If I run dig against a hostname, I get the according cname, however I get an NXDOMAIN error (non existent domain).
if I run dig against the cname I got, I can resolve it to an IP address successfully. It is reproduceable.
On the system I am currently on it is always the case, on other systems it sometimes works and sometimes not, and on other systems it seems to work all the time.
If I run using a nameserver I specify (for example google's public nameserver) I can successfully resolve the hostname.
I would just blame the local system, but it seems I am not having the only one problems.
The 2nd domain (example.net) is hosted on amazon route 53 nameservers.
The 1st one on another dns server which has proven to be fully functional and reliable over the years.
I once switched with the other domain to amazon dns as well, everything seemed to work, also various dns health check tests reported fine, however i received a lot of support tickets that dns resolution would not work.
Is amazon just "bad" or am I doing something wrong?
I did not tamper with the domain in any way on the local system (in case of caching or making a custom dns view or whatever…)
joe@joe:~$ dig scorpion.example.com
; <<>> DiG 9.8.1-P1 <<>> scorpion.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10222
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;scorpion.example.com. IN A
;; ANSWER SECTION:
scorpion.example.com. 180 IN CNAME alpha.nue.scorpion.example.net.
;; Query time: 28 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jun 18 10:28:39 2012
;; MSG SIZE rcvd: 84
joe@joe:~$ dig alpha.nue.scorpion.example.net
; <<>> DiG 9.8.1-P1 <<>> alpha.nue.scorpion.example.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25381
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;alpha.nue.scorpion.example.net. IN A
;; ANSWER SECTION:
alpha.nue.scorpion.example.net. 300 IN A 192.0.2.130
;; Query time: 48 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jun 18 10:28:47 2012
;; MSG SIZE rcvd: 66
joe@joe:~$
Best Answer
You're getting an NXDOMAIN on your first request because you're asking for an A (as you can see in the question section) and the server is only responding with a CNAME. So, the issue you're seeing is caused by the DNS-server for
example.com, and not by Amazon.As I understand it, servers will usually return the A-record that the CNAME-record points to as part of the answer to save bandwidth (since, otherwise, that's likely to be your very-next-question). However, I don't think that they have to, and I'm pretty sure that some particularly pedantic DNS servers (I'm looking at you, unpatched-tinydns) don't include the A-record in the answer.
(EDIT: As pointed out by kworr, if the A-name is out-of-bailiwick then you're also relying on the server's willingness to do that recursive query for you)