The nameservers for securityplusfcuhb.flb.intuit.com are broken.
dig securityplusfcuhb.flb.intuit.com @flbflb-gtm-qydc.intuit.com ns -> NXDOMAIN
dig securityplusfcuhb.flb.intuit.com @flbflb-gtm-qydc.intuit.com a -> CNAME
dig securityplusfcuhb.flb.intuit.com @flbflb-gtm-qydc.intuit.com aaaa -> NODATA
dig securityplusfcuhb.flb.intuit.com @flbflb-gtm-qydc.intuit.com cname ->
NXDOMAIN
A properly functioning, RFC 1034 [1] compliant, nameserver will
return CNAME to all these queries as there is a CNAME record in the
zone at that name. intuit.com need to complain to their nameserver
vendor to get it fixed. They also need to complain that the EDNS
handling [2] is broken as they the servers fail to correctly handle
EDNS versions other than 0 and they fail to correctly handle unknown
EDNS options.
dig securityplusfcuhb.flb.intuit.com @flbflb-gtm-qydc.intuit.com a +edns=1
-> fails to respond. The correct answer is BADVERS.
dig securityplusfcuhb.flb.intuit.com @flbflb-gtm-qydc.intuit.com a +ednsopt=200
-> incorrectly returns unknown EDNS options.
Mark
[1] http://tools.ietf.org/html/rfc1034
[2] http://tools.ietf.org/html/rfc6891
In message <f80b214c2304c641b917b47051d743c4201b6cc...@hq-mb-08.ba.ad.ssa.gov>,
"Tracy, Tedd C. Contractor" writes:
>
> I'm having problems querying one particular domain with BIND 9.10.0-P2 if p=
> refetch is enabled. I have been able to duplicate the problem from multiple=
> servers running 9.10.0-P2 with different operating systems but I have not =
> been able to duplicate the problem with any other domains (yet, I'm still t=
> rying),
>
> The domain that shows the problem is www.securityplusfcuhb.org<http://www.s=
> ecurityplusfcuhb.org>. It is a CNAME that points to a CNAME that points to =
> an A record:
> ;; QUESTION SECTION:
> ;www.securityplusfcuhb.org. IN A
>
> ;; ANSWER SECTION:
> www.securityplusfcuhb.org. 86399 IN CNAME securityplusfcuhb.flb.intui=
> t.com.
> securityplusfcuhb.flb.intuit.com. 30 IN CNAME 03845.olb.prd1.flb.digitali=
> nsight.com.
> 03845.olb.prd1.flb.digitalinsight.com. 30 IN A 199.102.151.76
>
> As long as no queries are performed at a time that would trigger a prefetch=
> , everything is fine. If a query is performed at a time that does trigger a=
> prefetch, all subsequent queries return NXDOMAIN.
> dig @localhost a www.securityplusfcuhb.org
>
> ; <<>> DiG 9.10.0-P2 <<>> @localhost a www.securityplusfcuhb.org
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49996
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;www.securityplusfcuhb.org. IN A
>
> ;; ANSWER SECTION:
> www.securityplusfcuhb.org. 86187 IN CNAME securityplusfcuhb.flb.intui=
> t.com.
>
> ;; AUTHORITY SECTION:
> flb.intuit.com. 597 IN SOA flbflb-gtm-qydc.intuit.com.=
> hostmaster.flb.intuit.com. 2014022110 10800 3600 604800 86400
>
> Flushing the cache fixes the problem. Disabling prefetch prevents the probl=
> em from happening.
>
>
> Tedd
>
> --_000_F80B214C2304C641B917B47051D743C4201B6CCDE4HQMB08baadssa_
> Content-Type: text/html; charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
> osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
> xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; xmlns=3D"http:=
> //www.w3.org/TR/REC-html40"><head><meta http-equiv=3DContent-Type content=
> =3D"text/html; charset=3Dus-ascii"><meta name=3DGenerator content=3D"Micros=
> oft Word 14 (filtered medium)"><style><!--
> /* Font Definitions */
> @font-face
> {font-family:Calibri;
> panose-1:2 15 5 2 2 2 4 3 2 4;}
> /* Style Definitions */
> p.MsoNormal, li.MsoNormal, div.MsoNormal
> {margin:0in;
> margin-bottom:.0001pt;
> font-size:11.0pt;
> font-family:"Calibri","sans-serif";}
> a:link, span.MsoHyperlink
> {mso-style-priority:99;
> color:blue;
> text-decoration:underline;}
> a:visited, span.MsoHyperlinkFollowed
> {mso-style-priority:99;
> color:purple;
> text-decoration:underline;}
> span.EmailStyle17
> {mso-style-type:personal-compose;
> font-family:"Calibri","sans-serif";
> color:windowtext;}
> .MsoChpDefault
> {mso-style-type:export-only;
> font-family:"Calibri","sans-serif";}
> @page WordSection1
> {size:8.5in 11.0in;
> margin:1.0in 1.0in 1.0in 1.0in;}
> div.WordSection1
> {page:WordSection1;}
> --></style><!--[if gte mso 9]><xml>
> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
> </xml><![endif]--><!--[if gte mso 9]><xml>
> <o:shapelayout v:ext=3D"edit">
> <o:idmap v:ext=3D"edit" data=3D"1" />
> </o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue vli=
> nk=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal>I’m having=
> problems querying one particular domain with BIND 9.10.0-P2 if prefetch is=
> enabled. I have been able to duplicate the problem from multiple servers r=
> unning 9.10.0-P2 with different operating systems but I have not been able =
> to duplicate the problem with any other domains (yet, I’m still tryin=
> g), <o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMso=
> Normal>The domain that shows the problem is <a href=3D"http://www.securityp=
> lusfcuhb.org">www.securityplusfcuhb.org</a>. It is a CNAME that points to a=
> CNAME that points to an A record:<o:p></o:p></p><p class=3DMsoNormal>;; QU=
> ESTION SECTION:<o:p></o:p></p><p class=3DMsoNormal>;www.securityplusfcuhb.o=
> rg. IN A<o:p></o:p></=
> p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>;; ANSWER =
> SECTION:<o:p></o:p></p><p class=3DMsoNormal>www.securityplusfcuhb.org. 8639=
> 9 IN CNAME securityplusfcuhb.flb.intuit=
> .com.<o:p></o:p></p><p class=3DMsoNormal>securityplusfcuhb.flb.intuit.com. =
> 30 IN CNAME 03845.olb.prd1.flb.digitalinsight.com.<o:p></o:p></=
> p><p class=3DMsoNormal>03845.olb.prd1.flb.digitalinsight.com. 30 IN A =
> 199.102.151.76<o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p =
> class=3DMsoNormal>As long as no queries are performed at a time that would =
> trigger a prefetch, everything is fine. If a query is performed at a time t=
> hat does trigger a prefetch, all subsequent queries return NXDOMAIN.<o:p></=
> o:p></p><p class=3DMsoNormal>dig @localhost a www.securityplusfcuhb.org<o:p=
> ></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>;=
> <<>> DiG 9.10.0-P2 <<>> @localhost a www.securityp=
> lusfcuhb.org<o:p></o:p></p><p class=3DMsoNormal>; (2 servers found)<o:p></o=
> :p></p><p class=3DMsoNormal>;; global options: +cmd<o:p></o:p></p><p class=
> =3DMsoNormal>;; Got answer:<o:p></o:p></p><p class=3DMsoNormal>;; ->>=
> HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49996<o:p></o:p></p><p=
> class=3DMsoNormal>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, A=
> DDITIONAL: 1<o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p cla=
> ss=3DMsoNormal>;; OPT PSEUDOSECTION:<o:p></o:p></p><p class=3DMsoNormal>; E=
> DNS: version: 0, flags:; udp: 4096<o:p></o:p></p><p class=3DMsoNormal>;; QU=
> ESTION SECTION:<o:p></o:p></p><p class=3DMsoNormal>;www.securityplusfcuhb.o=
> rg. IN A<o:p></o:p></=
> p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal>;; ANSWER =
> SECTION:<o:p></o:p></p><p class=3DMsoNormal>www.securityplusfcuhb.org. 8618=
> 7 IN CNAME securityplusfcuhb.flb.intuit=
> .com.<o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMs=
> oNormal>;; AUTHORITY SECTION:<o:p></o:p></p><p class=3DMsoNormal>flb.intuit=
> .com. 597 =
> IN SOA flbflb-=
> gtm-qydc.intuit.com. hostmaster.flb.intuit.com. 2014022110 10800 3600 60480=
> 0 86400<o:p></o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3D=
> MsoNormal>Flushing the cache fixes the problem. Disabling prefetch prevents=
> the problem from happening. <o:p></o:p></p><p class=3DMsoNormal><o:p> =
> ;</o:p></p><p class=3DMsoNormal><o:p> </o:p></p><p class=3DMsoNormal><=
> b><span style=3D'color:#1F497D'>Tedd </span></b><o:p></o:p></p></div></body=
> ></html>=
>
> --_000_F80B214C2304C641B917B47051D743C4201B6CCDE4HQMB08baadssa_--
>
> --===============2013608274312288261==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --===============2013608274312288261==--
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
