Home
Support Forums

Sudden DNS issues. Google domains pointing at netlify DNS_PROBE_FINISHED_BAD_CONFIG

My netlify domain is austin-west-net.netlify.app , which for the longest time is what I pointed my google CNAME at (austinwest.net). Suddenly it stopped working, reporting a dns issue. My subdomains(a records) and other domains I have with google work fine, but netlify was super broken. I popped into my netlify account and it’s telling me to point my google cname at apex-loadbalancer.netlify.com, which I’ve done, but the problem still persists. Someone explain to me why my site, left untouched, suddenly stopped working? and how can i fix it?

Hi @austinthetaco :wave: ,

It appears the problem is with the A record, not CNAME record. The A record for the apex domain austinwest.net should point to 75.2.60.5.

Why would the A record need to point there when it has a CNAME pointing toward netlify? Your own internal documentation even says CNAME OR A record. Also can you explain why it suddenly stopped working when it was working just fine before? What did netlify do?

ALSO: I cannot have have both a CNAME and an A record for the same domain, SO I need someone to tell me why my CNAME worked fine for 2 1/2 years and then suddenly you’re now telling me I need an A record instead of a CNAME.

The only existing A records I have are subdomains pointing at a different webserver altogether, but none are WWW (i.e. tree.).

if the CNAME record worked before, that would mean that no other records on the root domain did - e.g. MX records. This is not a limitation of netlify but of the DNS standard.

You are welcome to use the CNAME there, but it will cause many bad effects such as disallowing other records on the root, as described in this article: Why a domain’s root can’t be a CNAME — and other tidbits about the DNS

But there were other A records that existed prior. I’ve had an A record for ghost. for a year and a half now, yet the www cname worked just fine. If i change it to an A record for my domain it will require me putting in a www, which is exactly how i DON’T want my website configured. I want to still use http://austinwest.net (not www.austinwest.net), but also be able to point my DNS at my ghost. and tree. subdomain servers. Was working just fine before.

Nothing has changed in behavior on our side around how we interact with DNS records in the past couple of years.

Regardless, we do of course want you to be successful in using our service in the way that best suits your needs, so let’s try this a different way: how about if you spell out exactly what you want to achieve, something like this:

“I want to configure domain X in Y DNS hosting service. I want hostname A to point to my netlify site, and hostname B to point to this other location. How can I best achieve this?”

…and then we can tell you the best way to accomplish it? I think this will get you to your goal fastest since I know nothing about your DNS hosting, or how google domains handles things, but we can definitely guide you to a solution that meets your spec, once we understand it in detail.

I just mentioned how I want it to work. I want to be able to use http://austinwest.net (NOT http://www.austinwest.net) to point toward my app on netlify, while tree.austinwest.net and ghost.austinwest.net points at a totally different server not hosted by netlify. exactly how it worked for 2 years.

Hi @austinthetaco

You need to set the A record for austinwest.net to point to the Netlify load balancer mentioned previously. Currently there is no A record for the apex

$ dig austinwest.net A +noall +answer

; <<>> DiG 9.10.6 <<>> austinwest.net A +noall +answer
;; global options: +cmd

Currently you have an A record for the www subdomain pointing to the Netlify load balancer

$ dig www.austinwest.net A +noall +answer

; <<>> DiG 9.10.6 <<>> www.austinwest.net A +noall +answer
;; global options: +cmd
www.austinwest.net.	3600	IN	A	75.2.60.5

when in fact www should have a CNAME record pointing to austin-west-net.netlify.app. If you want to then have people see austinwest.net in the browser address bar set austinwest.net as the primary domain with www.austinwest.net as the secondary/alias. Also look at domain-level redirects to redirect austin-west-net.netlify.appaustinwest.net

ghost.austinwest.net appears to have no DNS records.

As DNS is managed by you/Google Domains, this is not a Netlify issue. This is also not the first time recently I have seen a Netlify user with Google Domains needing to reconfigure the A record for an apex domain.

Hi, @austinthetaco. I agree with @coelmay. The root cause is a DNS issue and the domain is not using Netlify DNS service so it definitely isn’t Netlify’s fault.

If test what would be returned if the DNS was working, it is definitely the same site. I can spoof the DNS for testing with curl's --resolve option like so :

$ curl -s https://austin-west-net.netlify.app/ | md5sum
2b61f5457ddc6b250e880f1298803bec  -
$ curl -s --resolve austinwest.net:443:75.2.60.5 https://austinwest.net/ | md5sum
2b61f5457ddc6b250e880f1298803bec  -

This shows that the site would work, if the DNS was working. Nothing changed at Netlify so the change must have been on the DNS side - which, again, Netlify doesn’t control so that change cannot be caused by us.

The issue currently is that DNS record doesn’t exist:

luke@macbook-luke-pdx : ~/tmp : 2021-12-27 23:27:25 :
$ dig austinwest.net

; <<>> DiG 9.10.6 <<>> austinwest.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40773
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;austinwest.net.			IN	A

;; AUTHORITY SECTION:
austinwest.net.		300	IN	SOA	ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 28 21600 3600 259200 300

;; Query time: 71 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Dec 27 23:28:40 PST 2021
;; MSG SIZE  rcvd: 136

The DNS query shows no answer and no error and returns the SOA record instead. This proves that the record doesn’t exist.

I do show an A record for www.austinwest.net:

$ dig +noall +answer  www.austinwest.net
www.austinwest.net.	3600	IN	A	75.2.60.5

Please note, the A record is only for apex domains. We recommend using a CNAME pointing to austin-west-net.netlify.app (whatever the site’s netlify.app subdomain is) for all other domain names other than apex domains. This comes from the external DNS documentation section about subdomains.

Also, if you are not using Netlify DNS, making the apex domain the primary custom domain means all traffic for the site is sent to a single IP address and the site won’t use our global CDN. We strongly recommend making www the primary custom domain if using the A record (or an ALIAS record) on the apex domain.

It will still work if you make austinwest.net the primary custom domain but the site won’t use the full CDN.

These are the two recommended DNS records:

austinwest.net.     3600    IN  A       75.2.60.5
www.austinwest.net.	3600	IN	CNAME	austin-west-net.netlify.app.

or, if you can make ALIAS records, it would be this:

austinwest.net.     3600    IN  ALIAS   apex-loadbalancer.netlify.com.
www.austinwest.net.	3600	IN	CNAME	austin-west-net.netlify.app.

Finally, about not wanting to use www at all, our service does pair apex domains with www under the apex automatically if either is used for a site. I do see that www.austinwest.net is currently configured to automatically redirect all request to austinwest.net but both apex and the www subdomain are assigned to the site at this time.

Our support team can override this, however, so if you do want to use one alone (apex only or www only) please let us know. The downside is that once the override is made, our support team will need to manually make changes to any domains added or removed from the SSL certificate until this override is removed again. If you don’t plan to make DNS changes, though, this downside is probably a non-issue.

To summarize, I am seeing the apex domain DNS record not working and that is why the site doesn’t work for austinwest.net.

If there are any other questions about this, please let us know.

1 Like