Hello, I use domains and sub-domains in yunohost of the type domain.tld and sub.domain.tld (for example).
I don’t have any problem in my DNS configuration with the OVH provider.
$TTL 3600
@ IN SOA dns999.ovh.net. mnt.ovh.net. (2020102701 86400 3600 3600000 300)
IN NS ns999.ovh.net.
IN NS dns999.ovh.net.
IN A 157.237.11.43
IN AAAA 2800:15fe:903:3569:0:0:0:fde
sub IN CNAME domain.tld.
But yunohost issues a warning in its diagnosis, see below.
reports:
description: DNS records
id: dnsrecords
items:
details:
- Please check the documentation at https://yunohost.org/dns_config if you need help about configuring DNS records.
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: A
Name: *
Value: 157.237.11.43
- According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: AAAA
Name: *
Value: 2800:15fe:903:3569:0:0:0:fde
status: WARNING
summary: Some DNS records are missing or incorrect for domain domain.tld (category extra)
This warning message appeared after a DNS OVH modification, I was using the “wildcard” declaration ( * CNAME domain.tld.) which was causing me problems in nginx processing (I don’t know how to return an error if the sub-domain doesn’t exist!).
To solve the problem, I declared each sub-domain (sub IN CNAME domain.tld.) and now I have the warning message yunohost !
How can I avoid this warning message?
Greetings
$TTL 3600
@ IN SOA dns999.ovh.net. mnt.ovh.net. (2020102701 86400 3600 3600000 300)
IN NS ns999.ovh.net.
IN NS dns999.ovh.net.
IN A 157.237.11.43
IN AAAA 2800:15fe:903:3569:0:0:0:fde
* IN A 157.237.11.43
* IN AAAA 2800:15fe:903:3569:0:0:0:fde
When you launch the browser with an unknown sub-domain such as https://xxx.domain.tld , you get the following message
Warning: Potential Security Risk Ahead
Firefox detected a potential security threat and did not continue to xxx.domain.tld. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.
What can you do about it?
The issue is most likely with the website, and there is nothing you can do to resolve it. You can notify the website’s administrator about the problem.
Learn more…
DNS configuration CNAME
$TTL 3600
@ IN SOA dns999.ovh.net. mnt.ovh.net. (2020102701 86400 3600 3600000 300)
IN NS ns999.ovh.net.
IN NS dns999.ovh.net.
IN A 157.237.11.43
IN AAAA 2800:15fe:903:3569:0:0:0:fde
wg IN CNAME domain.tld.
zic IN CNAME domain.tld.
When you launch the browser with an unknown sub-domain such as https://xxx.domain.tld , you get the following message
Hmm. We’re having trouble finding that site.
We can’t connect to the server at xxx.wgvpn.ovh.
If that address is correct, here are three other things you can try:
Try again later.
Check your network connection.
If you are connected but behind a firewall, check that Firefox has permission to access the Web.
Ah, I see. When using the wildcard * and trying to access a subdomain not created in YunoHost, it tries to display a default page secured by its local SSL authority (falsely assigned to yunohost.org, which is not your domain.tld, hence the scary security warning).
I think you can have both * A and sub CNAME entries.