I'm trying to add a PTR DNS record in Google Cloud DNS and I'm getting an error every time I save the file through the command console. I have added other entries and they are working as expected.
{
"kind": "dns#resourceRecordSet",
"name": "xxx.xx.148.146.in-addr.arpa.",
"rrdatas": [
"mail.mydomain.com."
],
"ttl": 60,
"type": "PTR"
}
The error I receive is Invalid value for 'entity.change.additions[0].name
I've tried following the example here and it doesn't work https://groups.google.com/forum/#!msg/cloud-dns-discuss/quaYSpZImQg/QANCaDOzp3AJ
The error you are getting is due to the PTR record's "name:" field. Google servers check this field's domain part (everything after the first dot) to be equal to the domain specified as dns_name when the managed zone (zone file) was created, i.e. is reflected in the zone's SOA record.
When it come to PTR records, said records can NOT be placed into the same zone (aka managed-zone in G lingo) as the rest of domain records: said PTRs are to be placed under a separate zone file, a separate domain for all intents and purposes. Think of it as a reverse domain. This domain's name is conditioned by the subnet the PTR's IP belongs to. For instance, a PTR record that looks up IP 1.2.3.4 would be placed inside a zone named 3.2.1.in-addr.arpa. In said zone, one would find PTR records relating IP 1.2.3.4 and the rDNS result 4.3.2.1.in-addr.arpa
So, in your case, make sure you have a zone with dns_name xx.148.146.in-addr.arpa. (more on that here), into which you can then place your PTR records for IPs starting with 146.148.xx.
Related
After transferring a domain from another registrar to AWS, I can't get it verified in the Certificate Manager. I created a hosted zone, the CNAME records created by the Certificate Manager are there, I tried with the DNS tester - the records seem good. However it still says "pending validation". I tried a few times, waited a couple of days and it doesn't seem it will work.
I'm totally out of ideas, any help?
DNS validation require 2 things to be setup correctly. Record Name and Record Value
Check if you're correctly setting these in Route53. Reference Doc here: https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html
Now 2 issues which are very common
In the Record Name part confirm that you're not adding your domain name in the value. _X is the only part you have to copy-paste. If you copy _X.YourDomain then 'YourDomain' part is duplicated
Record Value ends with . (a period / dot). Don't remove that period
You can verify the settings from https://mxtoolbox.com/ it has various configurations like A record, CNAME, DNS Validation, etc.
What is the business impact you are facing?
Hi , We have domains say mildev.com and it has it original 4 NS assigned while creation. I want to append a few more name servers to it (my secondary NS).
but when i try to update the NS list using terraform it fails with
Error: Error creating ResourceDnsRecordSet: googleapi: Error 409: The resource 'entity.rrset' named 'mildev.com. (NS)' already exists, alreadyExists
Of-course, the name mildev.com NS [[NS_list_origina_]] is there but is there a way i can update? I see update is allowed using UI but why isnt it allowed via APIs?
Any guidance will be helpfull.
Thanks
type = string
default = "mildev.com."
}
resource "google_dns_managed_zone" "selected" {
name = format("d-%s",replace(trim(var.domain_name , "."),".","-"))
dns_name = var.domain_name
visibility = "public"
}
locals {
sec_name_servers = [
"pdns93.net.",
"pdns94.biz.",
"pdns93.com.",
"pdns93.org.",
]
}
resource "google_dns_record_set" "add_ns_records" {
name = google_dns_managed_zone.selected.dns_name
rrdatas = concat(local.sec_name_servers,google_dns_managed_zone.selected.name_servers)
ttl = 86400
type = "NS"
managed_zone = google_dns_managed_zone.selected.name
}
When Terraform creates a google_dns_managed_zone, the zone automatically gets created with NS records specific to Google Cloud (nameservers they provide that the zone will live on). Terraform does not import these NS records into state, so all future attempts to add or manipulate NS records in any Google Cloud Zone will fail, citing that the record set already exists: 1 2
google_dns_record_set.clouddns_ns: Error creating DNS RecordSet: googleapi: Error 409: The resource 'entity.change.additions[0]' named 'domain.com. (NS)' already exists, alreadyExists.
Additionally make sure you are using the latest terraform version.
$ terraform -v
You will not change the name servers there, as the NS records (usually) are being configured at the domain registrar - not in Cloud DNS. Unless the registrar would be Google Domains, your code might be running against the wrong site. When updating NS in Cloud DNS (in case this may even be possible), but not the registrar, you might end up with broken DNS resolution.
Adding / removing NS is generally a strange concept, as one may add this type of record once and then forgets about it... besides, Cloud DNS has 100% guaranteed uptime and it distributes quickly.
The default NS to use would be eg:
ns-cloud-c1.googledomains.com.
ns-cloud-c2.googledomains.com.
ns-cloud-c3.googledomains.com.
ns-cloud-c4.googledomains.com.
I have one question to define the dns records. In this url (https://cloud.google.com/dns/docs/records), I read
Note: Adding the # symbol in this field causes the record to fail.
This generates some doubts, until now whenever I had defined the records in Google Cloud DNS, instead of using # I left it empty (thus referring to $ ORIGIN)
This is so?
that is, for example
example.com. 300 IN TXT "v = spf1 xxxxxxxxxxxxxxxxxxxxxxxxx"
example.com. 300 IN MX 10 server.domain.com.
Thank you very much
I am trying to upload zone file from godaddy to AWS, when I copy paste the zone file content to AWS and click upload, the following error appeared:
Error parsing zone file: Error in line 38: Invalid address: >>++PARKED1++<< (encountered after 1 correct records)
In line:
# 600 IN A >>++PARKED1++<<
It looks like your domain was 'parked' with GoDaddy at the time you tried to export you zone file. >>++PARKED1++<< is an internal variable which GoDaddy use in there DNS Db.
The actual record is an A record and you should just replace >>++PARKED1++<< with the external IP address of your hosting provider. (e.g 1.1.1.1)
After the change you should expect that line of the config file to read as;
# 600 IN A 1.1.1.1 (For example.)
The GoDaddy help page also says;
The exported data follows the BIND zone file format and RFC 1035. You
must manually edit the exported data before a BIND DNS server can use
it directly. These edits will differ based on the requirements of the
server to which you are uploading the exported file.
But sadly it does not provide any useful pointers to the reader as to what exactly needs to be changed...
If you are mapping to an elasticbeanstalk.com endpoint then you shouldn't use an IP address (as they may change) and instead change the record type to ALIAS and then add the name of your endpoint xxxx.elasticbeanstalk.com
I was stuck exactly here for a while, and I think I might have an answer.
In place of the -parked- / missing 'a record' value, use the IP of the current application with a temporary adress.
For example, the IP address of example.eu-north-1.elasticbeanstalk.com
If unknown this IP address can also be found at www.whatsmydns.net.
Just type in the temporary address (e.g. the EB url address above) and the IP will show.
I.e. this is the -A Record- to use in place of the word -Parked-... copy & paste.
A second update on this..
After a couple of days I learnt that method above did not work too well.
Essentially, the A - IPv4 address of my EB app kept changing every so often.
Instead I updated the A Record to ALIAS (by ticking Alias = Yes) then entered the address of my EB app. Example xxxxxx.elasticbeanstalk.com
So far this has worked..
Just remove that line and use import. After the import, you can add the alias to the IP address
I have two domain names in aws route53:
bar.org
mybar.org
i am trying to generate Letsencrypt certificate using ruby based hook of dns-01 challenge ( https://gist.github.com/joshgarnett/02920846fea35f738d3370fd991bb0e0)
I am generating certificate for the domain "mybar.org", so my domains.txt contains the name as:
mybar.org
when i try to run dehydrated -c i get the following error:
RRSet with DNS name _acme-challenge.mybar.org. is not permitted in zone bar.org.
why does it try to add RRSet in bar.org instead of mybar.org? How do i get it working?
ruby based dns hook linked in the question has a bug at the following line at find_hosted_zone function while finding the hosted zone index out of available Route53 zones.
index = hosted_zones.index { |zone| domain.end_with?(zone.name.chop)
}
index is derived based on the zone ends with the give domain name. Since my domain name "mybar.org" evaluates to true with "bar.org" (other available zone), it returns index of that zone. So this needs a PR to solve the issue.
in my case it worked fine while i modified the code as:
index = hosted_zones.index { |zone| zone.name.chop.end_with?(domain)
}