I have a MaaS server with a maas-eng.sc DNS zone. I created some CNAME records that point to an A record in the same zone. For example “ceph-vmo-lab” is a CNAME for “vmo-ingress.maas-eng.sc”.
However MaaS DNS refuses to respond to queries for these records:
nslookup ceph-vmo-lab.maas-eng.sc 10.11.135.11
Server: 10.11.135.11
Address: 10.11.135.11#53
** server can't find ceph-vmo-lab.maas-eng.sc: NXDOMAIN
If I replace the CNAME record with an A record, I have to restart MaaS before it responds to at least the A record again.
What is going wrong here?
Figured it out, I had to change 2 things:
-
I was running into https://kb.isc.org/docs/aa-00269, which details that only trusted networks can request DNS recursion. Dig was showing WARNING: recursion requested but not available as a hint. After I adjusted the list of external networks in MaaS allowed to use DNS, this error went away.
-
I was now getting a NXDOMAIN error, looking at the dig output it showed
ceph-vmo-lab.maas-eng.sc. 30 IN CNAME vmo-ingress.maas-eng.sc.maas-eng.sc.
Clearly it was doubling the DNS zone. I removed the DNS zone from the CNAME data, leaving just the vmo-ingress part. At that point, it worked correctly.
