RE: Issue with dns resolution for www.ssa.gov

Bhangui, Sandeep - BLS CTR via bind-users Thu, 01 Sep 2022 15:03:39 -0700

Thanks Bjorn.

This indeed looks like a mess up from SSA side.


Sandeep

-----Original Message-----
From: bind-users <bind-users-boun...@lists.isc.org> On Behalf Of Bjørn Mork
Sent: Thursday, September 1, 2022 5:26 PM
To: BIND users <bind-users@lists.isc.org>
Subject: Re: Issue with dns resolution for www.ssa.gov

CAUTION: This email originated from outside of BLS. DO NOT click links or open 
attachments unless you recognize the sender and know the content is safe. 
Please send suspicious emails as an attachment to sec...@bls.gov.

www.ssa.gov is a separate zone according to the ssa.gov NS:

bjorn@idefix:~$ dig ns www.ssa.gov @dns1.ssa.gov

; <<>> DiG 9.16.27-Debian <<>> ns www.ssa.gov @dns1.ssa.gov ;; global options: 
+cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56002 ;; flags: qr rd; 
QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 9 ;; WARNING: recursion 
requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 3419fe2b41b19e86fd0d2330631122fd3a26a591e846d4b1 (good) ;; QUESTION 
SECTION:
;www.ssa.gov.                   IN      NS

;; AUTHORITY SECTION:
www.ssa.gov.            60      IN      NS      gtms2.ssa.gov.
www.ssa.gov.            60      IN      NS      gtms1.ssa.gov.
www.ssa.gov.            60      IN      NS      gtmu1.ssa.gov.
www.ssa.gov.            60      IN      NS      gtmu2.ssa.gov.

;; ADDITIONAL SECTION:
GTMS1.ssa.gov.          36000   IN      AAAA    2001:1930:e03::13
GTMS2.ssa.gov.          36000   IN      AAAA    2001:1930:e03::14
GTMU1.ssa.gov.          36000   IN      AAAA    2001:1930:d07:1::10
GTMU2.ssa.gov.          36000   IN      AAAA    2001:1930:d07:1::11
GTMS1.ssa.gov.          36000   IN      A       137.200.4.203
GTMS2.ssa.gov.          36000   IN      A       137.200.4.204
GTMU1.ssa.gov.          36000   IN      A       137.200.43.16
GTMU2.ssa.gov.          36000   IN      A       137.200.43.17

;; Query time: 107 msec
;; SERVER: 2001:1930:d07:1::8#53(2001:1930:d07:1::8)
;; WHEN: Thu Sep 01 23:24:13 CEST 2022
;; MSG SIZE  rcvd: 348



But it's a CNAME according to the www.ssa.gov NS:


bjorn@idefix:~$ dig a www.ssa.gov @gtms1.ssa.gov

; <<>> DiG 9.16.27-Debian <<>> a www.ssa.gov @gtms1.ssa.gov ;; global options: 
+cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43620 ;; flags: qr aa rd; 
QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion 
requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ssa.gov.                   IN      A

;; ANSWER SECTION:
www.ssa.gov.            300     IN      CNAME   www.ssa.gov.edgekey.net.

;; Query time: 127 msec
;; SERVER: 2001:1930:e03::13#53(2001:1930:e03::13)
;; WHEN: Thu Sep 01 23:25:01 CEST 2022
;; MSG SIZE  rcvd: 77



CDNs playing tricks. This won't fly.



Bjørn
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Issue with dns resolution for www.ssa.gov

Reply via email to