Wildcard domain expect A record for the service

fbartels

Can you post the box log from when this happened? I did have a wildcard domain set up in the past and did not have troubles with installing app.

nebulon

The wildcard only works for subdomains (my.example.com) not the bare domain (example.com)

So if you want to install something on example.com you have setup an A record for that also https://docs.cloudron.io/domains/#wildcard-dns

girish

It will fail on waiting for DNS propagation, until an explicit A DNS entry will be created, routing to the same server.
Suggested fix: verify if DNS record could be resolved, without explicit DNS records requirements.

This is expected. There is no Wildcard concept in DNS. It comes from bind (the software) behavior/configuration . At the DNS protocol level, you can only query explicit entries.

potemkin_ai

@girish said in Wildcard domain expect A record for the service:

This is expected. There is no Wildcard concept in DNS. It comes from bind (the software) behavior/configuration . At the DNS protocol level, you can only query explicit entries.

I don't know if it's standard or specific from some specific implementation, but on all DNS providers I ever used, I was able and happily created just one entry:

A entry with * key and my server box IP's and had it working.

I understand, however, that you might have another experience - you have a broader exposure due to the users base, but I still believe that it's more then enough just try to do DNS lookup on the specific entry, without requiring a dedicated A entry - this way you preserve functionality check and make DNS Wildcard management easier for those who decide to use.

Please, correct me if I'm wrong!

nebulon

You can test this with your provider by only setting up one DNS record, the wildcard record and then see if the bare domain resolves correctly. In either case, Cloudron only checks by resolving the domain/subdomain in question as you suggest, we don't check the api or anything from the provider if wildcard is used.

potemkin_ai

@nebulon said in Wildcard domain expect A record for the service:

You can test this with your provider by only setting up one DNS record, the wildcard record and then see if the bare domain resolves correctly. In either case, Cloudron only checks by resolving the domain/subdomain in question as you suggest, we don't check the api or anything from the provider if wildcard is used.

I did! My setup worked just fine from command line (with host), but Cloudron's app setup didn't work, until I setup an explicit A record - hence my 'bug' report!

girish

@potemkin_ai said in Wildcard domain expect A record for the service:

I still believe that it's more then enough just try to do DNS lookup on the specific entry, without requiring a dedicated A entry

This is how it works already. There is actually no way in DNS to lookup wildcards i.e there is no such thing as host *.domain.com. Cloudron can only do host app.domain.com. The '*' entry you enter in registrar/hosting provider is just a configuration for the DNS server.

So, I think the issue was probably something else. Maybe some DNS propagation issue or something else. Can you make out from the logs why it failed?

girish

I quickly tried this. I set up *.wildcard.smartserver.io and wildcard.smartserver.io in my DNS provider and added wildcard.smartserver.io as Wildcard provider. Then, I installed test.wildcard.smartserver.io, it looks up like below...

Apr 24 17:51:44 box:tasks update 2115: {"message":"Waiting for propagation of test.wildcard.smartserver.io"}
Apr 24 17:51:44 box:dns/waitfordns waitForDns: waiting for test.wildcard.smartserver.io to be 185.232.70.47 in zone smartserver.io
Apr 24 17:51:44 box:dns/waitfordns waitForDns: nameservers are ["chad.ns.cloudflare.com","carol.ns.cloudflare.com"]
Apr 24 17:51:44 box:dns/waitfordns resolveIp: Checking if test.wildcard.smartserver.io has A record at 173.245.59.82
Apr 24 17:51:44 box:dns/waitfordns isChangeSynced: test.wildcard.smartserver.io (A) was resolved to 185.232.70.47 at NS chad.ns.cloudflare.com (173.245.59.82). Expecting 185.232.70.47. Match true
Apr 24 17:51:44 box:dns/waitfordns resolveIp: Checking if test.wildcard.smartserver.io has A record at 172.64.33.82
Apr 24 17:51:44 box:dns/waitfordns isChangeSynced: test.wildcard.smartserver.io (A) was resolved to 185.232.70.47 at NS chad.ns.cloudflare.com (172.64.33.82). Expecting 185.232.70.47. Match true
Apr 24 17:51:44 box:dns/waitfordns resolveIp: Checking if test.wildcard.smartserver.io has A record at 108.162.193.82
Apr 24 17:51:44 box:dns/waitfordns isChangeSynced: test.wildcard.smartserver.io (A) was resolved to 185.232.70.47 at NS chad.ns.cloudflare.com (108.162.193.82). Expecting 185.232.70.47. Match true
Apr 24 17:51:44 box:dns/waitfordns waitForDns: test.wildcard.smartserver.io at ns chad.ns.cloudflare.com: done
Apr 24 17:51:44 box:dns/waitfordns resolveIp: Checking if test.wildcard.smartserver.io has A record at 108.162.192.80
Apr 24 17:51:44 box:dns/waitfordns isChangeSynced: test.wildcard.smartserver.io (A) was resolved to 185.232.70.47 at NS carol.ns.cloudflare.com (108.162.192.80). Expecting 185.232.70.47. Match true
Apr 24 17:51:44 box:dns/waitfordns resolveIp: Checking if test.wildcard.smartserver.io has A record at 173.245.58.80
Apr 24 17:51:44 box:dns/waitfordns isChangeSynced: test.wildcard.smartserver.io (A) was resolved to 185.232.70.47 at NS carol.ns.cloudflare.com (173.245.58.80). Expecting 185.232.70.47. Match true
Apr 24 17:51:44 box:dns/waitfordns resolveIp: Checking if test.wildcard.smartserver.io has A record at 172.64.32.80
Apr 24 17:51:44 box:dns/waitfordns isChangeSynced: test.wildcard.smartserver.io (A) was resolved to 185.232.70.47 at NS carol.ns.cloudflare.com (172.64.32.80). Expecting 185.232.70.47. Match true
Apr 24 17:51:44 box:dns/waitfordns waitForDns: test.wildcard.smartserver.io at ns carol.ns.cloudflare.com: done
Apr 24 17:51:44 box:dns/waitfordns waitForDns: test.wildcard.smartserver.io has propagated

potemkin_ai

@girish thank you and yeah - I understand. I usually test things with abrakadabra.mydomain.com, given that * exists on mydomain.com

I can't see logs now and unfortunately I'm out of hands to repeat things, but the reason I've decided to try to add A entry was exactly a log entry saying something like 'checking if A entry exists' - it was for quite long time and since * record existed for a few weeks, I didn't suspect cache problem. Especially, since you use unbound that does direct requests, from what I remember.

As soon as I created A entry everything went smooth in a minute or two - that's when I decided to raise a ticket.

I understand I'm not helping with the details - please, feel free to close this thread if so. I was hoping it make some sense to you from the code perspective, as you might be checking something like dig forum.cloudron.io A, as opposed to host forum.cloudron.io.

girish

Ah ok. I guess, let us know if it happens again!