Re: Issue with dns resolution for www.ssa.gov

Thu, 01 Sep 2022 14:04:09 -0700 

Sandeep,

Are you all using CISA's Protective DNS?  If so, there might be a ruleset that 
is causing problems.

If not, and I have not checked, but is DNSSEC for SSA working correctly?

John

Sent from Nine<http://www.9folders.com/>

________________________________
From: "Bhangui, Sandeep - BLS CTR via bind-users" <bind-users@lists.isc.org>
Sent: Thursday, September 1, 2022 3:11 PM
To: bind-users@lists.isc.org
Subject: Issue with dns resolution for www.ssa.gov

Hi

We are running Bind Version 9.16.31 on RHEL 7.X Server and things are working 
fine in general.

Having issue with DNS resolution for www.ssa.gov<http://www.ssa.gov> no other 
DNS issues reported at this time.

Our DNS server cannot seem to resolve www.ssa.gov<http://www.ssa.gov> using 
nslookup ( know this is an old utility and cannot be used much for 
troubleshooting), dig seems to respond properly.

Just curious what could be the issue is this on our DNS server as nslookup 
seems to work fine for lot of other sites that I used just to check if it 
responds correctly.

The VZ public NS which is listed as one of the NS under /etc/resolv.conf seems 
to respond to nslookup just fine.

I am not sure what more information I could include which could be helpful if 
anything else is needed please let me know and I will post it.

Thanks in advance.

Sandeep


# nslookup www.ssa.gov<http://www.ssa.gov>

;; Got SERVFAIL reply from 127.0.0.1, trying next server

Server:         198.6.1.1
Address:        198.6.1.1#53

Non-authoritative answer:
www.ssa.gov<http://www.ssa.gov>     canonical name = 
www.ssa.gov.edgekey.net<http://www.ssa.gov.edgekey.net>.
www.ssa.gov.edgekey.net<http://www.ssa.gov.edgekey.net> canonical name = 
e82396.dsca.akamaiedge.net.
Name:   e82396.dsca.akamaiedge.net
Address: 23.222.241.54
Name:   e82396.dsca.akamaiedge.net
Address: 23.222.241.58
Name:   e82396.dsca.akamaiedge.net
Address: 2600:1404:d400::687d:293
Name:   e82396.dsca.akamaiedge.net
Address: 2600:1404:d400::687d:289


Dig output from the same DNS server seems to give a response.

# dig www.ssa.gov<http://www.ssa.gov>

; <<>> DiG 9.16.31 <<>> www.ssa.gov<http://www.ssa.gov>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24578
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.ssa.gov.                   IN      A

;; ANSWER SECTION:
www.ssa.gov<http://www.ssa.gov>.            300     IN      CNAME   
www.ssa.gov.edgekey.net<http://www.ssa.gov.edgekey.net>.
www.ssa.gov.edgekey.net<http://www.ssa.gov.edgekey.net>. 9625   IN      CNAME   
e82396.dsca.akamaiedge.net.
e82396.dsca.akamaiedge.net. 20  IN      A       23.222.241.58
e82396.dsca.akamaiedge.net. 20  IN      A       23.222.241.51

;; Query time: 171 msec
;; SERVER: 198.6.1.1#53(198.6.1.1)
;; WHEN: Thu Sep 01 16:03:21 EDT 2022
;; MSG SIZE  rcvd: 146



-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to