Jim Glassford <jmgl...@iup.edu> wrote: > > Doing dig +cd on prod.msocnd.com will get the CNAME, without +cd either > timeout or SERVFAIL depending on version of bind.
It works for me with BIND 9.11 and 9.10.4-P4. There are some EDNS-related changes in 9.10 which might be why these versions are better able to resolve this domain. It looks like you are running 9.8.2rc1, which was released in 2012 (and 9.8 was EOL 2 years ago) and 9.9.4 which is 3 years old. You can't rely on Red Hat to backport all the relevant fixes, so if you are running an important production service on BIND you should use the latest versions from isc.org. > dnssec-debugger.versignlabs.com on prod.msocdn.com and not sure, looks like > the problem is in dspg.akamaiedge.net? Yes, there are several problems on the Akamai side of things http://dnsviz.net/d/prod.msocdn.com/dnssec/ Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Fair Isle, Faeroes: Southeasterly 6 to gale 8, becoming cyclonic 4 or 5 in west. Rough or very rough. Wintry showers. Good, occasionally moderate. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
