Why can I resolve this hostname but not a cname to this hostname?
You're getting an NXDOMAIN on your first request because you're asking for an A (as you can see in the question section) and the server is only responding with a CNAME. So, the issue you're seeing is caused by the DNS-server for example.com
, and not by Amazon.
As I understand it, servers will usually return the A-record that the CNAME-record points to as part of the answer to save bandwidth (since, otherwise, that's likely to be your very-next-question). However, I don't think that they have to, and I'm pretty sure that some particularly pedantic DNS servers (I'm looking at you, unpatched-tinydns) don't include the A-record in the answer.
(EDIT: As pointed out by kworr, if the A-name is out-of-bailiwick then you're also relying on the server's willingness to do that recursive query for you)
Related videos on Youtube
The Shurrican
Updated on September 18, 2022Comments
-
The Shurrican over 1 year
If I run dig against a hostname, I get the according cname, however I get an NXDOMAIN error (non existent domain).
if I run dig against the cname I got, I can resolve it to an IP address successfully. It is reproduceable.
On the system I am currently on it is always the case, on other systems it sometimes works and sometimes not, and on other systems it seems to work all the time.
If I run using a nameserver I specify (for example google's public nameserver) I can successfully resolve the hostname.
I would just blame the local system, but it seems I am not having the only one problems.
The 2nd domain (example.net) is hosted on amazon route 53 nameservers. The 1st one on another dns server which has proven to be fully functional and reliable over the years.
I once switched with the other domain to amazon dns as well, everything seemed to work, also various dns health check tests reported fine, however i received a lot of support tickets that dns resolution would not work.
Is amazon just "bad" or am I doing something wrong?
I did not tamper with the domain in any way on the local system (in case of caching or making a custom dns view or whatever...)
joe@joe:~$ dig scorpion.example.com ; <<>> DiG 9.8.1-P1 <<>> scorpion.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10222 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;scorpion.example.com. IN A ;; ANSWER SECTION: scorpion.example.com. 180 IN CNAME alpha.nue.scorpion.example.net. ;; Query time: 28 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jun 18 10:28:39 2012 ;; MSG SIZE rcvd: 84 joe@joe:~$ dig alpha.nue.scorpion.example.net ; <<>> DiG 9.8.1-P1 <<>> alpha.nue.scorpion.example.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25381 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;alpha.nue.scorpion.example.net. IN A ;; ANSWER SECTION: alpha.nue.scorpion.example.net. 300 IN A 192.0.2.130 ;; Query time: 48 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jun 18 10:28:47 2012 ;; MSG SIZE rcvd: 66 joe@joe:~$
-
kworr almost 12 yearsMaybe this is about DNS recursive queries?
-
nickgrim almost 12 yearsfacepalm @kworr makes a good point that the A-record is out-of-bailiwick, and it's likely that the DNS-server is unwilling to do that recursive query for you.
-
The Shurrican almost 12 yearsok that makes sense! if i run the question against the dns server of the domain itself the behaviour is the same!! but why does it sometimes work? are other dns servers (like googles) just "intelligent" enough to fix that on the fly??
-
nickgrim almost 12 yearsI'm not sure precisely what you mean by "if i run the question against the dns server of the domain itself the behaviour is the same". However, I'd guess that if the server you're asking already has the (cached) A-record that the CNAME points to, it might choose to return it in the answer section even if it wouldn't look it up if it didn't have it cached (if you see what I mean).
-
The Shurrican almost 12 yearsby that i mean if i specify one of the nameservers that i obtain from the domains whois output as the nameserver to use. however using cnames is a very common thing. especially to external domains. i have tried 3 dns providers now and none of them gave me an A record. only the cname record with a warning that recursion is not available. it seems that isp nameservers seem to "take over that job" in a lot of cases, is this possible?