A very quick check from an iPad showed the host resolving fine from a couple of different recursives. The local one:
Shared from ISC Dig for iOS ; <<>> DiG 9.13.3 <<>> @192.168.0.10 +dnssec +noqr +multiline federate-secure.glbaa.barclays.com ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11792 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 9, ADDITIONAL: 12 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;federate-secure.glbaa.barclays.com. IN A ;; ANSWER SECTION: federate-secure.glbaa.barclays.com. 30 IN A 157.83.96.50 ;; AUTHORITY SECTION: barclays.com. 440 IN NS ns2.barcap.com. barclays.com. 440 IN NS a1-71.akam.net. barclays.com. 440 IN NS a18-65.akam.net. barclays.com. 440 IN NS ns3.barcap.com. barclays.com. 440 IN NS a10-66.akam.net. barclays.com. 440 IN NS a9-66.akam.net. barclays.com. 440 IN NS ns7.barcap.com. barclays.com. 440 IN NS a11-67.akam.net. barclays.com. 440 IN NS a12-64.akam.net. ;; ADDITIONAL SECTION: ns2.barcap.com. 300 IN A 141.228.196.129 ns3.barcap.com. 282 IN A 146.127.235.2 ns7.barcap.com. 300 IN A 141.228.129.129 a1-71.akam.net. 440 IN A 193.108.91.71 a1-71.akam.net. 440 IN AAAA 2600:1401:2::47 a9-66.akam.net. 440 IN A 184.85.248.66 a9-66.akam.net. 440 IN AAAA 2a02:26f0:117::42 a10-66.akam.net. 440 IN A 96.7.50.66 a11-67.akam.net. 440 IN A 84.53.139.67 a12-64.akam.net. 440 IN A 184.26.160.64 a18-65.akam.net. 440 IN A 95.101.36.65 ;; Query time: 21 msec ;; SERVER: 192.168.0.10#53(192.168.0.10) ;; WHEN: Sun Jun 16 09:51:44 BST 2019 ;; MSG SIZE rcvd: 472 I guess proper troubleshooting would involve checking what each of the authoriatatives say. But it’s Sunday and the dogs need a walk. :-) Simon > On 16 Jun 2019, at 09:43, Sebastian Arcus <s.ar...@open-t.co.uk> wrote: > > I have discovered Friday that the following domain used by Barclays bank in > UK doesn't resolve properly - but only on some of my servers running Bind: > > federate-secure.glbaa.barclays.com > > It works on a server with v9.12.3, but it fails on a server with v9.11.0 and > another one with v9.14.2. However, I don't think that the Bind version has > anything to do with it. All servers are recursive servers. > > It also resolves fine if I point to Google dns servers. > > I've ran tests on the domain above using the MX Toolbox dns checker > (mxtoolbox.com), and it fails with the following errors: > > 3 ns22.barclays.net 157.83.102.246 TIMED-OUT 518 ms , rcode=NO_DATA > 3 ns21.barclays.com 157.83.102.245 TIMED-OUT 509 ms , rcode=NO_DATA > 3 ns23.barclays.com 157.83.126.245 TIMED-OUT 504 ms , rcode=NO_DATA > 3 ns24.barclays.net 157.83.126.246 TIMED-OUT 517 ms , rcode=NO_DATA > > I've had to temporarily disable and bypass the local Bind instance on this > server and point to Google dns, as users couldn't use online banking from > Barclays because of the issue above. > > Does anybody have any idea why would it work on some servers and with Google > dns, but not on other servers with Bind? Also, would someone mind trying to > resolve the above domain at their end and see if they get the same errors > please. > > Any suggestions appreciated. Thank you. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
