This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Cloud DNS failed to resolve

Posted on 07-10-2024 10:22 PM
xenford
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

I am trying to setup a webserver to my domain tockens.com. I initially purchased this domain at google, now its been migrated to squarespace.com I have setup a web server using GCE and Nginx and then created a load balancer. as part of it i have created a zone in cloud DNS and same NS servers I have updated in squarespace configuration, I have create A and CNAME records in cloud DNS. Now following are the problems.

1) most of the time the domain resolution is not happening ( checked at nslookup.io )

2) Google managed ssl certificate stuck at provisioning state ( probably because of 1 )

Please help me to solve these issues. Is cloud DNS working fine?

Regards,

xenford

Solved Solved
1 3 641
Topic Labels
Jump to Solution
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
AI
Staff
Reply posted on --/--/---- --:-- AM

Hello @xenford 

thank you for reaching out and for the concert about the health of our product. Cloud DNS is absolutely fine, let's try to tackle your questions here.

I see that currently the domain in question is active 

 

$whois tockens.com | grep status:
status:       ACTIVE

 

and the name servers responsible for the zone are ns-cloud-c[1-4].googledomains.com.

 

#dig NS tockens.com +short +cd
ns-cloud-c4.googledomains.com.
ns-cloud-c2.googledomains.com.
ns-cloud-c3.googledomains.com.
ns-cloud-c1.googledomains.com.

 

I am also able to see the records you created (A and CNAME):

 

$dig A tockens.com +short +cd
34.93.48.44

$dig CNAME www.tockens.com +short +cd
tockens.com.

 

Now regarding this not resolving. As you may have noticed I am using +cd flag in my queries. CD stands for "checking disabled" and what it does it disables the DNSSec checking. If you look at this page, you will see that there is an issue with DNSSec validation, where in the parent domain you have the DS record, but no DNSKEY record in the child zone. There are two ways out of this:

  • first, you can disable the DNSSec at the registrar level, this is disable dnssec validation for the domain
  • second, you can enable DNSSec for your zone (you will also need to take a new generated DS record and update the registrar with it in this case), this will keep the DNSSec enabled for the domain.

First path is easier and quicker, but either way is good and you need to decide if you have a reason to keep dnssec enabled.

View solution in original post

Jump to Solution

Posted on --/--/---- --:-- AM
AI
Staff
In response to xenford
Reply posted on --/--/---- --:-- AM

Hello again, yeah, I see the domain looks healthier now in DNSViz. I was able to resolve it now without using +cd flag too.

As for the certificate, please make sure that

  • the certificate is assigned to the load balancer
  • the domain in the certificate resolves to the ip address of the load balancer it is assigned to

Here is some guidance about how to make sure the certificate can be validated and issued. Check the certificate status against the table if something still doesn't work.

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
AI
Staff
Reply posted on --/--/---- --:-- AM

Hello @xenford 

thank you for reaching out and for the concert about the health of our product. Cloud DNS is absolutely fine, let's try to tackle your questions here.

I see that currently the domain in question is active 

 

$whois tockens.com | grep status:
status:       ACTIVE

 

and the name servers responsible for the zone are ns-cloud-c[1-4].googledomains.com.

 

#dig NS tockens.com +short +cd
ns-cloud-c4.googledomains.com.
ns-cloud-c2.googledomains.com.
ns-cloud-c3.googledomains.com.
ns-cloud-c1.googledomains.com.

 

I am also able to see the records you created (A and CNAME):

 

$dig A tockens.com +short +cd
34.93.48.44

$dig CNAME www.tockens.com +short +cd
tockens.com.

 

Now regarding this not resolving. As you may have noticed I am using +cd flag in my queries. CD stands for "checking disabled" and what it does it disables the DNSSec checking. If you look at this page, you will see that there is an issue with DNSSec validation, where in the parent domain you have the DS record, but no DNSKEY record in the child zone. There are two ways out of this:

  • first, you can disable the DNSSec at the registrar level, this is disable dnssec validation for the domain
  • second, you can enable DNSSec for your zone (you will also need to take a new generated DS record and update the registrar with it in this case), this will keep the DNSSec enabled for the domain.

First path is easier and quicker, but either way is good and you need to decide if you have a reason to keep dnssec enabled.

Jump to Solution

Posted on --/--/---- --:-- AM
xenford
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

Thank you so much for your response. I have opted the option 1 and disabled DENSec at squarespace. Now the dig is working. Lets hope the ssl certificate provisioning also takes place. As it needs time, awaiting for result.

Thanks once again.

Jump to Solution

Posted on --/--/---- --:-- AM
AI
Staff
In response to xenford
Reply posted on --/--/---- --:-- AM

Hello again, yeah, I see the domain looks healthier now in DNSViz. I was able to resolve it now without using +cd flag too.

As for the certificate, please make sure that

  • the certificate is assigned to the load balancer
  • the domain in the certificate resolves to the ip address of the load balancer it is assigned to

Here is some guidance about how to make sure the certificate can be validated and issued. Check the certificate status against the table if something still doesn't work.

Jump to Solution
Top Labels in this Space
Top Solution Authors
View all