Check that a dns record exists for this domain

How to check DNS records of a domain

There are many reasons why you might need to check your domain DNS records which are propagated on the internet. For instance, your website is not available (it might be that DNS records are incorrect) or you need to check which DNS records are shown on the internet.

Domain Name System (DNS) is used to point an incoming website domain toward the IP address of the server. It means that when you open a website, the DNS records fetch the IP address of the server (there is the domain pointed) and serve the website.

So in this guide, I will show how to check your current domain DNS records using provided commands and online tools.

Checking DNS records using the command line

The most efficient way to check DNS records of the domain is to use a terminal with the command nslookup. This command will run on almost all operating systems (Windows, Linux, and macOS). The command nslookup shows all DNS records of the domain and below will be provided various nslookup command for the different DNS record types to check using the command line.

For the demonstration, I will use our domain name �UltaHost.com�. When you will open the terminal window, type the following commands, just do not miss to replace �UltaHost.com� with your domain name.

Lookup A record:

Lookup NS record:

Lookup MX record:

Lookup CNAME record:

Lookup TXT record:

Also, there are other commands which you can use to check DNS records, for example, ping or host. The ping command shows domain A record � where the domain is pointed.

The host command runs on Linux and shows the IP address of a particular domain name or if you want to find out the domain name of a particular IP address.

nslookup and host commands output as an example:

Checking domain DNS records using online tools

If you do not have the ability to check DNS records using the command line, you can check records using online trusted tools. Down below are provided some online tools which you can use.

The online tool where you can enter the domain name and all the domain DNS records will be provided � is the website fully propagated or not worldwide.

This tool not only shows all DNS records for the domain but also shows how those records are propagated on the internet.

This online tool shows domain DNS records. Also, this tool provides warnings and failures of the DNS records. So this leafdns tool will check if your DNS records are correct or no. It�s quite helpful, for example, when you create custom nameservers for the domain.

Wildcard SSL with LetsEncrypt gives error

What I do is that opened db.example.com and at the bottom line add this:

But whe i check it like this:

It gives me this error:

And when I run Certbot also get an error:

What wrong Im doing here?

2 Answers 2

Please note you have to wait for a while until changes in your DNS zone will be updated on servers worldwide. Your problem is that you’re trying to check if changes are applied to the DNS too fast. There is a good way out from this case and it requires using DNS provider’s API. If you use for instance OVH, you can use their API for DNS changes and certbot will be able to check changes immediately. There is a list of all API plugins here: https://certbot.eff.org/docs/using.html?highlight=dns#dns-plugins

If your DNS provider doesn’t support this, try moving your DNS zone to Cloudflare. It’s super easy and you’ll get that service for free. Also, by using DNS API you’ll be able to renew wildcard certificates for free by leaving a single command in cron like this:

So an entry for _acme-challenge.db.example.com inside the zone for db.example.com actually means an entry for _acme-challenge.db.example.com.db.example.com.

To make sure you have the right entry, you can either:

Add a dot a the end: _acme-challenge.db.example.com.

Or not include the domain: _acme-challenge

Also don’t forget to update the serial of the zone (in the SOA record) when you update it, and reload the zone.

This is of course based on the registered name servers for your domain being your own server (and a secondary).

When querying using nslookup or dig you can tell them which server to ask the answer from. Always start by checking your primary, then your secondary, then other servers. And don’t forget some types of updates may take a while (especially changes which are subject to TTL of the previous record, and additions subject to the negative cache TTL of the domain).

check that a DNS record exists for this domain

I have the following ingress manifest file:

Can this problem appear because k8s-cluster.int is inside a intranet? If I curl k8s-cluster.int

So, I think that the DNS works.

1 Answer 1

You tried to use ACME, it is what Let’s Encrypt use. The ACME protocol is basically an automated DNS domain validation and it gives you a «domain validated» certificates. It checks if DNS records with requested names really point to requesting server (or are under control of requesting server), which «proves» that server is permitted to have such certificate.

This means the domain validation is possible only for domain names that are in the global DNS tree. You use a «.int» suffix which doesn’t exists in the global DNS tree (or it exists, but your name doesn’t exist or belong to you). It isn’t what could be «domain validated» with ACME.

So you can’t generate certificates with ACME for this name. Sorry.

Your options are:

After many years of network engineer experience I ended up with this second alternative. I never use «detached private internal» names like «.int», «.local», «.lan» etc. for internal services, even if I know I am not going to connect them with «outside world», even if they are physically disconnected from the Internet. I always use something that descend from my owned global domain names. This saved me much work. And when I sometimes meet a network where these «detached» names are used, almost always there are some dirty quirks to solve obscure problems, which weren’t be needed if they were using global names.

Check that a dns record exists for this domain

Вопрос

Настроил RDS на WinServer 2012R2

Внутри сети все работает корректно.

Запускаю опубликованный калькулятор и мне предлагает ввод логина и пароля, ввожу логин/пароль и появляется ошибка.

«Удаленное приложение RemoteApp отключено. Удаленный ресурс недоступен. Проверьте подключение и повторите попытку.»

На прокси в правиле проброса помимо HTTPS, добавлен и RDP. Telnet отлично отрабатывает и по 443 и по 3389.

В чем еще может быть проблема в моих настройках доступа?

Ответы

Проделайте всё в точности, что я говорю.

1. На внешнем DNS сервере создаете А запись: RDS.домен.ru 95.24.63.215

2. На внутреннем DNS сервере создаете зону RDS.домен.ru и создаете пустую «А» запись в IP сервера.

3. Пробрасываете порты, которые я уже говорил. + 80 порт для Letsencrypt.

4. Разрешаете подключение ко всем ресурсам в политиках авторизации шлюза в оснастке «Диспетчер шлюза удаленных рабочих столов.»

5. Качаете wacs https://www.win-acme.com/

6. Кладете на диск С

7. Выполняете в cmd:

8. В Powershell (Поправив под себя):

— Проверяете с внешки, качаете еще раз ярлык по rdweb и пробуете войти.

Ссылка для RDWEB будет https://rds.domain.ru/rdweb

4. В оснастке » Диспетчер шлюза удаленных рабочих столов»

DNS запись еще наверно не обновилась. Можете пробить её тут допустим: https://mxtoolbox.com/DnsLookup.aspx

Ну Вы не сделали запись rds.ab*****.ru

Еще раз. Вам нужно создать на Вашем nic.ru хостинге запись эту.

Когда Вы выполнили скрипт с wacs, он поставил Вам на все сервисы сертификат Letsencrypt. Единственное, это не отображается в графике, потому Вы видите свой старый rdweb, но это не правда.

То, что Вы поставите в IIS или через коллекцию, одно и тоже. Графика и ставит его в IIS.

Потому делайте через графику, так удобней и меньше шансов наделать ошибки.

Команда изменяет свойства коллекции.

1. Я изменил имя шлюза. Так как до этого было у Вас локальное имя, которое в интернетах не разрешается. Установил такое, которое было бы еще и одноименное с сертификатом.

2. Я поменял имя адреса соединения на то, которое было бы в сертификате, чтоб клиент при подключении, не получал предупреждений о сертификате, что к нему нет доверия. Можно поменять на другое, добавив доп имя в сертификате, в wacs, через запятую.

Можете поменять всё на свой rdweb, но как минимум как-то не очень логичное имя будет в строке состояния вверху, когда зайдете по RDP. Нужно сперва было всё продумать, а потом серт покупать.

Letsencrypt DNS problem looking up A

I successfully installed an SSL certificate for one of my domains the other day using your tutorial. Today I tried to general an SSL certificate for a second domain, and I’m getting the error “DNS problem: NXDOMAIN looking up A for [the domain]”. Now the detail says to make sure the DNS A record contains the right IP address. I checked, it does.

Next it suggests to make sure no firewalls are preventing the server from communicating. How could that be a problem when I’ve done this before with no problem? I have not installed any firewalls or anything else for that matter since then.

Could this DNS problem have anything to do with the massive DDoS attack that’s occurring today? Suggestions appreciated.

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.