I want to make a custom domain for project documentation in postman. I added a TXT record and CNAME in the DNS section of Cloudflare. But when I click on the Verify Domain button, an error appears: Something went wrong No CNAME record found for this domain.
This is from cloudflare side:
When a CNAME record is orange clouded we basically treat it like an A record AND cloudflare obfuscate the origin and just return the IP address. As a result if you do a DNS query for CNAME with an orange clouded record you won’t see it (but an A record query will return the destination IP).
For services which are looking to validate with a specific value obfuscation = bad. So to prevent this you’ll want to make sure the record is :grey: not :orange:.
Related
I have a domain that I got from NameCheap: www.app.flerr.io.
I configured the domain in AWS with Route53, CloudFront and S3.
I uploaded the static website to the relevant S3 bucket.
When I try to reach my website, I get the following error: ERR_NAME_NOT_RESOLVED.
Although, when I reach the website through S3 static website hosting it's working:
Any ideas?
EDIT:
Route53:
I have one A record that traffics to <id>.cloudfront.net:
I have one NS record that traffics to 4 NS URLs.
I have one SOA record.
I have one CNAME record.
ERR_NAME_NOT_RESOLVED usually refers to a DNS problem.
You already verified that S3 URL is working correctly.
Now, verify that Cloudfront is working correctly by pasting the Cloudfront URL in your browser (<id>.cloudfront.com or something similar).
If both of them are working, means that your problem is indeed DNS (and therefore Route53) related.
Use any DNS Lookup page to see if your domain (flerr.io) is correctly set up.
https://mxtoolbox.com/SuperTool.aspx?action=a%3awww.app.flerr.io&run=toolpage
With the information given that's the best we can do, if you share your Route53 Hosted Zones we could see if anything is wrong
If you bought flerr.io. - you dont need to create a new zone for app.flerr.io. (you can, but its not required - this is called DNS delegation). You just need to create a record named www.app inside flerr.io. as an A or CNAME to your destination.
When i use dig to test the DNS i get the following results:
dig flerr.io. shows A records
dig app.flerr.io. shows A records - and appears to be its own DNS delegation zone (was that deliberate)?
dig www.app.flerr.io. does not return any records - this is why you cant resolve your site.
I think the solution for you is to create the www.app records in the flerr.io. zone and ignore the app.flerr.io. zone you created. If your trying to use the zone app.flerr.io. (and its been setup properly in flerr.io.) you would just create the www record.
I'm following the top answer to this question: Custom domain for GitHub project pages to upload my github page into my custom domain. I'm using cloudflare as my dns. I first added the four A records without a problem, but then i try to add the CNAME record and i'm getting an error saying that there is already a record with that host, should i ignore the CNAME? Or what should i do? If i upload first the CNAME record and then the A records i get the same problem. I'm uploading the CNAME as the root in the name and myname.github.io in the target.
Say I have the following record:
*.foo.bar CNAME *.baz.qux
If I do a DNS query on test.foo.bar, will it return the record for test.baz.qux? Or will it do something else?
EDIT: There's a reason for wanting to do this. AWS's Client VPN provides an endpoint with random prefix, e.g. *.cvpn-endpoint-foo.bar.clientvpn.us-west-2.amazonaws.com, meaning it will accept a connection with any value used for the prefix (used so there's no DNS caching of the endpoint's A records, corresponding to OpenVPN's remote-random-hostname option). I would like to provide a connection endpoint like *.vpn.mydomain.com. So, I was wondering if there was a way to do this, where a random prefix can be used with the custom domain and have it pass that through to the domain it CNAMEs to.
To summarize: is there a way I can use AWS's Client VPN random prefix via a custom DNS record?
I ran into this question after suffering the same confusion about wildcards and CNAMES. I managed to get a good solution thanks to Yuri's answer putting me in the right direction.
Basically I just chose my own 'random' fixed subdomain for the VPN Endpoint and pointed my CNAME entry to it. So if the VPN Endpoint DNS Name is:
*.cvpn-endpoint-xxxxxx.prod.clientvpn.<region>.amazonaws.com
Then I use the following CNAME entry:
vpn.my-domain.com CNAME <random>.cvpn-endpoint-xxxxxx.prod.clientvpn.<region>.amazonaws.com.
The above entry handles clients without remote-random-hostname capability. I can then add another wildcard CNAME to catch clients with this option enabled:
*.vpn.my-domain.com CNAME vpn.my-domain.com
With these two entries I can happily distribute vpn config that points to vpn.my-domain.com and re-map this in Route53 if I ever need to replace the VPN Endpoint.
Slightly related documentation: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/troubleshooting.html#resolve-host-name
Such CNAME record is illegal. You cannot have wildcard * as CNAME value, only single domain name at the RHS of CNAME. You can have something like
*.foo.bar. CNAME zuka.baz.qux.
Also, note the dots at the end of domain names. Without them zone name will be appended.
Update To clarify this. '*' in the RHS is not wild card, it is
treated as regular domain name. So, unless you have host or subdomain named *.baz.qux any query for whatewer.foo.bar will return not found: 3(NXDOMAIN)
Our project is deployed on Elastic Beanstalk and I want to run this on HTTPs. I created my certificate on AWS Certificate Manager and choose DNS verification option. I added provided data in my Godaddy DNS records. Below is my sample data
Domain Name | Record Name | Record Type | Record Value
example.com | _8046ecb910c52234234234234232ecae.example.com. | CNAME | _81b05686qweerttcxsaxasdadas5a566.tljzshvwok.acm-validations.aws.
*.example.com | _8046ecb910c52234234234234232ecae.example.com. | CNAME | _81b05686qweerttcxsaxasdadas5a566.tljzshvwok.acm-validations.aws.
AWS has given my two records for example.com and *.example.com but both records are same. So I added one CNAME record in Godaddy DNS entries. I waited for three days and my certificate was still in pending state which in the end expired. I created a new one and I have been waiting for 24 hours and it is still in pending state. I cannot use Email verification method as I am not owner of this domain.
An apparently common error is to paste the entire hostname into a box that does not expect an FQDN, thus creating a record that actually looks like this in DNS (though you may not observe it this way on the screen):
_8046ecb910c52234234234234232ecae.example.com.example.com
For the "hostname," just use _8046ecb910c52234234234234232ecae when creating the record.
After creating it, use dig or nslookup to verify that it resolves as expected.
I had similar issue with AWS certificate in 'Pending validation' state for quite some time. After few tries I finally got it to get in 'Success' state. It might vary by domain registrar , in my case it was NameCheap.
Refer the screenshots from AWS ACM and NameCheap to follow the step that got it working for me:
I also had this issue and waited a day but still Pending Validation. I followed answers here but still got confused and Pending Validation so I decided to share the step by step of what worked for me in NameCheap.
In AWS:
Export the DNS configuration file. It will have something like this.
Domain Name,Record Name,Record Type,Record Value
mysite.io,_beocc4be975f27599f5d77f87af84321.mysite.io.,CNAME,_6ae531c5dad6c5ceeefd65a73d532881.dumrqilasr.acm-validations.aws.
In NameCheap:
Choose "Domain" tab > NameServers - Choose NameCheap Basic DNS
Choose "Advanced DNS" tab > Host Records
Under Type, choose "CNAME record"
Under Host, use the value in "Record Name". Do not include the domain name.
_beocc4be975f27599f5d77f87af84321.
Under Value, use the value in "Record Value". Copy everything.
_6ae531c5dad6c5ceeefd65a73d532881.dumrqilasr.acm-validations.aws.
Under TTL, choose "Automatic"
Save the settings by clicking the check icon right beside TTL.
In AWS:
Refresh the AWS Certificate Manager after 2-5 minutes. It should only take a few minutes for Amazon status to change from Pending Validation to Issued.
I have the same pending-forever issue with the domain which I registered at Freenom because I forgot to set the name servers from AWS Route 53 to Freenom.
Name servers from AWS Route 53:
*(ns means name server)
Set the name servers above to Freenom:
Then, it was validated from pending. However, even if I set name servers to Freenom, it sometimes takes a forever time to be validated. In this case, I delete the request and make a new request a few hours later again, then, it is validated properly.
Optionally saying, we registered the domains at the domain providers like GoDaddy, Namecheap, Freenow and so on, then, we need to set the name servers from AWS Route 53 to GoDaddy, Namecheap, Freenow and so on. Finally, our domains will be validated from AWS Certificate Manager.
I needed the same solution as #Kai - had to add the NS records to the primary domain. But my situation was a little bit different:
I'm using AWS Route53 for my domains
with the root domain (example.com.au) in a different AWS account
and a subdomain (subdomain.example.com.au) in the account where I'm creating the certificate
Because it's all within AWS I could just click the "create record in Route 53" button to get the verification record automatically added... but the certificate would not resolve
THE PROBLEM : the subdomain was not resolving through to the root domain
HOW I FOUND IT : dig +trace subdomain.example.com.au
that SHOULD return a string of responses from . then au. then com.au. then example.com.au. and finally subdomain.example.com.au.
it did not return the subdomain record, which was the clue that the link between the subdomain and the root domain was not correct.
adding the NS records from the subdomain as a CNAME record on the root domain (similar to Kai's answer) caused the validation to complete almost immediately.
That is my api gw with cloudflare! It works already.
I have a static site hosted in a S3 bucket and a domain registered at Namecheap (e.g mydomain.com)
I would like people to access my site using the bare domain, (i.e without subdomain)
I added a DNS record like so..
Type = CName
Host = #
Value = [URL to S3 bucket]
This works but now emails to mailboxes on that domain (e.g hello#mydomain.com) don't work. I've read that this is because if a CNAME is used to specify the bare canonical name for a host you are not allowed to have any other resource records (e.g MX) for that host.
How can I get around this? I don't want to resort to adding a subdomain like www.
It isn't a valid configurarion to have a CNAME at the apex of a zone like this. The DNS provider should not even allow you to create it. Yes, it breaks your MX if you try it.
That's why Route 53 introduced A-record aliases. See the link mentioned in comments for an explanation. Alias records appear to behave like what people commonly assume a CNAME does, but they aren't CNAMEs and are not invalid at the apex.
To do this right, you need to use Route 53 as your authoritative DNS hosting provider.
One workaround is to create a bucket with www. at the beginning instead of the one you have now, create a www CNAME pointing to it, and then set your # A record to the value provided by a service like http://wwwizer.com, which redirects example.com → www.example.com.
I am not affiliated with that service but I have seen it used for this purpose.