On 11/9/2016 4:55 AM, Tony Finch wrote:
Jim Glassford <jmgl...@iup.edu> wrote:
Doing dig +cd on prod.msocnd.com will get the CNAME, without +cd either
timeout or SERVFAIL depending on version of bind.
It works for me with BIND 9.11 and 9.10.4-P4.
There are some EDNS-related changes in 9.10 which might be why these
versions are better able to resolve this domain.
It looks like you are running 9.8.2rc1, which was released in 2012 (and
9.8 was EOL 2 years ago) and 9.9.4 which is 3 years old. You can't rely on
Red Hat to backport all the relevant fixes, so if you are running an
important production service on BIND you should use the latest versions
from isc.org.
dnssec-debugger.versignlabs.com on prod.msocdn.com and not sure, looks like
the problem is in dspg.akamaiedge.net?
Yes, there are several problems on the Akamai side of things
http://dnsviz.net/d/prod.msocdn.com/dnssec/
Tony.
Thanks Tony and also others that replied off list.
I installed 9.11.0-P1 and having the same issue. Tried out the nta and
hey, It works pretty sweet.
Not sure what my problem is here but will continue to trouble shoot.
best!
jim
[root@dns3 bind-9.11.0-P1]# rndc status
version: BIND 9.11.0-P1 <id:1e9bd53>
running on dns3: Linux x86_64 2.6.32-642.6.2.el6.x86_64 #1 SMP Mon Oct
24 10:22:33 EDT 2016
boot time: Wed, 09 Nov 2016 19:24:10 GMT
last configured: Wed, 09 Nov 2016 19:24:10 GMT
configuration file: /etc/named.conf
CPUs found: 2
worker threads: 2
UDP listeners per interface: 1
number of zones: 175 (80 automatic)
debug level: 3
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/9900/10000
tcp clients: 0/150
server is up and running
[root@dns3 bind-9.11.0-P1]# dig prod.msocdn.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> prod.msocdn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 65097
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;prod.msocdn.com. IN A
;; Query time: 4002 msec
;; WHEN: Wed Nov 9 14:40:02 2016
;; MSG SIZE rcvd: 33
[root@dns3 bind-9.11.0-P1]#
[root@dns3 bind-9.11.0-P1]# rndc nta prod.msocdn.com
Negative trust anchor added: prod.msocdn.com/_default, expires
09-Nov-2016 15:40:58.000
[root@dns3 bind-9.11.0-P1]#
[root@dns3 bind-9.11.0-P1]# dig prod.msocdn.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> prod.msocdn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25756
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 9, ADDITIONAL: 9
;; QUESTION SECTION:
;prod.msocdn.com. IN A
;; ANSWER SECTION:
prod.msocdn.com. 3600 IN CNAME
wildcard.msocdn.com.edgekey.net.
wildcard.msocdn.com.edgekey.net. 300 IN CNAME e7566.dspg.akamaiedge.net.
e7566.dspg.akamaiedge.net. 20 IN A 104.95.43.11
;; AUTHORITY SECTION:
dspg.akamaiedge.net. 4000 IN NS n2dspg.akamaiedge.net.
dspg.akamaiedge.net. 4000 IN NS n4dspg.akamaiedge.net.
dspg.akamaiedge.net. 4000 IN NS n1dspg.akamaiedge.net.
dspg.akamaiedge.net. 4000 IN NS n6dspg.akamaiedge.net.
dspg.akamaiedge.net. 4000 IN NS n3dspg.akamaiedge.net.
dspg.akamaiedge.net. 4000 IN NS n5dspg.akamaiedge.net.
dspg.akamaiedge.net. 4000 IN NS n7dspg.akamaiedge.net.
dspg.akamaiedge.net. 4000 IN NS n0dspg.akamaiedge.net.
dspg.akamaiedge.net. 4000 IN NS a0dspg.akamaiedge.net.
;; ADDITIONAL SECTION:
n7dspg.akamaiedge.net. 8000 IN A 165.254.211.12
n5dspg.akamaiedge.net. 4000 IN A 165.254.211.14
n2dspg.akamaiedge.net. 4000 IN A 165.254.211.20
n4dspg.akamaiedge.net. 8000 IN A 165.254.211.15
n0dspg.akamaiedge.net. 4000 IN A 209.48.71.63
n1dspg.akamaiedge.net. 6000 IN A 88.221.81.194
n3dspg.akamaiedge.net. 6000 IN A 209.8.212.93
n6dspg.akamaiedge.net. 6000 IN A 165.254.211.13
a0dspg.akamaiedge.net. 8000 IN AAAA 2600:1480:e800::c0
;; Query time: 1282 msec
;; WHEN: Wed Nov 9 14:41:14 2016
;; MSG SIZE rcvd: 475
[root@dns3 bind-9.11.0-P1]#
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
