Am 27.01.2016 um 00:46 schrieb Reindl Harald:
Am 27.01.2016 um 00:36 schrieb Darcy Kevin (FCA):Well, when I queried the name livetileedge.dsx.mp.microsoft.com, I got a CNAME chain where all of the links in the chain had TTLs of 300 seconds or less: livetileedge.dsx.mp.microsoft.com. 43 IN CNAME livetileedge.dsx.mp.microsoft.com.akadns.net. livetileedge.dsx.mp.microsoft.com.akadns.net. 300 IN CNAME livetileedge.dsx.mp.microsoft.com.edgekey.net. livetileedge.dsx.mp.microsoft.com.edgekey.net. 46 IN CNAME e1898.b.akamaiedge.net. e1898.b.akamaiedge.net. 20 IN A 23.201.56.85 Now, the Authority Section had NS records for b.akamaiedge.net, but that doesn't help mitigate future queries for {whatever}.microsoft.com, {whatever}.akadns.net or {whatever}.edgekey.net, so repeated queries of the same name will need to go back up to the roots again, whenever the TTLs expire (assuming nothing else queried names *directly* in those domains, or intermediate domains, through the same recursive resolver and thus populated relevant NS records). Yet another reason why chained CNAMEs are bad. But, it's hard to argue with a successful company whose whole business model is based on chaining CNAMEs. Who ever knew that violating Internet standards and/or best practices could be so profitable?violating what? complain at the vendor of your DNS cache or the device doing "DNS ALG" in front of you!
or better at the party set such a low TTL (e1898.b.akamaiedge.net.) which is *not* the result of the CNAMES
;; ANSWER SECTION: www.rhsoft.net. 3600 IN CNAME proxy.thelounge.net. proxy.thelounge.net. 3598 IN A 10.0.0.4 ;; ANSWER SECTION: www.rhsoft.net. 3600 IN CNAME proxy.thelounge.net. proxy.thelounge.net. 3598 IN A 10.0.0.4
;; ANSWER SECTION: livetileedge.dsx.mp.microsoft.com. 3581 IN CNAME livetileedge.dsx.mp.microsoft.com.akadns.net. livetileedge.dsx.mp.microsoft.com.akadns.net. 281 IN CNAME livetileedge.dsx.mp.microsoft.com.edgekey.net. livetileedge.dsx.mp.microsoft.com.edgekey.net. 281 IN CNAME e1898.b.akamaiedge.net. e1898.b.akamaiedge.net. 1 IN A 104.87.22.10 ;; ANSWER SECTION: livetileedge.dsx.mp.microsoft.com. 3580 IN CNAME livetileedge.dsx.mp.microsoft.com.akadns.net. livetileedge.dsx.mp.microsoft.com.akadns.net. 280 IN CNAME livetileedge.dsx.mp.microsoft.com.edgekey.net. livetileedge.dsx.mp.microsoft.com.edgekey.net. 280 IN CNAME e1898.b.akamaiedge.net. e1898.b.akamaiedge.net. 0 IN A 104.87.22.10 ;; ANSWER SECTION: livetileedge.dsx.mp.microsoft.com. 3579 IN CNAME livetileedge.dsx.mp.microsoft.com.akadns.net. livetileedge.dsx.mp.microsoft.com.akadns.net. 279 IN CNAME livetileedge.dsx.mp.microsoft.com.edgekey.net. livetileedge.dsx.mp.microsoft.com.edgekey.net. 279 IN CNAME e1898.b.akamaiedge.net. e1898.b.akamaiedge.net. 17 IN A 104.87.22.10
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
