DNS records warning message

,

Hello, I use domains and sub-domains in yunohost of the type domain.tld and sub.domain.tld (for example).
I don’t have any problem in my DNS configuration with the OVH provider.

$TTL 3600
@	IN SOA dns999.ovh.net. mnt.ovh.net. (2020102701 86400 3600 3600000 300)
           IN NS     ns999.ovh.net.
           IN NS     dns999.ovh.net.
           IN A      157.237.11.43
           IN AAAA   2800:15fe:903:3569:0:0:0:fde
sub        IN CNAME  domain.tld.

But yunohost issues a warning in its diagnosis, see below.

reports: 
  description: DNS records
  id: dnsrecords
  items: 
    details: 
      - Please check the documentation at https://yunohost.org/dns_config if you need help about configuring DNS records.
      - According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: A
Name: *
Value: 157.237.11.43
      - According to the recommended DNS configuration, you should add a DNS record with the following info.
Type: AAAA
Name: *
Value: 2800:15fe:903:3569:0:0:0:fde
    status: WARNING
    summary: Some DNS records are missing or incorrect for domain domain.tld (category extra)

This warning message appeared after a DNS OVH modification, I was using the “wildcard” declaration ( * CNAME domain.tld.) which was causing me problems in nginx processing (I don’t know how to return an error if the sub-domain doesn’t exist!).
To solve the problem, I declared each sub-domain (sub IN CNAME domain.tld.) and now I have the warning message yunohost !
How can I avoid this warning message?
Greetings

Hello,

You can Ignore the alert in the webadmin.

However

YunoHost is asking you to create A records, not CNAME records. The following should comply with this requirement:

Why would you need to display such an error? I would let the browser not find the domain and display whatever error it needs to display.

Hello, I explain why I use CNAME

DNS configuration wildcard (*)

$TTL 3600
@	IN SOA dns999.ovh.net. mnt.ovh.net. (2020102701 86400 3600 3600000 300)
           IN NS     ns999.ovh.net.
           IN NS     dns999.ovh.net.
           IN A      157.237.11.43
           IN AAAA   2800:15fe:903:3569:0:0:0:fde
*          IN A      157.237.11.43
*          IN AAAA   2800:15fe:903:3569:0:0:0:fde

When you launch the browser with an unknown sub-domain such as https://xxx.domain.tld , you get the following message

Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to xxx.domain.tld. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

What can you do about it?

The issue is most likely with the website, and there is nothing you can do to resolve it. You can notify the website’s administrator about the problem.

Learn more…

DNS configuration CNAME

$TTL 3600
@	IN SOA dns999.ovh.net. mnt.ovh.net. (2020102701 86400 3600 3600000 300)
           IN NS     ns999.ovh.net.
           IN NS     dns999.ovh.net.
           IN A      157.237.11.43
           IN AAAA   2800:15fe:903:3569:0:0:0:fde
wg         IN CNAME  domain.tld.
zic        IN CNAME  domain.tld.

When you launch the browser with an unknown sub-domain such as https://xxx.domain.tld , you get the following message

Hmm. We’re having trouble finding that site.

We can’t connect to the server at xxx.wgvpn.ovh.

If that address is correct, here are three other things you can try:

    Try again later.
    Check your network connection.
    If you are connected but behind a firewall, check that Firefox has permission to access the Web.

Ah, I see. When using the wildcard * and trying to access a subdomain not created in YunoHost, it tries to display a default page secured by its local SSL authority (falsely assigned to yunohost.org, which is not your domain.tld, hence the scary security warning).

I think you can have both * A and sub CNAME entries. :wink:

hi, Impossible with the dns ovh provider tow write both A * and CNAME

Then you have only two choices:

  • keep using CNAMES to avoid the browser error message and ignore the warnings in the webadmin;
  • use the A * records, and embrace the fact that accessing an subdomain not registered in YNH will lead to this SSL error.

Either way, you will end up with an error from the browser. :confused:

Solved , I use the CNAME and I have no error on the browser and I disregard the defect reported by webadmin

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.