I have a SimpleHosting instance at gandi.net, connected with a domain at Gandi, mygandidomain.org, and another domain, myrootdomain.name registered somewhere else.
I successfully added a CNAME entry in my myrootdomain.name's DNS records to let one subdomain, subdomain.myrootdomain.name point to my SimpleHosting instance at Gandi, i.e.:
subdomain 10800 IN CNAME mygandidomain.org.
When I now go to subdomain.myrootdomain.name with Google Chrome I get an error message: "Error 404 Vhost unknown."
This error message comes from Gandi, not from my other domain name registrar. So I conclude that the CNAME entry has taken effect.
However, to resolve this error, I only read the instructions afterwards. The instructions given by Gandi tell me I should do the following:
The instructions at Gandi say I should point it to gpaas12.dc2.gandi.net., i.e.
Add a CNAME line
subdomain 10800 IN CNAME gpaas12.dc2.gandi.net.
instead of
subdomain 10800 IN CNAME mygandidomain.org.
… and, to authorize myself as the owner of the domain, Should I delete any of them? Which one should I keep, to be in line with Gandi's instructions to add:
@ 10800 IN TXT "test=s0m3r4nD0mG!bB3ri$hStr1nG"
I should also add a TXT entry:
@ 10800 IN TXT "test=s0m3r4nD0mG!bB3ri$hStr1nG"
with some gibberish random string provided by Gandi.
So I did that. Since I cannot enter these lines directly but have to use some input web interface, I entered the TXT entry value once with and once without quotation marks, and both for the subdomain (entered subdomain.myrootdomain.name. into the "host" input field) and for the root domain (entered myrootdomain.name. into the "host" input field), just to be sure, because I am not allowed to enter "@" or "*" in that input field.
I changed the TTL for all added and changed DNS entries to 300. So they should have been updated long ago. But here is what still happens when digging:
$ dig txt subdomain.myrootdomain.name
; <<>> DiG 9.10.3-P4-Ubuntu <<>> txt subdomain.myrootdomain.name
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50813
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;subdomain.myrootdomain.name. IN TXT
;; ANSWER SECTION:
subdomain.myrootdomain.name. 3599 IN CNAME mygandidomain.org
mygandidomain.org. 10799 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
;; Query time: 52 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Jul 11 05:42:59 CEST 2018
;; MSG SIZE rcvd: 85
So the CNAME still points to mygandidomain.org, it seems, as I set it in the very beginning (before changing it to gpaas12.dc2.gandi.net.)
I don't know if that's bad, because mygandidomain.org in turn supposedly points to the hosting instance at gpaas12.dc2.gandi.net, if I understand correctly. (And I can actually access my Gandi-hosted site through mygandidomain.org)
However, I thought I should see any of the TXT entries I added for subdomain.myrootdomain.name by now.
If I understand these lines correctly:
;; QUESTION SECTION:
;subdomain.myrootdomain.name. IN TXT
… this means that there is a TXT entry for subdomain.myrootdomain.name which is, however, empty?
It seems there is only a non-empty TXT entry present in the Gandi domain's DNS entries here:
;; ANSWER SECTION:
subdomain.myrootdomain.name. 3599 IN CNAME mygandidomain.org
mygandidomain.org. 10799 IN TXT "v=spf1 include:_mailcust.gandi.net ?all"
…, which has nothing to do with the TXT entry I was supposed to add to myrootdomain.name.
I did add the specified TXT entry with the provided string value, once with and once without quotation marks, both for myrootdomain.name and for subdomain.myrootdomain.name.
Same result regarding TXT entries for digging myrootdomain.name (where I think the TXT entry is supposed to be, as per the instructions by Gandi):
;; QUESTION SECTION:
;myrootdomain.name. IN TXT
Just one empty TXT entry? Should the changs not have taken effect by now?
I also flushed CNAME and TXT entries several times in Google's public DNS (8.8.8.8), through the interface at https://developers.google.com/speed/public-dns/cache, for both myrootdomain.name and subdomain.myrootdomain.name. And I am using the Google DNS server as my primary DNS on this machine.
When I go to subdomain.myrootdomain.name with Google Chrome, I still get the Error "Error 404 Vhost unknown." – which is probably to be expected, judging from the DNS digging results. This error message comes from Gandi, so at least the CNAME (either to gpaas12.dc2.gandi.net or still to mygandidomain.org) has taken effect there. Only the TXT entry, which should help to authorize domain ownership, is still not recognized, I guess.
Strangely, though, when I go to subdomain.myrootdomain.name with Firefox, I still get the older error message from my non-Gandi domain provider: "No website is configured under this address."
Is there something wrong with my TXT entry inputs? As I said, I added them with both subdomain.myrootdomain.name (which is probably not in line with Gandi's instructions) as well as to myrootdomain.name (which would probably be in line with Gandi's instructions), simply because I could not enter "@" or "*" instead, and wanted to be sure that I included the entry that is expected. And I also added them both twice, once with quotation marks included and once with quotation marks excluded, assuming that only the correct entry would be picked up by Gandi.
Should I delete any of them? Which one should I keep, to be in line with Gandi's instructions to add:
@ 10800 IN TXT "test=s0m3r4nD0mG!bB3ri$hStr1nG"
I cannot see how my inputs actually translate into these text lines.
But none of them seem to show up when doing $ dig .... until now anyway. Should I not see them appearing when doing $ dig ...? As I said, TTL is 300 (was longer at first), and I did the Google DNS flush thing.
Thanks for any hints and tips about how to interpret what's happening here.
EDIT: It works now. Not quite sure, but my hunch is that the extra TXT entry that I added for subdomain.mydomain.name. was somehow in conflict with the CNAME for subdomain.mydomain.name.. The manual said to add the TXT only for mydomain.name. and not subdomain.mydomain.name., but as I explained, I did both "just to be sure". I'm not quite sure that this was what did the trick, but this was the last thing I changed, and now it works.
Best Answer
This quite long question is a collection of common misunderstandings seen on Server Fault many times. Also, questions like this will usually get more detailed answers with actual domains we could test with. I hope you'll have a better understanding on what's going on here after reading these:
This has nothing to do with DNS: the fact that you can see Gandi's page tells that the DNS has been point to their servers, but their web servers aren't configured to recognize it. To link a domain, you first need to Add a virtual host to your instance from the instance control panel.
The second step for domains not at Gandi is adding the
CNAMEfor the subdomain and theTXTat the domain apex:@ IN TXTis equivalent tomyrootdomain.name. IN TXT. As you could see from the manual, the form of thisTXTrecord seems to besubdomain=hash. If your given record literally hadtest=s0m3r4nD0mG!bB3ri$hStr1n, it was probably ment fortest.myrootdomain.nameinstead of yoursubdomain.myrootdomain.name. In that case you need to start from the beginning by adding the exact subdomain you are planning to use.No, this is question section displaying what you were looking for. It's not empty, it just doesn't have the results. The results are in the answer section. And it's not empty:
The query is cached for the
TTLseconds. If you change the TTL time afterwards, it doesn't affect already cached queries. It was originally cached for10800seconds i.e. 3 hours, of which this3599seconds was left when last editing your question.If you need to check whether the record is updated at your authoritative name servers, you must perform the query directly against them (replace with an actual
NSof your domain):If you add a
TXTrecord on a subdomain that already hasCNAMErecord, it's normal that it doesn't work: it'll show theTXTfrom the canonical name, instead, just like in your results. If a hostname has aCNAMErecord, it must not have other resource records of other type. Care to know why? I have an answer, and AndrewB even more detailed on a canonical question.