:
gocompose.camart.co.uk.	3600	IN	CNAME	sam-memset.
gocompose.camart.co.uk.	60	IN	A	54.72.52.58

;; AUTHORITY SECTION:
.			86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020030500 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 178.79.133.227#53(178.79.133.227)
;; WHEN: gio mar 05 14:11:13 CET 2020
;; MSG SIZE  rcvd: 166


; <<>> DiG 9.11.14-3ubuntu1-Ubuntu <<>> @dns1.mtgsy.co.uk. gocompose.camart.co.uk
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57400
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gocompose.camart.co.uk.		IN	A

;; ANSWER SECTION:
gocompose.camart.co.uk.	3600	IN	CNAME	sam-memset.
gocompose.camart.co.uk.	60	IN	A	54.72.52.58

;; AUTHORITY SECTION:
.			86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020030500 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 172.105.69.234#53(172.105.69.234)
;; WHEN: gio mar 05 14:11:13 CET 2020
;; MSG SIZE  rcvd: 166

it’s just started using the new setting on unbound - and working now

I think we have a workaround!

fully qualified CNAME

I have some strong words planned for my isp, but at least I can now do something that works without dropping CNAMES!

Now another question comes to mind. Do you recognize the mtgsy.co.uk domain? They are supposed to be your dns provider.

that’s right, they are the DNS provider

1 Like

I cannot see it. What’s going on?

You do know you can switch providers, right? :smiley:

I can switch providers, but I manage hundreds of (sub)domains through them, so it would be a very big job to switch. They’ve been good for many many years. But I might have to switch.

This was the working test:

https://unboundtest.com/m/A/gocompose.camart.co.uk/4VUSOATA

However, right now, it appears to be failing in exactly the same way as before

https://unboundtest.com/m/A/gocompose.camart.co.uk/2ST25TR2

… so some serious intermittancy (or partial propagation perhaps)

It might be time to host your own authoritative dns, with some backup from commercial providers.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.