1

I used Terraform to create a GCP CloudDNS A record for an MIG I've deployed. In the console, I can see the zone details for the hosted zone I had created, and when I click on this, I can see the DNS A record with the FQDN, TTL 300 and the IPV4 address allocated. Surfing to the IP directly works fine, so there's nothing wrong with the app/MIG deploy.

Back home, I run

$ gcloud dns record-sets list --zone="my-zone"
NAME                                   TYPE  TTL    DATA
gcp.example.com.                        NS    21600  ns-cloud-c1.googledomains.com.,ns-cloud-c2.googledomains.com.,ns-cloud-c3.googledomains.com.,ns-cloud-c4.googledomains.com.
gcp.example.com                        SOA   21600  ns-cloud-c1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300
myfqdn.gcp.example.com.  A     300    34.117.60.130

and

$ nslookup
> server ns-cloud-c1.googledomains.com.
Default server: ns-cloud-c1.googledomains.com.
Address: 216.239.32.108#53
> myfqdn.gcp.example.com.
Server:         ns-cloud-c1.googledomains.com.
Address:        216.239.32.108#53

** server can't find ml4-eun1-dev-tfe-aeog.gcp.pi-ccn.org: NXDOMAIN
>

I also tried myfqdn.gcp.example.com without the trailing . and got the same. It's been about 3 hours since deployment, and especially as my nslookup session sets the name server as the one listed in the gcloud CLI output i.e. Google's, I'd expect the fqdn to resolve, but it is not.

What am I missing?

volvox
  • 3,014
  • 16
  • 51
  • 80

1 Answers1

3

Negative Responses, such as NXDOMAIN, are cached. The maximum time according to RFC 2308 is 86,400 seconds (24 hours). The value is stored in the SOA resource record (5th value).

The value in your question is 300 seconds (5 minutes).

However, caching resolvers can choose their own caching time, therefore there is no absolute time.

John Hanley
  • 74,467
  • 6
  • 95
  • 159
  • Thanks so if I read your answer correctly, I need to wait for the remainder of the 24 hours to expire and hope that the caching resolvers are configured to that value. Or see if Google can do something quicker. – volvox Aug 19 '21 at 21:24
  • @volvox Your setting is 300 seconds. There are Internet tools that you can use to test your DNS records such as mxtoolbox. The spec says the max is 24 hours. However, the Internet is a collection of millions of servers. Some are poorly designed, some cache what they want, etc. If it has been more than a day, you have configured DNS incorrectly. Regarding Google, short of flushing their DNS cache, they cannot do anything for you. – John Hanley Aug 19 '21 at 23:47
  • For others finding this, this may also help: https://stackoverflow.com/questions/54915334/point-and-use-a-subdomain-in-gcp – volvox Aug 24 '21 at 17:23