11 replies

[SOLVED] Stale DNS records (it's always DNS)

I’ve been tearing my hair out trying to figure out why my ACME-DNS challenges weren’t working for just one of my domains (well, *.riff.cc)

Turns out

zorlin@durian ~ $ dig -t TXT _acme-challenge.riff.cc

; <<>> DiG 9.16.48 <<>> -t TXT _acme-challenge.riff.cc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5823
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;_acme-challenge.riff.cc.       IN      TXT

;; ANSWER SECTION:
_acme-challenge.riff.cc. 207    IN      TXT     "ii9WIXF_GV0Er1U3mPWUavuCxJYOXfcTauVdbwKczFg"
_acme-challenge.riff.cc. 207    IN      TXT     "lc7b0j0Tcx8hd2UqjpuxEywDcFX1_mhwJfz4M6wCNnc"

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sat Feb 24 10:46:31 UTC 2024
;; MSG SIZE  rcvd: 164

zorlin@durian ~ $ dig -t TXT _acme-challenge.riff.cc

; <<>> DiG 9.16.48 <<>> -t TXT _acme-challenge.riff.cc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5823
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;_acme-challenge.riff.cc.       IN      TXT

;; ANSWER SECTION:
_acme-challenge.riff.cc. 207    IN      TXT     "ii9WIXF_GV0Er1U3mPWUavuCxJYOXfcTauVdbwKczFg"
_acme-challenge.riff.cc. 207    IN      TXT     "lc7b0j0Tcx8hd2UqjpuxEywDcFX1_mhwJfz4M6wCNnc"

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sat Feb 24 10:46:31 UTC 2024
;; MSG SIZE  rcvd: 164

There are two “ghost” TXT records that are still being served even though they were deleted a long time ago.

If I add a new record to Cloudflare under that name:

zorlin@durian ~ $ dig -t TXT _acme-challenge.riff.cc @1.1.1.1

; <<>> DiG 9.16.48 <<>> -t TXT _acme-challenge.riff.cc @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41513
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_acme-challenge.riff.cc.       IN      TXT

;; ANSWER SECTION:
_acme-challenge.riff.cc. 300    IN      TXT     "TESTING"
_acme-challenge.riff.cc. 300    IN      TXT     "ii9WIXF_GV0Er1U3mPWUavuCxJYOXfcTauVdbwKczFg"
_acme-challenge.riff.cc. 300    IN      TXT     "lc7b0j0Tcx8hd2UqjpuxEywDcFX1_mhwJfz4M6wCNnc"

;; Query time: 10 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat Feb 24 10:50:54 UTC 2024
;; MSG SIZE  rcvd: 184

zorlin@durian ~ $ dig -t TXT _acme-challenge.riff.cc @1.1.1.1

; <<>> DiG 9.16.48 <<>> -t TXT _acme-challenge.riff.cc @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41513
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_acme-challenge.riff.cc.       IN      TXT

;; ANSWER SECTION:
_acme-challenge.riff.cc. 300    IN      TXT     "TESTING"
_acme-challenge.riff.cc. 300    IN      TXT     "ii9WIXF_GV0Er1U3mPWUavuCxJYOXfcTauVdbwKczFg"
_acme-challenge.riff.cc. 300    IN      TXT     "lc7b0j0Tcx8hd2UqjpuxEywDcFX1_mhwJfz4M6wCNnc"

;; Query time: 10 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat Feb 24 10:50:54 UTC 2024
;; MSG SIZE  rcvd: 184

It shows up. If I remove that record, it goes back to the “ghost two”.

How the heck do I get rid of the bad records?

Cloudflare Developers•2y ago•

11 replies

Wings

[SOLVED] Stale DNS records (it's always DNS)

I’ve been tearing my hair out trying to figure out why my ACME-DNS challenges weren’t working for just one of my domains (well, *.riff.cc)

Turns out

zorlin@durian ~ $ dig -t TXT _acme-challenge.riff.cc

; <<>> DiG 9.16.48 <<>> -t TXT _acme-challenge.riff.cc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5823
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;_acme-challenge.riff.cc.       IN      TXT

;; ANSWER SECTION:
_acme-challenge.riff.cc. 207    IN      TXT     "ii9WIXF_GV0Er1U3mPWUavuCxJYOXfcTauVdbwKczFg"
_acme-challenge.riff.cc. 207    IN      TXT     "lc7b0j0Tcx8hd2UqjpuxEywDcFX1_mhwJfz4M6wCNnc"

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sat Feb 24 10:46:31 UTC 2024
;; MSG SIZE  rcvd: 164

zorlin@durian ~ $ dig -t TXT _acme-challenge.riff.cc

; <<>> DiG 9.16.48 <<>> -t TXT _acme-challenge.riff.cc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5823
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;_acme-challenge.riff.cc.       IN      TXT

;; ANSWER SECTION:
_acme-challenge.riff.cc. 207    IN      TXT     "ii9WIXF_GV0Er1U3mPWUavuCxJYOXfcTauVdbwKczFg"
_acme-challenge.riff.cc. 207    IN      TXT     "lc7b0j0Tcx8hd2UqjpuxEywDcFX1_mhwJfz4M6wCNnc"

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sat Feb 24 10:46:31 UTC 2024
;; MSG SIZE  rcvd: 164

There are two “ghost” TXT records that are still being served even though they were deleted a long time ago.

If I add a new record to Cloudflare under that name:

zorlin@durian ~ $ dig -t TXT _acme-challenge.riff.cc @1.1.1.1

; <<>> DiG 9.16.48 <<>> -t TXT _acme-challenge.riff.cc @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41513
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_acme-challenge.riff.cc.       IN      TXT

;; ANSWER SECTION:
_acme-challenge.riff.cc. 300    IN      TXT     "TESTING"
_acme-challenge.riff.cc. 300    IN      TXT     "ii9WIXF_GV0Er1U3mPWUavuCxJYOXfcTauVdbwKczFg"
_acme-challenge.riff.cc. 300    IN      TXT     "lc7b0j0Tcx8hd2UqjpuxEywDcFX1_mhwJfz4M6wCNnc"

;; Query time: 10 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat Feb 24 10:50:54 UTC 2024
;; MSG SIZE  rcvd: 184

zorlin@durian ~ $ dig -t TXT _acme-challenge.riff.cc @1.1.1.1

; <<>> DiG 9.16.48 <<>> -t TXT _acme-challenge.riff.cc @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41513
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_acme-challenge.riff.cc.       IN      TXT

;; ANSWER SECTION:
_acme-challenge.riff.cc. 300    IN      TXT     "TESTING"
_acme-challenge.riff.cc. 300    IN      TXT     "ii9WIXF_GV0Er1U3mPWUavuCxJYOXfcTauVdbwKczFg"
_acme-challenge.riff.cc. 300    IN      TXT     "lc7b0j0Tcx8hd2UqjpuxEywDcFX1_mhwJfz4M6wCNnc"

;; Query time: 10 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat Feb 24 10:50:54 UTC 2024
;; MSG SIZE  rcvd: 184

It shows up. If I remove that record, it goes back to the “ghost two”.

How the heck do I get rid of the bad records?

[SOLVED] Stale DNS records (it's always DNS)

[SOLVED] Stale DNS records (it's always DNS)

Similar Threads

Similar Threads

Similar Threads