On 9/18/2012 12:59 PM, M. Meadows wrote:

Thanks Kevin. I understand how the chained alias works. Sorry, I didn't explain my question very well.

I can see that the 8.8.8.8 google public dns server gets an answer.

I know that this domain has a cname coexisting with an SOA record and NS records ... both of which I have read are a bad thing. And I've seen the other reply that indicates that this combination of records in a zone file wouldn't even load in BIND ... so it's done with some other more forgiving DNS app.

What I also see (but failed to explain) is that we have a local nameserver that can't find an answer to the dig www.careerone.com.au query. Gets no record back. Our local nameserver is an AD server that just throws up its imaginary hands in despair. So is this what we should expect from this problematic DNS setup in the www.careerone.com.au zone file? Erratic or somewhat erratic results? Just curious why google and some other public facing dns servers get an answer when our own local nameserver can't figure it out.



------------------------------------------------------------------------
Date: Tue, 18 Sep 2012 11:18:58 -0400
From: k...@chrysler.com
To: bind-users@lists.isc.org
Subject: Re: question about how a particular dig works ...

On 9/18/2012 9:45 AM, M. Meadows wrote:


    dig www.careerone.com.au <http://www.careerone.com.au> +short @8.8.8.8
    www.careerone.com.au.edgesuite.net
    <http://www.careerone.com.au.edgesuite.net>.
    a903.g.akamai.net.
    208.44.23.99
    208.44.23.121

    Why does the above dig work when

    dig careerone.com.au +nssearch @8.8.8.8
    SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
    86400 1200 from server usw1.akam.net in 106 ms.
    SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
    86400 1200 from server usw4.akam.net in 136 ms.
    SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
    86400 1200 from server usc4.akam.net in 124 ms.
    SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
    86400 1200 from server usc1.akam.net in 40 ms.
    SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
    86400 1200 from server usw5.akam.net in 190 ms.
    SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
    86400 1200 from server ns1-24.akam.net in 171 ms.
    SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
    86400 1200 from server asia1.akam.net in 161 ms.
    SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
    86400 1200 from server ns1-50.akam.net in 161 ms.

    shows 8 auth nameservers for careerone.com.au

    and if you use

    dig www.careerone.com.au <http://www.careerone.com.au> +short
    @<any of the 8 auth nameservers>

    you get no answer.

    How does that work? Where does the 8.8.8.8 google public dns
    server get its answer from?

www.careerone.com.au <http://www.careerone.com.au> is an alias (through chained aliasing) ultimately to a903.g.akamai.net. To get an authoritative answer for a903g.akamai.net you'd need to ask one of the g.akamai.net nameservers. Which is presumably what Google's public resolver did to get the answers it returned to your query.

It's possible that the CNAME-and-other error is causing Microsoft DNS to choke. Can you dump the cache on that box and see if it has records other than the CNAME?

Another possibility is that the CNAME chain is giving Microsoft DNS fits, although Akamai has been doing that for years and it seems to mostly work, despite being technically a violation of standards.

I don't know much about troubleshooting Microsoft DNS resolution problems, and I doubt many others on this list can (or would be willing to) help either. Maybe try a Microsoft list?

                                                    - Kevin
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to