[Solved, but a Bug?] MIAB DNS Added new Custom DNS did not work

Note: this is no longer a problem, but a debugging resource.

Have simple single domain serviced by MIAB: blockfish.info. But had run into a real problem. Tried to add new Custom DNS, in this case a CNAME for pong.blockfish.info but the records were not being served by the MIAB DNS. Leaving a record of travails, so others will learn from my mistake.

TL;DR: You cannot add TXT (or even A records as another MIAB admin found out) records with hosts using CNAME records.

To start the new hosts show up in the Custom DNS interface:

Domain Name Record Type Value
mail.blockfish.info CNAME blockfish.info. [delete]
mail.blockfish.info TXT v=spf1 -all [delete]
cloud.blockfish.info CNAME blockfish.info. [delete]
cloud.blockfish.info TXT v=spf1 -all [delete]
office.blockfish.info CNAME blockfish.info. [delete]
office.blockfish.info TXT v=spf1 -all [delete]
pong.blockfish.info CNAME blockfish.info. [delete]

The Custom DNS API also works but alters only information on the Custom DNS page; the new records were not being served.

Did a dig from MIAB server directly and can confirm the records were NOT served:

bgertz@blockfish:~$ dig @127.0.0.1 +short pong.blockfish.info
bgertz@blockfish:~$ dig @127.0.0.1 pong.blockfish.info

; <<>> DiG 9.11.3-1ubuntu1.9-Ubuntu <<>> @127.0.0.1 pong.blockfish.info
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, **status: NXDOMAIN**, id: 30320
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: f390ad0fa3e23b5339b96d0d5da246c0edc481db5611d625 (good)
;; QUESTION SECTION:
;pong.blockfish.info.		IN	A

;; AUTHORITY SECTION:
blockfish.info.		1489	IN	SOA	ns1.blockfish.info. hostmaster.blockfish.info. 2019100903 7200 1800 1209600 1800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct 12 23:33:52 CEST 2019
;; MSG SIZE  rcvd: 127

Note that this wasn’t confined to CNAME records, I had the same problem with TXT records as well (Let’s Encrypt challenge records added via the Custom DNS API). I’d updated the system packages and rebooted the system several times to no avail. I’ve tried deleting the new entry, rebooting, then readding the entry. That yielded no soap. Strangely, all of the old Custom DNS records did work:

bgertz@blockfish:~$ dig @127.0.0.1 +short office.blockfish.info TXT
blockfish.info.
"v=spf1 mx -all"

The bit of the zone file from /etc/nsd/zones/blockfish.info.txt looks right (this is the last bit of the file - not whole thing):

cloud IN CNAME blockfish.info.
cloud IN TXT “v=spf1 -all”
mail IN CNAME blockfish.info.
mail IN TXT “v=spf1 -all”
ns1 IN A 86.81.67.183
ns1 IN TXT “v=spf1 -all”
_dmarc.ns1 IN TXT “v=DMARC1; p=reject”
ns2 IN A 86.81.67.183
ns2 IN TXT “v=spf1 -all”
_dmarc.ns2 IN TXT “v=DMARC1; p=reject”
office IN CNAME blockfish.info.
office IN TXT “v=spf1 -all”
pong IN CNAME blockfish.info.
www IN A 86.81.67.183
www IN TXT “v=spf1 -all”
_dmarc.www IN TXT “v=DMARC1; p=reject”

Looking though the corresponding signed zone file I saw no duplicate records, for example there is no CNAME or even A record and (another) CNAME record for the same name. Digging through the nsd.log file showed:

[2019-10-12 23:27:56.520] nsd[2300]: notice: nsd starting (NSD 4.1.17)
[2019-10-12 23:27:56.562] nsd[2313]: error: blockfish.info.txt.signed:97: CNAME and other data at the same name
[2019-10-12 23:27:56.562] nsd[2313]: error: blockfish.info.txt.signed:98: CNAME and other data at the same name
[2019-10-12 23:27:56.562] nsd[2313]: error: blockfish.info.txt.signed:103: CNAME and other data at the same name
[2019-10-12 23:27:56.562] nsd[2313]: error: blockfish.info.txt.signed:104: CNAME and other data at the same name
[2019-10-12 23:27:56.562] nsd[2313]: error: blockfish.info.txt.signed:129: CNAME and other data at the same name
[2019-10-12 23:27:56.562] nsd[2313]: error: blockfish.info.txt.signed:130: CNAME and other data at the same name
[2019-10-12 23:27:56.562] nsd[2313]: error: zone blockfish.info file blockfish.info.txt.signed read with 6 errors
[2019-10-12 23:27:56.563] nsd[2313]: notice: nsd started (NSD 4.1.17), pid 2300
[2019-10-12 23:28:04.059] nsd[2313]: warning: signal received, shutting down...
[2019-10-12 23:28:04.073] nsd[2387]: notice: nsd starting (NSD 4.1.17)
[2019-10-12 23:28:04.115] nsd[2397]: error: blockfish.info.txt.signed:97: CNAME and other data at the same name
[2019-10-12 23:28:04.115] nsd[2397]: error: blockfish.info.txt.signed:98: CNAME and other data at the same name
[2019-10-12 23:28:04.115] nsd[2397]: error: blockfish.info.txt.signed:103: CNAME and other data at the same name
[2019-10-12 23:28:04.115] nsd[2397]: error: blockfish.info.txt.signed:104: CNAME and other data at the same name
[2019-10-12 23:28:04.115] nsd[2397]: error: blockfish.info.txt.signed:129: CNAME and other data at the same name
[2019-10-12 23:28:04.115] nsd[2397]: error: blockfish.info.txt.signed:130: CNAME and other data at the same name
[2019-10-12 23:28:04.115] nsd[2397]: error: zone blockfish.info file blockfish.info.txt.signed read with 6 errors
[2019-10-12 23:28:04.116] nsd[2397]: notice: nsd started (NSD 4.1.17), pid 2387
[2019-10-12 23:28:24.766] nsd[2397]: warning: signal received, shutting down...
[2019-10-12 23:28:24.780] nsd[2431]: notice: nsd starting (NSD 4.1.17)
[2019-10-12 23:28:24.818] nsd[2443]: error: blockfish.info.txt.signed:97: CNAME and other data at the same name
[2019-10-12 23:28:24.818] nsd[2443]: error: blockfish.info.txt.signed:98: CNAME and other data at the same name
[2019-10-12 23:28:24.818] nsd[2443]: error: blockfish.info.txt.signed:103: CNAME and other data at the same name
[2019-10-12 23:28:24.818] nsd[2443]: error: blockfish.info.txt.signed:104: CNAME and other data at the same name
[2019-10-12 23:28:24.818] nsd[2443]: error: blockfish.info.txt.signed:129: CNAME and other data at the same name
[2019-10-12 23:28:24.818] nsd[2443]: error: blockfish.info.txt.signed:130: CNAME and other data at the same name
[2019-10-12 23:28:24.818] nsd[2443]: error: zone blockfish.info file blockfish.info.txt.signed read with 6 errors
[2019-10-12 23:28:24.818] nsd[2443]: notice: nsd started (NSD 4.1.17), pid 2431

Though I needed to regenerate, what appear to be, screwed up signed zone files. But they looked fine - but they weren’t. Could it be you cannot have TXT records for CNAME records? That worked earlier before the last round of updates. Alas no more.

Deleting the TXT records for the systems with CNAME records fixed the problem.

Leaving this table of woe behind so you, beleaguered reader, will fix this more quickly than I did.

But is this a Bug, how do you add Let’s Encrypt DNS-01 challenge TXT records for CNAME hosts if NSD falls over when you do?