1004 DNS Validation Error

[ahmaddxb]

I'm getting this error in the log when trying to create the cnames for domain.xyz and www.domainname.xyz

container rule value: Host(domainname.xyz,www.domainname.xyz) extracted_domains from rule: [u'domainname.xyz,www.domainname.xyz'] Found Container: 647e66db859869694c080e371cff0b9bba33e21850d439c5fe3b86a41eb818f7 with Hostname domainname.xyz,www.domainname.xyz ** domainname.xyz,www.domainname.xyz - 1004 DNS Validation Error

organizr container label is Host(domainname.xyz,www.domainname.xyz)

[tiredofit]

Are you using traefik 1 or 2? If possible lets see the labels component of your docker-compose.yml file or whatever you have.

[ahmaddxb]

traefik2

[ahmaddxb]

# Organizr - Unified Frontend
  organizr:
    container_name: organizr
    image: organizrtools/organizr-v2:latest
    restart: unless-stopped
    networks:
      - t2_proxy
    security_opt:
      - no-new-privileges:true
#    ports:
#      - "$ORGANIZR_PORT:80"
    volumes:
      - /srv/dev-disk-by-label-NAS/appdata/organizr/config:/config
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - TZ=$TZ
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.organizr-rtr.entrypoints=https"
      - "traefik.http.routers.organizr-rtr.rule=Host(`$DOMAINNAME`,`www.$DOMAINNAME`)" 
      - "traefik.http.routers.organizr-rtr.tls=true"
      ## Middlewares
      - "traefik.http.routers.organizr-rtr.middlewares=chain-no-auth@file" 
      ## HTTP Services
      - "traefik.http.routers.organizr-rtr.service=organizr-svc"
      - "traefik.http.services.organizr-svc.loadbalancer.server.port=80"

[tiredofit]

OK, you just have some syntax issues with the traefik labels. Try this:

traefik.http.routers.service.rule=Host(`host1.example.com`) || Host(`host2.example.com`) || Host(`host3.example.com`)

[ahmaddxb]

Thanks that worked

[jo-me]

Had the same issue but the workaround did not work because the 2 host names did not come from the same domain. One host name was the cloudflare domain and the other one a duckdns one. It stumbled over the duckdns domain and did not create cnames for the cloudflare part:

today at 10:37 AM extracted_domains from rule:  [u'{host:.+}']
today at 10:37 AM Found Container: 2b1ef840ac7be22a7f9e9d71c0d42c5e88ca185e32e502fc83fd85d076eca8b9 with Hostname {host:.+}
today at 10:37 AM container rule value:  Host(`traefik.something.de`) || Host(`traefik.something.duckdns.org`)
today at 10:37 AM extracted_domains from rule:  [u'traefik.something.duckdns.org']
today at 10:37 AM Found Container: 2b1ef840ac7be22a7f9e9d71c0d42c5e88ca185e32e502fc83fd85d076eca8b9 with Hostname traefik.something.duckdns.org

I think there needs to be an additional check against the domain(s) specified in the companions env variables so that e.g. duckdns or other non-cloudflare domains can be skipped.

[jo-me]

OK, you just have some syntax issues with the traefik labels. Try this:

traefik.http.routers.service.rule=Host(`host1.example.com`) || Host(`host2.example.com`) || Host(`host3.example.com`)

FYI, thats not an syntax issue. It is what traefik2 is suggesting in the docs:

See the available matchers here: https://docs.traefik.io/routing/routers/

[anandslab]

This PR should address it: https://github.com/tiredofit/docker-traefik-cloudflare-companion/pull/15

[jathek]

I have a Host rule in the || format that Cloudflare Companion expects and it still throws a 1004 error when encountering my root domain. Is it possible that the code can't parse the root domain because it doesn't have a subdomain?

My rule:

- "traefik.http.routers.organizr-rtr.rule=HostHeader(`organizr.$DOMAINNAME`) || HostHeader(`www.$DOMAINNAME`) || HostHeader(`$DOMAINNAME`)"

First two are parsed fine, the last one throws a 1004 error.

EDIT: I enabled debug logs and I think I see something that might cause an issue?

2020-09-20T06:40:40.796794552Z [info] Found Container ID: dcb28d022a374612478c77dac64fc54be3c100a83a32705acd5730a2eb01828a with Multi-Hostname example.com
2020-09-20T06:40:40.798406121Z 2020-09-20 01:40:40,796 - Python Cloudflare API v4 - DEBUG - Call: emulated curl command ...
2020-09-20T06:40:40.798546486Z        curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records?name=example.com" \
2020-09-20T06:40:40.798641955Z             -H "User-Agent: python-cloudflare/2.8.13/python-requests/2.24.0/python/3.8.5" \
2020-09-20T06:40:40.798674038Z             -H "Content-Type: application/json" \
2020-09-20T06:40:40.798741903Z             -H "Authorization: REDACTED" 
2020-09-20T06:40:40.934313932Z 2020-09-20 01:40:40,933 - Python Cloudflare API v4 - DEBUG - Response: 200, application/json, b'{"result":[{"id":"$RECORD_ID","zone_id":"$ZONE_ID","zone_name":"example.com","name":"example.com","type":"A","content":"98.253.43.26","proxiable":true,"proxied":true,"ttl":1,"locked":false,"meta":{"auto_added":false,"managed_by_apps":false,"managed_by_argo_tunnel":false,"source":"primary"},"created_on":"2020-09-20T06:15:17.720944Z","modified_on":"2020-09-20T06:15:17.720944Z"},{"id":"$RECORD_ID2","zone_id":"$ZONE_ID","zone_name":"example.com","name":"example.com","type":"TXT","content":"v=spf1 mx ~all","proxiable":false,"proxied":false,"ttl":1,"locked":false,"meta":{"auto_added":false,"managed_by_apps":false,"managed_by_argo_tunnel":false,"source":"primary"},"created_on":"2020-08-18T22:14:26.696523Z","modified_on":"2020-08-18T22:14:26.696523Z"}],"success":true,"errors":[],"messages":[],"result_info":{"page":1,"per_page":20,"count":2,"total_count":2,"total_pages":1}}'
2020-09-20T06:40:40.935163622Z 2020-09-20 01:40:40,934 - Python Cloudflare API v4 - DEBUG - Response: [{'id': '$RECORD_ID', 'zone_id': '$ZONE_ID', 'zone_name': 'example.com', 'name': 'example.com', 'type': 'A', 'content': '98.253.43.26', 'proxiable': True, 'proxied': True, 'ttl': 1, 'locked': False, 'meta': {'auto_added': False, 'managed_by_apps': False, 'managed_by_argo_tunnel': False, 'source': 'primary'}, 'created_on': '2020-09-20T06:15:17.720944Z', 'modified_on': '2020-09-20T06:15:17.720944Z'}, {'id': '$RECORD_ID2', 'zone_id': '$ZONE_ID', 'zone_name': 'example.com', 'name': 'example.com', 'type': 'TXT', 'content': 'v=spf1 mx ~all', 'proxiable': False, 'proxied': False, 'ttl': 1, 'locked': False, 'meta': {'auto_added': False, 'managed_by_apps': False, 'managed_by_argo_tunnel': False, 'source': 'primary'}, 'created_on': '2020-08-18T22:14:26.696523Z', 'modified_on': '2020-08-18T22:14:26.696523Z'}]
2020-09-20T06:40:40.936173731Z 2020-09-20 01:40:40,935 - Python Cloudflare API v4 - DEBUG - Call: emulated curl command ...
2020-09-20T06:40:40.936320502Z        curl -X POST "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records" \
2020-09-20T06:40:40.936356648Z             -H "User-Agent: python-cloudflare/2.8.13/python-requests/2.24.0/python/3.8.5" \
2020-09-20T06:40:40.936388210Z             -H "Content-Type: application/json" \
2020-09-20T06:40:40.936418679Z             -H "Authorization: REDACTED" \
2020-09-20T06:40:40.936448263Z             --data '{'type': 'CNAME', 'name': 'example.com', 'content': 'example.com', 'ttl': '1', 'proxied': True}' 
2020-09-20T06:40:41.110646948Z 2020-09-20 01:40:41,109 - Python Cloudflare API v4 - DEBUG - Response: 400, application/json, b'{"result":null,"success":false,"errors":[{"code":1004,"message":"DNS Validation Error","error_chain":[{"code":9039,"message":"CNAME content cannot reference itself"}]}],"messages":[]}'
2020-09-20T06:40:41.111994349Z 2020-09-20 01:40:41,110 - Python Cloudflare API v4 - DEBUG - Response: error 9039 CNAME content cannot reference itself - chain
2020-09-20T06:40:41.113061853Z 2020-09-20 01:40:41,111 - Python Cloudflare API v4 - DEBUG - Response: error 1004 DNS Validation Error
2020-09-20T06:40:41.113257374Z ** example.com - 1004 DNS Validation Error

The curl is trying to set a CNAME record for example.com pointing to example.com. I think that's why the errors are saying that CNAME can't reference itself.

Probably Cloudflare Companion should just ignore any parsed hostname that is an exact match for the TARGET_DOMAIN environment variable.

EDIT 2: I got rid of the error by changing TARGET_DOMAIN=$DOMAIN to TARGET_DOMAIN=ddns.$DOMAIN. Now when it tries to create a CNAME for example.com it will point to ddns.example.com so Cloudflare won't mind. But probably the container should still have a contingency for when TARGET_DOMAIN is equal to the CNAME name. If this contingency isn't put in place then it will cause issues with #13, since ddns will now need to be whitelisted and ignored somehow.