0

for a Domain mydomain.com, I have the following entries:

; Canonical Name definition
*            600    IN CNAME    www
*.staging    600    IN CNAME    newdomain.com.
www                 IN CNAME    olddomain.com.

My expectation would be, that a.mydomain.com would always resolve to whatever is behind olddomain.com, and that a.staging.mydomain.com would always resolve to whatever is behind newdomain.com.

Sadly, my results are not consistent, although all TTLs have been expired a week ago. Sometimes i get the expected results:

$ nslookup abc.staging.mydomain.com

Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
abc.staging.mydomain.com canonical name = newdomain.com.
Name:   newdomain.com
Address: 2.2.2.2

Sometimes I don't:

$ nslookup abc.staging.mydomain.com

Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
abc.staging.mydomain.com canonical name = www.mydomain.com.
www.mydomain.com.   canonical name = olddomain.com
Name:   olddomain.com
Address: 1.1.1.1

How can I configure my DNS zone to achieve what I want?

M. Glatki
  • 1,964
  • 1
  • 17
  • 33
  • Which DNS server is it? – Michael Hampton Feb 14 '17 at 09:55
  • 8.8.8.8 is the google dns. But it does not really matter which DNS I use. – M. Glatki Feb 14 '17 at 10:11
  • That is not what I asked, and is completely irrelevant. What DNS server are you running? – Michael Hampton Feb 14 '17 at 10:11
  • I use eurodns as a DNS hoster. I do not know what DNS server software they run. Actually, server refers to both the used software and the actual server the software it runs in. – M. Glatki Feb 14 '17 at 10:20
  • Use dig instead of nslookup for DNS tests. Always specify the server you query, you should test only your authoritative nameservers directly, not recursive ones. You should avoid to create CNAME chains. Wildcards in DNS are always tricky, and wildcards+CNAME are clearly creating risks of misbehaviors. What you can do will depend on your provider, hence you should ask EuroDNS. Also, since you obfuscated your domain name, noone can help you by trying queries and looking at output. – Patrick Mevzek Feb 14 '17 at 22:10
  • Thank you for your help. Querying the authorative DNS server does not change results, and dig yields no extra information. CNAME chains are explicitly allowed in RFC 1034, and I fail to see the risk or even the extra complexity. If I change the wildcards from CNAME to A record, the behaviour does not change - but I do not have control over the actual DNS entry, so a CNAME is necessary. Either the behaviour with overlapping wildcards is specified, or unspecified. In either case their should be an answer. – M. Glatki Feb 15 '17 at 08:26
  • If you hadn't chosen to lie about the actual domain names, someone might be able to have a look and see what's wrong. Since you did, the guesses here is the best help you'll get. – Calle Dybedahl Feb 15 '17 at 09:55

0 Answers0