No AAAA record

[bmgtenty]

Hi,

I started with the Administrator level and sending of an email to my domain  tenty.ca 
and receive the error:  no AAAA record.

I have  A  and AAAA records for tenty.ca and ns1.tenty.ca and they  resolve correctly from
other servers at internet

I queried also the dns 2001:470:20::2  & 74.82.42.42  of  he.net and they  resolve also correctly
there so I don't understand it.

Greetings,

Bob

[jimb]

I see the AAAA.  Sometimes the HE name server they cert machine resolves against gets negative cache entries.  This will typically happen if your NS doesn't have the AAAA when it first queries (misconfiguration or whatever).  If you wait a bit, it may just start working.

[cholzhauer]

Same here...I'm able to see the AAAA records...have you been able to re-try the test?

IIRC, when I made the changes that were needed to pass the sage test, it took a couple of days for them to become active.

[jimb]

This happens enough that if I were running the cert stuff, I'd set up a recursive name server dedicated to the cert tests, and run a cron job that flushes the caches every five minutes or so (rndc flush).  That way if there was a neg cache or some misconfigured item cached, it would only last five minutes.

[bmgtenty]

I just tried and now it is working again  and I  could do the test.

Strange as I had  always the correct AAAA records in my dns.

Anyhow  whatever it is at HE, thanks  for the reponse.

Bob

[kcochran]

Re: No AAAA record

[jimb]

This happens enough that if I were running the cert stuff, I'd set up a recursive name server dedicated to the cert tests, and run a cron job that flushes the caches every five minutes or so (rndc flush).  That way if there was a neg cache or some misconfigured item cached, it would only last five minutes.

It does use a local caching recursor.  Alas, the only way to do that and make it available to the various testing bits is to make it the system global one.  Restarting it that often has caused issues in the brief window when it's restarting.

Consider it an additional educational element on DNS TTL values. ;-)

I wonder if using "rndc flush" would be disruptive?  I can see how restarting would cause problems, but with "rndc flush" it doesn't stop the DNS server, just tells it to dump its cache (presumably negative cache entries too).  Presuming you're using BIND.

Yeah I was also thinking that it's sort of part of the deal to have to wait for DNS if you dork it up, since the same thing would happen in a non test scenario too.