3

I have the domain example1.com - DNS managed at Linode.com

There is a site hosted at example1.com (1.1.1.2) and it works fine.

I have an A record for example1.com that points sub.example1.com to 1.1.2.2

I can confirm requests to sub.example1.com resolve to 1.1.2.2, as expected.

I have added sub.example1.com to DigitalOcean and linked to my server.

sub.example1.com loads up my site fine from the server at DigitalOcean.

Now, I have added an A record wildcard * that points to the same 1.1.2.2 (*.sub.example1.com)

I have waited long enough for DNS propagation but pings to random.sub.example1.com are failing as the host can't be located.

Why can't I add a wildcard for a sub-domain of a sub-domain? Is this even possible?

Ralph
  • 802
  • 11
  • 25
  • Okay, I've ruled out the possibility of conflicting `NS` records and zone definitions. There should be no reason why a `*.accounts` wildcard won't work. We're going to need the contents of your zone file. – Andrew B Mar 05 '15 at 02:21
  • @AndrewB I linked it to a pastie dump, is that okay? I'd hate for these to be crawled and indexed. – Ralph Mar 05 '15 at 02:24
  • Since we've found the problem and you appear to be concerned for the privacy of this domain, I've submitted a request to have these comments wiped. – Andrew B Mar 05 '15 at 02:44

2 Answers2

4

Something appears to be misconfigured. You are attempting to define a separate DNS zone for your subdomain, but it does not exist on the internet facing DNS servers.

Here is what I see, replacing your domain with example.com.ng:

$ dig +trace accounts.example.com.ng SOA

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +trace accounts.example.com.ng SOA
;; global options: +cmd
.                       130141  IN      NS      l.root-servers.net.
.                       130141  IN      NS      i.root-servers.net.
.                       130141  IN      NS      d.root-servers.net.
.                       130141  IN      NS      e.root-servers.net.
.                       130141  IN      NS      g.root-servers.net.
.                       130141  IN      NS      j.root-servers.net.
.                       130141  IN      NS      k.root-servers.net.
.                       130141  IN      NS      c.root-servers.net.
.                       130141  IN      NS      m.root-servers.net.
.                       130141  IN      NS      a.root-servers.net.
.                       130141  IN      NS      b.root-servers.net.
.                       130141  IN      NS      f.root-servers.net.
.                       130141  IN      NS      h.root-servers.net.
;; Received 488 bytes from 75.75.75.75#53(75.75.75.75) in 15 ms

ng.                     172800  IN      NS      ns1.nic.net.ng.
ng.                     172800  IN      NS      ns2.nic.net.ng.
ng.                     172800  IN      NS      ns3.nic.net.ng.
ng.                     172800  IN      NS      ns4.nic.net.ng.
ng.                     172800  IN      NS      nsa.nic.net.ng.
;; Received 246 bytes from 128.63.2.53#53(128.63.2.53) in 48 ms

example.com.ng.          21600   IN      NS      ns1.linode.com.
example.com.ng.          21600   IN      NS      ns2.linode.com.
example.com.ng.          21600   IN      NS      ns3.linode.com.
;; Received 104 bytes from 194.0.1.29#53(194.0.1.29) in 81 ms

example.com.ng.          86400   IN      SOA     ns1.linode.com. REDACTED.gmail.com. 2015030476 14400 14400 1209600 86400
;; Received 108 bytes from 65.19.178.10#53(65.19.178.10) in 74 ms

See that SOA record at the end? That isn't the SOA record for your second zone. We can't tell you why this is the case, but until this is corrected none of the changes you make within that second zone file will influence DNS queries.

Andrew B
  • 31,858
  • 12
  • 90
  • 128
  • The SOA was set at Linode and I'm able to change that if it'll help, but I don't know what I'm supposed to change it to. – Ralph Mar 05 '15 at 02:37
  • I would double check the name of the zone. The linode DNS servers do not think you have a zone defined for `accounts.example.com.ng`, so the contents of your SOA record don't really matter here. It never gets used. – Andrew B Mar 05 '15 at 02:41
  • You found the problem, AndrewB. Thanks for the effort. I'm going to open a ticket with D.O and wait for their advice. I'll post a comment here when I hear back from them. – Ralph Mar 05 '15 at 02:41
1

I'm going to share the responses I received from both Linode and Digital Ocean as I believe they might be useful to someone at some point:

Linode

I believe the issue you're seeing is due to you not have a DNS zone for your second level domain. As far as I can see you need to create a new zone for accounts.example.com.ng, you will need to create NS records on the example.com.ng zone that point to ns1.linode.com - ns5.linode.com.

Once this has been accomplished you can make a CNAME for the wildcard, pointing to where you intend to point it. You will then want to make an A record for "accounts.example.com.ng" (the hostname field would be blank), which points to any IP address of your choice (even 127.0.0.1).

I hope this helps!

Digital Ocean

I see that you've added the wildcard record to your DNS settings here and it looks correct; however, if the apex domain (example.com.ng) DNS is served by Linode's nameservers, you should add the record there rather than creating a separate DNS zone file here at DigitalOcean. If there are any configuration issues, their Support team can see the DNS records that you're trying to create and would be better able to help.

Let us know if you have any other questions!

Second entry (different staff):

Thanks for taking the time to write in today. This level of DNS service is very much possible. The problem you are facing is that you simply added an A record when you created accounts.example.com.ng. And the *.accounts.example.com.ng record requires an actual subdomain delegation to work. Subdomains require name server records to point to a new server for delegation. If you ran a nameserver on accounts.example.com.ng and delegated the entire zone to that server, then you can have accounts.example.com.ng host *.accounts..example.com.ng.

It would look something similar to this:

ns1.linode.com (authoratative server) - example.com.ng

| -----> ns1.accounts.example.com.ng (authoratative server) - accounts.example.com.ng (DigitalOcean Droplet) | -----> ns1.accounts.example.com.ng A 1.1.2.2 -----> *.accounts.example.com.ng A 1.1.2.2

You could also try testing a double wild card record. It would look similar to this: *.*.example.com.ng A 1.1.2.2

To help better understand wildcard DNS records, I would recommend reading http://en.wikipedia.org/wiki/Wildcard_DNS_record and for a more indepth perspective of the subject please read https://www.rfc-editor.org/rfc/rfc4592

Please let us know if there is anything else we can help you with.

Best, Mike DigitalOcean Support Check out our community for great tutorials, articles and FAQs! https://digitalocean.com/community

I'm going to analyze this and attempt the suggested solutions. I'll update this post with whatever works!

Update: After exchanging a few messages with Linode support, I was able to configure DNS correctly. This was the reply that helped:

The only way to do this would be to have accounts.example.com.ng set as a separate zone and then within that zone create the A record to the IP that accounts.example.com.ng is currently set to and then set *.accounts.example.com.ng within that zone to the IP you need.

Community
  • 1
Ralph
  • 802
  • 11
  • 25