Am able to ping my domain, but not subdomain (digitalocean)

Question

My main domain (say: example.com) on DigitalOcean is working ok. I've only one droplet in there. Then I created 'a' record under my main domain with another subdomain name (1.example.com).

Then, I created another subdomain (2.example.com), in the way as we create a new domain in DO, and made it refer to the same droplet's ip address as my main domain's. Hope I'm able to clear myself.

And Problem is that I'm able to ping example.com, but not able to reach 1.example.com or 2.example.com (both created slightly diff ways in DO). Its been more than an hour since then. I've tried reducing ttl from 3600 to 60 or 600. Ping says "no address associated with hostname". My actual subdomain name are 1.bobu.xyz and 2.bobu.xyz

If I dig these subdomains in Windows Bash, they show the 'a' records pointing to DO's name servers. But no else record is there. How can I reach them/ping them? What am I missing?

`ping` is not the tool to use to troubleshoot DNS problems. You should use `dig` or at least `nslookup`. — Patrick Mevzek, Nov 09 '19 at 18:26
Probably not directly related to your problem but still a cause of concerns, you seem to have configured your zone to do DNSSEC (because it has DNSKEY records) but then the parent does not have the matching DS record. Is that the expected result? See https://dnsviz.net/d/bobu.xyz/dnssec/ for details. — Patrick Mevzek, Nov 09 '19 at 18:30

score 0 · Answer 1 · edited Nov 09 '19 at 18:27

0

dig example.com, dig 1.example.com, and dig 2.example.com should all resolve to an IP address (and as far as I understand you, to the same ip address). If they don't, you did something wrong in your DNS configuration.

This could merely mean that your local resolver has cached old info, so try dig @official.name.server.example.com 1.example.com etc

edited Nov 09 '19 at 18:27

Patrick Mevzek

9,921
7
32
43

answered Nov 09 '19 at 16:00

Hagen von Eitzen

824
3
17
43

There is no "official" name servers, there are only recursive ones (which do caching) and authoritative ones (who do not cache anything) – Patrick Mevzek Nov 09 '19 at 18:27
I found 1 fault that my ns were resolving thru CloudFlare. That is, CF was playing the roll of a DNS forwarder (not a proxy). A huge mistake on my part before asking this question. But yesterday I was banging my head on this problem but couldn't recognize the CF's servers. Now that I've corrected that, I'll check and revert after some time. – Bathinda Helper Nov 10 '19 at 07:25
@PatrickMevzek There are always official name servers, namely those listed with the registration - or found in a few steps by starting `host -t ns example.com a.root-servers.net` – Hagen von Eitzen Nov 10 '19 at 15:24
1

They are called "authoritative" nameservers, not "official". – Patrick Mevzek Nov 10 '19 at 18:10

score 0 · Answer 2 · answered Nov 11 '19 at 12:34

Thank you all who replied.

But, At last, I found that there was some problem on DO's end. I don't think it was wrong/incomplete propagation. As it was already around 24 had passed.

I mailed them 2-3 times in the last 2 days. And in the end, without me doing anything on my end, both domains started working and I'm able to reach them, ping them from my windows pc.

Am able to ping my domain, but not subdomain (digitalocean)

2 Answers2