Thanks for the explanation! This setup is part of a configuration wizard by Flowfact (realestate management software). The CNAME is one of the settings that have to be set according to their tool - it also validates successfully.
The problem is, their tool raises an "unknown error" and the helpdesk tells me, they don't support this part of their software (wtf?). I thought this might be something obvious but as Thomas pointed out, a CNAME to TXT should be fine (which I never tried or thought would work). My assumption that CNAME must return an IP address simply was wrong. This makes me more confident, my side is actually working correctly and there is something broken at Flowfact. Thanks again! Kind regards Kevin Am Do., 26. Sept. 2019 um 12:27 Uhr schrieb frank+pdns--- via Pdns-users < pdns-users@mailman.powerdns.com>: > Hi Kevin, > > ===========>% =========== > C:\Users\kolbrich>nslookup -q=CNAME _ > 91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de. 8.8.8.8 > Server: dns.google > Address: 8.8.8.8 > > Nicht autorisierende Antwort: > _91867ab3c77f152ba4ab0cceeabb3666.expose.graf-borstar.de canonical > name = _c09668a36b3b6665549a795863f30b9b.olprtlswtu.acm-validations.aws > > > My NS has a catch-all zone using "." including SOA to be authoritative for > all new domains that do not yet have a zone (async processing). > This allows us to be responsive for zones we actually did not yet create > or have not been replicated. > > > > > It's seems, that AWS uses the same authoritative NS to resolv it's own > CNAME (which does not resolve at all in public): > > > I doubt that’s the problem (and note that acm-validations.aws is a valid > domain name and points to AWS). > > I believe the problem might be here: > > ~ ❯❯❯ dig SOA expose.graf-borstar.de > > ; <<>> DiG 9.10.6 <<>> SOA expose.graf-borstar.de > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58518 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 1280 > ;; QUESTION SECTION: > ;expose.graf-borstar.de. IN SOA > > ;; ANSWER SECTION: > expose.graf-borstar.de. 3593 IN CNAME > fae31f3b-08a0-4b3c-8767-7f1b1baec2af.iexendpoints.de. > > ;; AUTHORITY SECTION: > iexendpoints.de. 293 IN SOA ns-660.awsdns-18.net. > awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 > > ;; Query time: 19 msec > ;; SERVER: 192.168.2.1#53(192.168.2.1) > ;; WHEN: Thu Sep 26 12:20:56 CEST 2019 > ;; MSG SIZE rcvd: 199 > > > You have a CNAME in place for expose.graf-borstar.de. Does that belong > there? This might cause issues. > > Could you also clarify the problem you are having? It’s not 100% clear to > me at this point. > > Kind Regards, > > Frank > Frank Louwers > PowerDNS Certified Consultant @ Kiwazo.be > > > > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users >
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
