On 9/18/2012 12:59 PM, M. Meadows wrote:
Thanks Kevin. I understand how the chained alias works. Sorry, I
didn't explain my question very well.
I can see that the 8.8.8.8 google public dns server gets an answer.
I know that this domain has a cname coexisting with an SOA record and
NS records ... both of which I have read are a bad thing. And I've
seen the other reply that indicates that this combination of records
in a zone file wouldn't even load in BIND ... so it's done with some
other more forgiving DNS app.
What I also see (but failed to explain) is that we have a local
nameserver that can't find an answer to the dig www.careerone.com.au
query. Gets no record back. Our local nameserver is an AD server that
just throws up its imaginary hands in despair. So is this what we
should expect from this problematic DNS setup in the
www.careerone.com.au zone file? Erratic or somewhat erratic results?
Just curious why google and some other public facing dns servers get
an answer when our own local nameserver can't figure it out.
------------------------------------------------------------------------
Date: Tue, 18 Sep 2012 11:18:58 -0400
From: k...@chrysler.com
To: bind-users@lists.isc.org
Subject: Re: question about how a particular dig works ...
On 9/18/2012 9:45 AM, M. Meadows wrote:
dig www.careerone.com.au <http://www.careerone.com.au> +short @8.8.8.8
www.careerone.com.au.edgesuite.net
<http://www.careerone.com.au.edgesuite.net>.
a903.g.akamai.net.
208.44.23.99
208.44.23.121
Why does the above dig work when
dig careerone.com.au +nssearch @8.8.8.8
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
86400 1200 from server usw1.akam.net in 106 ms.
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
86400 1200 from server usw4.akam.net in 136 ms.
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
86400 1200 from server usc4.akam.net in 124 ms.
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
86400 1200 from server usc1.akam.net in 40 ms.
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
86400 1200 from server usw5.akam.net in 190 ms.
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
86400 1200 from server ns1-24.akam.net in 171 ms.
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
86400 1200 from server asia1.akam.net in 161 ms.
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3600 1200
86400 1200 from server ns1-50.akam.net in 161 ms.
shows 8 auth nameservers for careerone.com.au
and if you use
dig www.careerone.com.au <http://www.careerone.com.au> +short
@<any of the 8 auth nameservers>
you get no answer.
How does that work? Where does the 8.8.8.8 google public dns
server get its answer from?
www.careerone.com.au <http://www.careerone.com.au> is an alias
(through chained aliasing) ultimately to a903.g.akamai.net. To get an
authoritative answer for a903g.akamai.net you'd need to ask one of the
g.akamai.net nameservers. Which is presumably what Google's public
resolver did to get the answers it returned to your query.
It's possible that the CNAME-and-other error is causing Microsoft DNS to
choke. Can you dump the cache on that box and see if it has records
other than the CNAME?
Another possibility is that the CNAME chain is giving Microsoft DNS
fits, although Akamai has been doing that for years and it seems to
mostly work, despite being technically a violation of standards.
I don't know much about troubleshooting Microsoft DNS resolution
problems, and I doubt many others on this list can (or would be willing
to) help either. Maybe try a Microsoft list?
- Kevin
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
