- Newest
- Most votes
- Most comments
Is this in a private or public zone? If you are running Split Horizon, make sure its in the public zone as internally you could resolve from your VPC if it was created in a Private zone
Public zone with simple routing
Now i am stumped
TL;DR answer: I think you had it right to begin with.
selector1-vetmedux-com._domainkey.educationalconcepts.onmicrosoft.com is a TXT record, and as such doesn't have an IP address to resolve to, so you can't nslookup
it in the normal way. You can get its value by running nslookup -q=txt
:
$ nslookup selector1-vetmedux-com._domainkey.educationalconcepts.onmicrosoft.com
Server: dns.google
Address: 8.8.8.8
Name: selector1-vetmedux-com._domainkey.educationalconcepts.onmicrosoft.com
$ nslookup -q=txt selector1-vetmedux-com._domainkey.educationalconcepts.onmicrosoft.com
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
selector1-vetmedux-com._domainkey.educationalconcepts.onmicrosoft.com text =
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08RF3VL/RhdOWjNFU0/A+aKMUX0N5fMkE8ZXFFOgIRuYTZ4qGOXOlz7YmNNyVGOEoDYqJeqzQtJ8FHM3J9eYRApS4In0IduS38L/8pCKcfmDwXgMXzfR0k+cIguSWYA+ChCUOJMPHmRUmolaME8aAvVObYlWPDGHpcdfjAqsyPCY5sGrkYn8st5dhYP2I+IVn"
"WRcr9V4XEFN751dGh9l7QmRcLyoMB2NGfehBV2OdaXxI28epzQOZWDyg3xxJ9QCXSYtrRN3N0y8vfDtut/NCjZA15JqlL+DFcL3zZQR3JecBjb7P2pyTvoEya2i0b7QKG3WWcHXrWTALkSc8T+SqQIDAQAB;"
$
It is completely legal to have a CNAME whose value is the record name of a TXT record, but you're just going to see the same behaviour.
In a domain that I own I've setup a simple TXT record called txtrecord, and then a CNAME pointing to it called cname2txt:
$ nslookup txtrecord.[mydomain].net
Server: dns.google
Address: 8.8.8.8
Name: txtrecord.[mydomain].net
$ nslookup cname2txt.[mydomain].net
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
Non-authoritative answer:
Name: cname2txt.[mydomain].net
$ nslookup -q=txt txtrecord.[mydomain].net
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
txtrecord.[mydomain].net text =
"thisisatextrecord"
$ nslookup -q=txt cname2txt.[mydomain].net
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
cname2txt.[mydomain].net canonical name = txtrecord.[mydomain].net
txtrecord.[mydomain].net text =
"thisisatextrecord"
$
And just for completeness, I've setup record in my domain that mimics what you're trying to do, and it works as described above:
$ nslookup selector1._domainkey.[mydomain].net
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
Non-authoritative answer:
Name: selector1._domainkey.[mydomain].net
$ nslookup -q=txt selector1._domainkey.[mydomain].net
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
selector1._domainkey.[mydomain].net canonical name = selector1-vetmedux-com._domainkey.educationalconcepts.onmicrosoft.com
selector1-vetmedux-com._domainkey.educationalconcepts.onmicrosoft.com text =
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08RF3VL/RhdOWjNFU0/A+aKMUX0N5fMkE8ZXFFOgIRuYTZ4qGOXOlz7YmNNyVGOEoDYqJeqzQtJ8FHM3J9eYRApS4In0IduS38L/8pCKcfmDwXgMXzfR0k+cIguSWYA+ChCUOJMPHmRUmolaME8aAvVObYlWPDGHpcdfjAqsyPCY5sGrkYn8st5dhYP2I+IVn"
"WRcr9V4XEFN751dGh9l7QmRcLyoMB2NGfehBV2OdaXxI28epzQOZWDyg3xxJ9QCXSYtrRN3N0y8vfDtut/NCjZA15JqlL+DFcL3zZQR3JecBjb7P2pyTvoEya2i0b7QKG3WWcHXrWTALkSc8T+SqQIDAQAB;"
I should also include that, rather than all this fiddling about with nslookup
flags, if you dig
the record you can see the correct value is set from the start:
$ dig selector1._domainkey.[mydomain].net
; <<>> DiG 9.16.40-RH <<>> selector1._domainkey.[mydomain].net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27574
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;selector1._domainkey.[mydomain].net. IN A
;; ANSWER SECTION:
selector1._domainkey.[mydomain].net. 300 IN CNAME selector1-vetmedux-com._domainkey.educationalconcepts.onmicrosoft.com.
;; AUTHORITY SECTION:
onmicrosoft.com. 28 IN SOA ns1-208.azure-dns.com. azuredns-hostmaster.microsoft.com. 1 3600 300 2419200 300
;; Query time: 187 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Jul 22 15:11:32 AEST 2023
;; MSG SIZE rcvd: 226
$
If you don't have the dig
command available to you then I can recommend the Google Toolbox interface at https://toolbox.googleapps.com/apps/dig/
Relevant content
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Can you share screen shot of cname record?
Yes, just did.
Thanks..Answered below