Hi all,
We created a CNAME record a few days ago and noticed it was not redirecting to the correct target most of the time (it's supposed to redirect to an AWS service, but instead just returning to our *.domain.tld target).
We tried creating another subdomain and it worked fine without any issue, we deleted and re-created our CNAME record and it's still going on the wrong target.
1. We can communicate with Google DNS through a traceroute
2. When executing dig on the subdomain, we have the issue :
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55796
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;; ANSWER SECTION:
;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Mar 06 16:47:14 STD 2019
;; MSG SIZE rcvd: 178
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64119
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;; ANSWER SECTION:
;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Mar 06 16:47:15 STD 2019
;; MSG SIZE rcvd: 76
As you can see above, we don't have the same reply for the 2 exact same commands at a few seconds interval (the correct one is the first with AWS, the bad one is the second one).
Google Public DNS also struggles to reply the correct data without performing DNSSEC validation (returns both the true and bad values)
We have no issues with Level 3's, OpenDNS or Cloudflare DNS servers.
This has been tested on a computer running Ubuntu, a computer running Windows, an iPhone connected through 4G (no wifi on the same network as the 2 previous computers) and an AWS server.
Please apologize for some typos ;)