Why can I resolve this hostname but not a cname to this hostname?

If I run dig against a hostname, I get the according cname, however I get an NXDOMAIN error (non existent domain).

if I run dig against the cname I got, I can resolve it to an IP address successfully. It is reproduceable.

On the system I am currently on it is always the case, on other systems it sometimes works and sometimes not, and on other systems it seems to work all the time.

If I run using a nameserver I specify (for example google's public nameserver) I can successfully resolve the hostname.

I would just blame the local system, but it seems I am not having the only one problems.

The 2nd domain (example.net) is hosted on amazon route 53 nameservers. The 1st one on another dns server which has proven to be fully functional and reliable over the years.

I once switched with the other domain to amazon dns as well, everything seemed to work, also various dns health check tests reported fine, however i received a lot of support tickets that dns resolution would not work.

Is amazon just "bad" or am I doing something wrong?

I did not tamper with the domain in any way on the local system (in case of caching or making a custom dns view or whatever...)

joe@joe:~$ dig scorpion.example.com

; <<>> DiG 9.8.1-P1 <<>> scorpion.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10222
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;scorpion.example.com.      IN  A

;; ANSWER SECTION:
scorpion.example.com.   180 IN  CNAME   alpha.nue.scorpion.example.net.

;; Query time: 28 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jun 18 10:28:39 2012
;; MSG SIZE  rcvd: 84

joe@joe:~$ dig alpha.nue.scorpion.example.net

; <<>> DiG 9.8.1-P1 <<>> alpha.nue.scorpion.example.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25381
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;alpha.nue.scorpion.example.net. IN A

;; ANSWER SECTION:
alpha.nue.scorpion.example.net. 300 IN A    192.0.2.130

;; Query time: 48 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jun 18 10:28:47 2012
;; MSG SIZE  rcvd: 66

joe@joe:~$ 

Maybe this is about DNS recursive queries?

facepalm @kworr makes a good point that the A-record is out-of-bailiwick, and it's likely that the DNS-server is unwilling to do that recursive query for you.

ok that makes sense! if i run the question against the dns server of the domain itself the behaviour is the same!! but why does it sometimes work? are other dns servers (like googles) just "intelligent" enough to fix that on the fly??

I'm not sure precisely what you mean by "if i run the question against the dns server of the domain itself the behaviour is the same". However, I'd guess that if the server you're asking already has the (cached) A-record that the CNAME points to, it might choose to return it in the answer section even if it wouldn't look it up if it didn't have it cached (if you see what I mean).

by that i mean if i specify one of the nameservers that i obtain from the domains whois output as the nameserver to use. however using cnames is a very common thing. especially to external domains. i have tried 3 dns providers now and none of them gave me an A record. only the cname record with a warning that recursion is not available. it seems that isp nameservers seem to "take over that job" in a lot of cases, is this possible?