CNAME Flattening returning CNAME records

My domain is configured with a CNAME record as a root record. Per the CNAME flattening documentation it should return an A record pointing to the resolved IP address of the CNAME root record.
When I query Cloudflare dns and google dns, this happens flawleslly, but other DNS are returning the CNAME domain instead of the A record, which causes email deliverability problem (the server tries do find an MX record for the CNAME domain instead of our real domain).

Anyone knows why sometimes CNAME flattening does not work?

Domain? And which resolvers are you referring to?

[email protected]:~ dig @199.9.14.201 usereserva.com mx +short (empty response) [email protected]:~ dig @8.8.8.8 usereserva.com mx +short
10 aspmx2.googlemail.com.
5 alt2.aspmx.l.google.com.
1 aspmx.l.google.com.
5 alt1.aspmx.l.google.com.
10 aspmx3.googlemail.com.

Also:
[email protected]:~$ dig @8.8.8.8 usereserva.com

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> @8.8.8.8 usereserva.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24132
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;usereserva.com. IN A

;; ANSWER SECTION:
usereserva.com. 4 IN A 23.5.47.236

;; Query time: 13 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Aug 20 19:10:37 -03 2019

And when I query other DNS I got no A record:
[email protected]:~$ dig @199.9.14.201 usereserva.com

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> @199.9.14.201 usereserva.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49368
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 27
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 419afe6ac150d48f549b908b5d5c7065e8d78dd7da1af5df (good)
;; QUESTION SECTION:
;usereserva.com. IN A

;; AUTHORITY SECTION:
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.

;; ADDITIONAL SECTION:
a.gtld-servers.net. 172800 IN A 192.5.6.30
b.gtld-servers.net. 172800 IN A 192.33.14.30
c.gtld-servers.net. 172800 IN A 192.26.92.30
d.gtld-servers.net. 172800 IN A 192.31.80.30
e.gtld-servers.net. 172800 IN A 192.12.94.30
f.gtld-servers.net. 172800 IN A 192.35.51.30
g.gtld-servers.net. 172800 IN A 192.42.93.30
h.gtld-servers.net. 172800 IN A 192.54.112.30
i.gtld-servers.net. 172800 IN A 192.43.172.30
j.gtld-servers.net. 172800 IN A 192.48.79.30
k.gtld-servers.net. 172800 IN A 192.52.178.30
l.gtld-servers.net. 172800 IN A 192.41.162.30
m.gtld-servers.net. 172800 IN A 192.55.83.30
a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30
b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30
c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30
d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30
e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30
f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30
g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30
h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30
i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30
j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30
k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30
l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30
m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30

;; Query time: 179 msec
;; SERVER: 199.9.14.201#53(199.9.14.201)
;; WHEN: Tue Aug 20 19:12:53 -03 2019
;; MSG SIZE rcvd: 867

199.9.14.201 isn’t a recursive resolver, it’s the root server b.root-servers.net. It’s answering correctly, with a referral to the .com authoritative nameservers.

Try asking another resolver, like 1.1.1.1 or 9.9.9.9.

1 Like

Ehm, you wrote you are getting a CNAME. There is no CNAME in that response whatsoever. Also, you are querying for MX and not A. As for that particular resolver, @mnordhoff already addressed what the issue is.

As far as I can tell flattening works on all actual resolvers.

1 Like

We ran a dig script on one of our internet forwarders yesterday, to see how often the internet returns only an A record versus the CNAME’s.

No offence, but that output is pretty useless and actually just clutters the thread.

Which resolver are you using? There probably is an issue with that resolver. Cloudflare does not return a CNAME

$ dig +short @justin.ns.Cloudflare.com usereserva.com A

23.5.224.66

Thanks for the Reply.
You are correct , sorry about that.

I just pasted the answer form our “support”.

All right, though the question still is can you post something where that is reproducible? My best guess would be that resolver is returning some previously cached value, but thats just a guess.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.