For what little it's worth, I've seen this somewhat even on 9.8 (it's not new), though increasingly on 9.9...not saying it's BIND specific, just that I've hit these kind of annoyances with remote servers awhile now.
I've tried explaining this on numerous internal email threads, tickets, webex (calls are great), etc...but it is quite frustrating, because so long as reasonably savvy users can "dig @8.8.8.8" and get a response, they don't believe your server isn't broken. From: IDS Submit <sub...@ids.it<mailto:sub...@ids.it>> Date: Wednesday, October 22, 2014 at 6:30 AM To: "bind-us...@isc.org<mailto:bind-us...@isc.org>" <bind-us...@isc.org<mailto:bind-us...@isc.org>> Subject: Again question about edns (like swupdl.adobe.com) Good morning, with www.acer.it<http://www.acer.it> I have the same problem as swupdl.adobe.com NXDOMAIN with bind 9.10 but NOERROR with Google DNS I have read the Mark Andrews reply on july 4 2014: ------------------------------------------------------------------ It looks like nameserver vendors are not doing even rudimentry checks like those above. DiG has thos options so that we could perform checks like these. Until Adobe fix their broken servers you can use a server clause to disable sending SIT requests to them. Obviously this does not scale. server <address> { request-sit no; }; Mark ------------------------------------------------------------------ But this doesn’t solve the problem on others domains … … should be possible enable “request-sit no” for all domains and not manually add it? Because I think there are lot of domains with this problem :( ------------------------------------------------------------------ \Server\Bind\bin\dig.exe @81.174.15.142 www.acer.it ; <<>> DiG 9.10.1 <<>> @81.174.15.142 www.acer.it ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42228 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.acer.it. IN A ;; ANSWER SECTION: www.acer.it. 300 IN CNAME public-akamai.gtm.acer.com. ;; AUTHORITY SECTION: gtm.acer.com. 60 IN SOA gtm1.acer.com. hostmaster.gtm1.acer.com. 482 10800 3600 604800 60 ;; Query time: 572 msec ;; SERVER: 81.174.15.142#53(81.174.15.142) ;; WHEN: Wed Oct 22 12:13:12 ora legale Europa occidentale 2014 ;; MSG SIZE rcvd: 132 ------------------------------------------------------------------ ------------------------------------------------------------------ \Server\Bind\bin\dig.exe @8.8.8.8 www.acer.it ; <<>> DiG 9.10.1 <<>> @8.8.8.8 www.acer.it ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34510 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.acer.it. IN A ;; ANSWER SECTION: www.acer.it. 281 IN CNAME public-akamai.gtm.acer.com. public-akamai.gtm.acer.com. 11 IN CNAME www.acer.com.edgesuite.net. www.acer.com.edgesuite.net. 12306 IN CNAME a492.b.akamai.net. a492.b.akamai.net. 19 IN A 88.149.196.137 a492.b.akamai.net. 19 IN A 88.149.196.145 ;; Query time: 60 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Wed Oct 22 12:14:02 ora legale Europa occidentale 2014 ;; MSG SIZE rcvd: 180 ------------------------------------------------------------------ Thanks in advance and best regards Staff IDS
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
