GitLab Pages DNS TXT propagation

I changed the TXT record of my domain well over 24 hours ago and I am getting the correct domain and registrar in the output but for some reason it doesn’t show the correct value, and instead the “IN SOA” with the nameserver is shown. I guess this is why the verification doesn’t work either. Do I maybe have to adjust the nameservers to the GitLab pages server as well?

dig _gitlab-pages-verification-code.ide-san.de TXT

; <<>> DiG 9.10.6 <<>> _gitlab-pages-verification-code.ide-san.de TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14418
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_gitlab-pages-verification-code.ide-san.de. IN TXT

;; AUTHORITY SECTION:
ide-san.de.		3600	IN	SOA	ns1.first-ns.de. postmaster.robot.first-ns.de. 2019112602 86400 10800 3600000 86400

;; Query time: 59 msec
;; SERVER: 192.168.178.222#53(192.168.178.222)
;; WHEN: Wed Nov 27 11:46:45 CET 2019
;; MSG SIZE  rcvd: 137


The solution here didn’t work for me.

Hi,

the AUTHORITY section is always added in case of errors. opcode: QUERY, status: NXDOMAIN is important, NXDOMAIN says that the requested record does not exist.

Neither does it return anything else with any instead of TXT.

Reading the docs entry it would be interesting to know whether your subdomain is using an A or CNAME record. Can you share these details? A screenshot of your current provider settings web interface also is sufficient.

Also, the zone has a TTL of 86400 (1d). This could be lowered to e.g. 3600 for changes like this to allow resolvers to update this more frequently.

Cheers,
Michael

Hi! :slight_smile:

I did set up an A record AND a CNAME at the same time before. I tried out different things and removed the A, or the CNAME. But could well be that I didn’t wait long enough for the changes to take effect.

Right now it’s like this:

Hi,

if I understand the docs correctly you’d

  • either have an A record and put the TXT record right into the same zone, no sub entry.
  • or you’ll create a CNAME pointing to a subdomain, and then use the _gitlab-pages-verification-code sub entry.

Is ide-san.de the primary FQDN where you’d want to access GitLab pages from? If so, try adding a TXT entry in the main @ area.

@  IN TXT "gitlab-pages-verification=...."

Cheers,
Michael

1 Like

Wow. Thanks. That actually was the cause.

I’ve been reading different docs though. Apparently there’s some discrepancy between the two.

That’s the link provided on the domain edit page of gitlab pages, where it says “Learn more about adding certificates to your project by following the documentation on GitLab Pages.

screenshot2

1 Like

Oh. Yeah, I’ve noticed that with the CI help as well. I’ll open an issue to help align them.

Funny thing is, that I have never used GitLab pages til now. I just have a strong DNS background from my former employer :slight_smile: Glad this worked out so well for your :heart:

Cheers,
Michael