Out of the blue My DNS does not reply CNAME requests

Discussion in 'General' started by [email protected], Jan 6, 2025.

Tags:
  1. Hi
    My DNS servers do not Resolve CNAME and SRV records but seems to resolve all other records fine.
    Renderied zone files has all records in them, it however doe not asver any of it, I already ran updates, resynced DNS, rebooted wich none seemed to fix the issue.
    I'm not shure at what point this happened but I updated ispconfig just before years end.

    Rendered zone file is:
    $TTL 86400
    @ IN SOA hofrungur.martolvan.is. support.martolvan.is. (
    20241220nn ; serial, todays date + todays serial #
    7200 ; refresh, seconds
    3600 ; retry, seconds
    1814400 ; expire, seconds
    86400 ) ; minimum, seconds
    ;
    flipper 86400 A IPaddres
    flipper 86400 A IPaddres
    hjalp 3600 A IPaddres
    hofrungur 86400 A IPaddres
    hysing 3600 A IPaddres
    in 86400 A IPaddres
    keiko 86400 A IPaddres
    litlagra 3600 A IPaddres
    litlahvit 3600 A IPaddres
    mail 3600 A IPaddres
    martolvan.is. 86400 A IPaddres
    moby 3600 A IPaddres
    mthysing 3600 A IPaddres
    simi 3600 A IPaddres
    webhost2 3600 A IPaddres
    autodiscover 3600 CNAME autodiscover.outlook.com.
    bud 3600 CNAME mail
    em318306 3600 CNAME return.smtp2go.net.
    enterpriseenrollment 3600 CNAME enterpriseenrollment.manage.microsoft.com.
    enterpriseregistration 3600 CNAME enterpriseregistration.windows.net.
    ftp 3600 CNAME hofrungur
    geotrack 3600 CNAME hofrungur
    kiwanis 3600 CNAME hofrungur
    lyncdiscover 3600 CNAME webdir.online.lync.com.
    msoid 3600 CNAME clientconfig.microsoftonline-p.net.
    os 3600 CNAME hofrungur
    s318306._domainkey 3600 CNAME dkim.smtp2go.net.
    selector1._domainkey 3600 CNAME selector1-martolvan-is._domainkey.mxxxxx.onmicrosoft.com.
    selector2._domainkey 3600 CNAME selector2-martolvan-is._domainkey.mxxxxx.onmicrosoft.com.
    sip 3600 CNAME sipdir.online.lync.com.
    storage 3600 CNAME s3.eu-west-1.wasabisys.com
    verk 3600 CNAME martolvan.maxdesk.com.
    www 3600 CNAME hofrungur
    martolvan.is. 86400 CAA 0 issue "letsencrypt.org"
    @ 3600 MX 0 mxxxx-is.mail.protection.outlook.com.
    martolvan.is. 86400 NS mail.martolvan.is.
    martolvan.is. 86400 NS hofrungur.martolvan.is.
    martolvan.is. 86400 NS flipper.martolvan.is.
    _sip._tls 3600 SRV 100 1 443 sipdir.online.lync.com.
    _sipfederationtls._tcp 3600 SRV 100 1 5061 sipfed.online.lync.com.
    @ 600 TXT "v=spf1 mx a ip4: IPaddres ip4:IPaddres a:bud.martolvan.is a:eu.mailers.system-monitor.com a:smtp2go.net include:spf.protection.outlook.com include:spf.myconnectwise.net ~all"
    @ 3600 TXT "MS=ms5NNNNN "
    @ 3600 TXT "google-site-verification=m.........JzE"
    g 3600 TXT "google-site-verification=tqSN........9hXTl-Q7o"​
    _dmarc 3600 TXT "v=DMARC1;p=none;rua=mailto:[email protected];ruf=mailto:[email protected];fo=1;"

    If I dig locally tis is returned:
    root@hofrungur:~# dig @localhost martolvan.is ANY

    ; <<>> DiG 9.16.50-Debian <<>> @localhost martolvan.is ANY
    ; (2 servers found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39398
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 4
    ;; OPT PSEUDOSECTION:
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1232
    ; COOKIE: 342462be57d13e0201000000677beafd34e46074f59eb3f4 (good)
    ;; QUESTION SECTION:
    ;martolvan.is. IN ANY
    ;; ANSWER SECTION:
    ;; ANSWER SECTION:
    martolvan.is. 600 IN TXT "MS=ms55585834 "
    martolvan.is. 600 IN TXT "google-site-verification=mbUeUQi4ad7t6JLBwjoS_C2dCtDdwhLBTzzOCzf5JzE"
    martolvan.is. 600 IN TXT "v=spf1 mx a ip4:213.163.140.93/28 ip4:94.142.153.216 a:bud.martolvan.is a:eu.mailers.system-monitor.com a:smtp2go.net include:spf.protection.outlook.com include:spf.myconnectwise.net ~all"
    martolvan.is. 3600 IN MX 0 martolvan-is.mail.protection.outlook.com.
    martolvan.is. 86400 IN NS hofrungur.martolvan.is.
    martolvan.is. 86400 IN NS mail.martolvan.is.
    martolvan.is. 86400 IN NS flipper.martolvan.is.
    martolvan.is. 86400 IN A 213.167.140.93
    martolvan.is. 86400 IN SOA hofrungur.martolvan.is. support.martolvan.is. 2025010601 7200 3600 1814400 86400
    martolvan.is. 86400 IN CAA 0 issue "letsencrypt.org"
    ;; ADDITIONAL SECTION:
    ;; ADDITIONAL SECTION:
    mail.martolvan.is. 3600 IN A 212.30.206.155
    flipper.martolvan.is. 86400 IN A 212.30.206.154
    hofrungur.martolvan.is. 86400 IN A 213.167.140.93
    ;; Query time: 0 msec
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Jan 06 14:38:53 GMT 2025
    ;; MSG SIZE rcvd: 640

     
  2. pyte

    pyte Well-Known Member HowtoForge Supporter

    Seems to work just fine for me
    ❯ dig @flipper.martolvan.is CNAME autodiscover.martolvan.is +short
    autodiscover.outlook.com.

    ❯ dig @hofrungur.martolvan.is CNAME autodiscover.martolvan.is +short
    autodiscover.outlook.com.

    ❯ dig @mail.martolvan.is CNAME autodiscover.martolvan.is +short
    autodiscover.outlook.com.
     
    ahrasis likes this.
  3. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    what makes you think they're not resolving?

    i wouldn't expect any SRV or CNAME record to be returned in dig results unless the subdomain record, eg geotrack.martolvan.is or _sip._tls.martolvan.is was specifically requested as the record to be resolved.

    dig @localhost martolvan.is ANY
    is only going to return records that are directly for martolvan.is, not www.martolvan.is A (or CNAME) records, not randomsubdomain.martolvan.is, not _srvrecordprefix.martolvan.is SRV records, or any other unknown, essentially random subdomain of martolvan.is regardless of the record type.

    as @pyte shows, if you actually dig for the specific prefix/subdomain of your main domain, the record does get resolved.
     
    ahrasis, till and pyte like this.
  4.  
  5. Yes that works, also dig @localhost, it seems that dig with the type ANY does not return CNAME records.
    I still had some errors in few zones and after correcting them most errors clerared.
    Then I got "couldn't add command channel ::1#953: address not available" error that cleared after stopping and starting named.
    Now I'm getting more than less error free DNS log.
    thanks for the help.
    Best New yeras wishes
    Stefan B.
     
    ahrasis likes this.

Share This Page