Greetings,
Query the list, any verification or pointers appreciated. We are having
dns issues for prod.msocdn.com starting on Monday 11/7/2016 and I just
thought it was DNSSEC issue on their end but not so sure anymore.
Doing dig +cd on prod.msocnd.com will get the CNAME, without +cd either
timeout or SERVFAIL depending on version of bind. Used
dnssec-debugger.versignlabs.com on prod.msocdn.com and not sure, looks
like the problem is in dspg.akamaiedge.net?
Doing dig with +trace and I will get it resolve to the CNAME, do
flushname or a restart the named service same results, timeout or
SERFAIL without using either +cd or +trace. I would think the +trace
should fail also, it is not so I do not understand the +trace, if not
bad cache on local server?
$ dig prod.msocdn.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> prod.msocdn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48931
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;prod.msocdn.com. IN A
;; Query time: 0 msec
;; WHEN: Tue Nov 08 19:07:26 EST 2016
;; MSG SIZE rcvd: 44
$ dig +cd prod.msocdn.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> +cd prod.msocdn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9519
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 3, AUTHORITY: 9, ADDITIONAL: 10
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;prod.msocdn.com. IN A
;; ANSWER SECTION:
prod.msocdn.com. 2446 IN CNAME
wildcard.msocdn.com.edgekey.net.
wildcard.msocdn.com.edgekey.net. 254 IN CNAME e7566.dspg.akamaiedge.net.
e7566.dspg.akamaiedge.net. 20 IN A 104.95.43.11
;; AUTHORITY SECTION:
dspg.akamaiedge.net. 2570 IN NS n7dspg.akamaiedge.net.
dspg.akamaiedge.net. 2570 IN NS a0dspg.akamaiedge.net.
dspg.akamaiedge.net. 2570 IN NS n6dspg.akamaiedge.net.
dspg.akamaiedge.net. 2570 IN NS n1dspg.akamaiedge.net.
dspg.akamaiedge.net. 2570 IN NS n4dspg.akamaiedge.net.
dspg.akamaiedge.net. 2570 IN NS n2dspg.akamaiedge.net.
dspg.akamaiedge.net. 2570 IN NS n0dspg.akamaiedge.net.
dspg.akamaiedge.net. 2570 IN NS n3dspg.akamaiedge.net.
dspg.akamaiedge.net. 2570 IN NS n5dspg.akamaiedge.net.
;; ADDITIONAL SECTION:
n1dspg.akamaiedge.net. 4570 IN A 209.48.71.60
n0dspg.akamaiedge.net. 2570 IN A 209.8.212.110
n2dspg.akamaiedge.net. 6570 IN A 88.221.81.194
a0dspg.akamaiedge.net. 2570 IN AAAA 2600:1480:e800::c0
n6dspg.akamaiedge.net. 4570 IN A 165.254.211.13
n4dspg.akamaiedge.net. 6570 IN A 165.254.211.15
n5dspg.akamaiedge.net. 2570 IN A 165.254.211.14
n7dspg.akamaiedge.net. 6570 IN A 165.254.211.12
n3dspg.akamaiedge.net. 4570 IN A 165.254.211.20
;; Query time: 16 msec
;; WHEN: Tue Nov 08 19:08:02 EST 2016
;; MSG SIZE rcvd: 486
$ dig +trace prod.msocdn.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> +trace prod.msocdn.com
;; global options: +cmd
. 518400 IN NS c.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS m.root-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 86400 IN DS 30909 8 2
E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400
20161121170000 20161108160000 39291 .
LrjXDpxTfGiAFM4bh8ZWwLhxMP79By8w2b+Wuyw48FUOl+EbWHD7JLOL
GcdcTH2Z+1oOmUOnyrFA1dq+0TFuI0jy4BX6zkykRrkf4YFNvtflfCRp
opWatmjGwwCX1DZn0yxDd8vuBar73p0+K28bpH3a2fGu8NODZywyYubN
X1nU/4Cs0uafBG3HXR6C8MjEPu8I2iPUGxANiIkkw/np5yr1cxn3K2zl
vONiJexlYxdfUzW3yfLkM3wixZz9rZ72ff+MVRRAFeUOLOAU8L4Sji/G
8FzlwlcTwN9l2+mO/gyFrojaJ0HoKsrmAYXrvmlOXP7keYEdEhmubVnJ BrTrJg==
;; Received 867 bytes from 199.7.83.42#53(l.root-servers.net) in 45 ms
msocdn.com. 172800 IN NS ns3.msft.net.
msocdn.com. 172800 IN NS ns1.msft.net.
msocdn.com. 172800 IN NS ns2.msft.net.
msocdn.com. 172800 IN NS ns4.msft.net.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 -
CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400
20161114055008 20161107044008 6404 com.
pgUe+C0MkE3YpHOLxmEr0sBcllzV/oTWxCee/DRg68rF7bUZ4o4f7VOE
NJ8WNDFGoQNdowfFR0Ln3IJN/CTCunuLgC/YqFHGjuogGA6F6XlOx+EF
x/XhPS5fTxMt0EraCwaLinE9R3YFfRInv3AsORaCPJYyECk5vdNxQqsz pmY=
C0D086TPF77JBIMRRN5RKFSD4KB5NCF5.com. 86400 IN NSEC3 1 1 0 -
C0D1QG1AT33V34BJ7SLMFG6B4G1M7R6F NS DS RRSIG
C0D086TPF77JBIMRRN5RKFSD4KB5NCF5.com. 86400 IN RRSIG NSEC3 8 2 86400
20161114053547 20161107042547 6404 com.
ltTiLwI1RsuxhHEmE1hA/U87d/eYl83Dfu9tmy7yW3RIJAPPMnx1/o/t
Ma6wwpfeLgSFSsULtMP9Zgn6a/K4pO2I7+IiU2yxeq4MGuLcFtBWCzvi
ddoIzUlDCfb4mr2MwoTZVBFY0ohSXL8wk2OU0j9vK8efjsEbO6u1wAzT LUk=
;; Received 785 bytes from 192.5.6.30#53(a.gtld-servers.net) in 113 ms
prod.msocdn.com. 3600 IN CNAME
wildcard.msocdn.com.edgekey.net.
;; Received 89 bytes from 208.84.0.53#53(ns1.msft.net) in 74 ms
~Older version of bind does timeout
# dig prod.msocdn.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.2 <<>> prod.msocdn.com
;; global options: +cmd
;; connection timed out; no servers could be reached
# dig +cd prod.msocdn.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.2 <<>> +cd prod.msocdn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13182
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 3, AUTHORITY: 9, ADDITIONAL: 9
;; QUESTION SECTION:
;prod.msocdn.com. IN A
;; ANSWER SECTION:
prod.msocdn.com. 1842 IN CNAME
wildcard.msocdn.com.edgekey.net.
wildcard.msocdn.com.edgekey.net. 300 IN CNAME e7566.dspg.akamaiedge.net.
e7566.dspg.akamaiedge.net. 20 IN A 104.95.89.140
;; AUTHORITY SECTION:
dspg.akamaiedge.net. 1966 IN NS n1dspg.akamaiedge.net.
dspg.akamaiedge.net. 1966 IN NS n4dspg.akamaiedge.net.
dspg.akamaiedge.net. 1966 IN NS n5dspg.akamaiedge.net.
dspg.akamaiedge.net. 1966 IN NS n2dspg.akamaiedge.net.
dspg.akamaiedge.net. 1966 IN NS n0dspg.akamaiedge.net.
dspg.akamaiedge.net. 1966 IN NS n3dspg.akamaiedge.net.
dspg.akamaiedge.net. 1966 IN NS n6dspg.akamaiedge.net.
dspg.akamaiedge.net. 1966 IN NS n7dspg.akamaiedge.net.
dspg.akamaiedge.net. 1966 IN NS a0dspg.akamaiedge.net.
;; ADDITIONAL SECTION:
n7dspg.akamaiedge.net. 5966 IN A 165.254.211.12
n2dspg.akamaiedge.net. 5966 IN A 88.221.81.194
n4dspg.akamaiedge.net. 5966 IN A 165.254.211.15
a0dspg.akamaiedge.net. 1966 IN AAAA 2600:1480:e800::c0
n0dspg.akamaiedge.net. 1966 IN A 209.8.212.110
n5dspg.akamaiedge.net. 1966 IN A 165.254.211.14
n3dspg.akamaiedge.net. 3966 IN A 165.254.211.20
n1dspg.akamaiedge.net. 3966 IN A 209.48.71.60
n6dspg.akamaiedge.net. 3966 IN A 165.254.211.13
;; Query time: 25 msec
;; WHEN: Tue Nov 8 19:18:06 2016
;; MSG SIZE rcvd: 475
thanks!
jim
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
