proxmox/reports/status/DNS_ISSUES_SUMMARY.md

DNS Issues Summary & Resolution

Critical Issues Found in DNS Zone File

Issue 1: Shared Tunnel Without Proper Configuration ⚠️ CRITICAL

9 hostnames pointing to tunnel 10ab22da-8ea3-4e2e-a896-27ece2211a05:

• dbis-admin.d-bis.org
• dbis-api.d-bis.org
• dbis-api-2.d-bis.org
• mim4u.org.d-bis.org
• www.mim4u.org.d-bis.org
• rpc-http-prv.d-bis.org
• rpc-http-pub.d-bis.org
• rpc-ws-prv.d-bis.org
• rpc-ws-pub.d-bis.org

Problem: Tunnel likely doesn't have ingress rules for all hostnames, causing routing failures.

Solution: Run ./fix-shared-tunnel.sh to create proper configuration.

Issue 2: Extremely Low TTL Values ⚠️

All CNAME records have TTL of 1 second.

Problem:

• Aggressive DNS cache invalidation
• High DNS query load
• Potential resolution delays

Solution: Update TTL to 300 (5 min) or 3600 (1 hour) in Cloudflare Dashboard.

Issue 3: Mixed Proxy Status ⚠️

Most records: cf-proxied:true (orange cloud)
One record: sip.d-bis.org has cf-proxied:false (grey cloud)

Impact: Inconsistent security/protection.

What's Working ✅

• Proxmox tunnels (ml110-01, r630-01, r630-02) - each has separate tunnel
• Explorer tunnel - separate tunnel ID
• External services (ipfs, tokens, etc.) - correctly configured

Quick Fix

# 1. Fix tunnel configuration
./fix-shared-tunnel.sh

# 2. Update TTL in Cloudflare Dashboard
# Go to: DNS → Records → Edit each CNAME → TTL: 300

# 3. Verify
curl -I https://dbis-admin.d-bis.org
curl -I https://rpc-http-pub.d-bis.org

Files Created

• DNS_ANALYSIS.md - Detailed DNS analysis
• DNS_CONFLICT_RESOLUTION.md - Complete resolution plan
• fix-shared-tunnel.sh - Automated fix script
• DNS_ISSUES_SUMMARY.md - This summary