Score:-2

Verifying my email provider seems to have broken my web site

no flag

I read that it would be desirable to "verify" my email provider (zoho), so according to their instructions I added the following records to my DNS (CNAME code altered slightly):

CNAME   zb14799999   zmverify.zoho.com
TXT     @            v=spf1 include:zoho.com ~all

After doing this my website broke and the DNS for my website (the A records) no longer work, although email continues to work.

So, what is going on here? I read up on the CNAME record and apparently it aliases the whole domain, so are web requests now going to zoho, instead of to where the A records are pointing? Maybe I don't understand how email verification works. Why would I have to alias my whole domain to my email provider to "verify" them?

vidarlo avatar
ar flag
Provide us with the *whole* zonefile or tell us the domain so we can look it up ourselves.
jp flag
Your site would break if you creat a `CNAME` record for `@` instead of `zb14799999`.
Nikita Kipriyanov avatar
za flag
@AlexD [it is impossible to create a `CNAME` record for `@`](https://serverfault.com/questions/613829/why-cant-a-cname-record-be-used-at-the-apex-aka-root-of-a-domain) (that's against the RFC)
jp flag
@NikitaKipriyanov while RFC doesn't allow CNAME for apex records but there is no guarantee that every domain registrar control panel conforms to the RFC requirements. The question you linked clearly mentions such a case: "The webhosting company took the stance .... that their software supports it."
Nikita Kipriyanov avatar
za flag
Read the accepted answer please. It explains it correctly, deeply, and in detail, including what Cloudflare does. And, while *control panel* could allow anything, the DNS server behind it would not. BIND would reject to load zone with bogus CNAME record, for example. I doubt a hosting provider wrote their own DNS software. And *vidarlo* is right, we need a complete zone and a complete instruction, to confirm either the instruction was followed incorrectly or it is itself incorrect or not clear.
jp flag
@NikitaKipriyanov as I said, there are control panels and **DNS server software** which will happily allow CNAME as apex records. Even with BIND you can get a situation when BIND rejects incorrect zone data and as the end result, there is no authoritative server for the domain which leads to the site being broken.
Nikita Kipriyanov avatar
za flag
In that case, the whole zone would be broken and email confirmation would have not taken place too. So this question is certainly not the case. Also, can you please tell us any example DNS software which has such a serous deficiency? (At least to be prepared to not to use it by accident.)
jp flag
@NikitaKipriyanov `dig @a.ns.bytemark.co.uk cnameexample.org`. And you don't need to use `tell us`. You are not royal.
Score:0
no flag

This was a false alarm. In fact, other browsers were able to correctly access the web site. The cause was that the web site had no SSL functionality and the test URL was getting defaulted by the browser to https instead of http. So, I am suggesting a test protocol for problems like this for users that have similar problems when they get a "site not found" (=DNS) error in their browser:

  • Verify that the URL is correct, especially that the expected protocol (HTTP vs HTTPS vs FTP or whatever) is being used by the browser

  • Verify that the IP address works and that it is truly a DNS issue (ie try http://45.180.23.121:80 or whatever the IP address is)

  • Verify that you are using the right port number if the web server does not use the default port of 80

  • Check with other browsers, on other machines if possible to narrow down the context of the problem

  • Try nslookup to see if the machine is resolving the URL correctly

  • Use a tool such as dnsrecon to explicate the name resolution as it is currently being published by the DNS servers

  • If the problem is browser specific, clear the DNS cache of the browser for the domain in question and try restarting the browser if necessary.

  • If the problem is guaranteed to be browser specific and you are sure the URL is being entered correctly and the DNS cache is clear, then try restarting the browser, and lastly reset the browser to default settings and disable extensions.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.