0

Public name server (controlled by me, I own example.com):

private.example.com. 300 IN CNAME myserver.home.

Private name server (some auto-config voodoo, can't modify this record):

myserver.home. 300 IN A 192.168.6.66

But private.example.com only works intermittently: It did use to work in Chrome, but currently doesn't. dig without further options returns the cname, but dig with +norecurse fails, each tested with the local dns server and several public ones.

What is the easiest way to fix this? Something that doesn't involve setting up a local nameserver, preferably?

Background: In my home network there is a server "myserver.home" which is accessible as "myserver.home", but this is obviously no valid public dns name. It does work fine in the home network, though. Because I want HTTPS, I added a CNAME from private.example.com to myserver.home so I can get a certificate for private.example.com (using certbot, dns-01, works just fine).

Nobody
  • 121
  • 6

1 Answers1

0

It is not clear setup, but I suppose dig is asking public DNS server which obviously have no idea what 'myserver.home' is. dig (and any other resolving software) have to go through actual DNS-records to resolve 'example.com'. If you refer to 'myserver.home' - this name should exist in DNS realm of resolver, no any other realms will work (like /etc/hosts or autoconfig).

There are two ways to prove you own the domain-name - through web-page or through DNS TXT record.

If you need a certificate issued to example.com and you are the one managing public example.com DNS - you need to create TXT records for example.com proving it belong to you. This depends on the software you are using (certbot, acme.sh or else). Look the manpage for 'DNS challenge'.

kab00m
  • 498
  • 3
  • 10
  • This doesn't answer the question. I got the certificate just fine. The problem is that browsers don't resolve example.com even when they are using a nameserver which resolves myserver.home fine. – Nobody Mar 25 '20 at 17:09
  • You need to specify the setup then. So you have private DNS server knowing 'myserver.home'? And computer (where browser works) is pointed to that server? Then how it is configured and what software it is running? – kab00m Mar 25 '20 at 17:30
  • I tried to make my question more clear (see edited op), but actually all the relevant info should already be there. – Nobody Mar 25 '20 at 19:23
  • It is not clear what you mean "my server is accessible as 'myserver.home'". How does it work? You have internal nameserver or its kind of a autoconfig? What you computer is pointed to as a DNS server(s)? If you do not have managed internal DNS sever - this wont work. – kab00m Mar 26 '20 at 09:41
  • It's an autoconfig kind of thing, otherwise I could just directly configure a local A record. – Nobody Mar 26 '20 at 10:43
  • That was the point of my answer. Name resolution work that way - examining sources one by one. When it goes into DNS it stay in DNS. That means you may not refer any DNS record not to DNS record. When one try to find myserver.home - it ask local source and get the result. When one try to find example.com it do the same, but local source have no idea what it is and then it go to real DNS world. There it get myserver.home as a result - this result is being searched in real DNS world, it does not start the process again to search local sources first. – kab00m Mar 28 '20 at 12:39