If I go to my personal computer or my personal phone ( not on VPN connected to BLS network or using BLS resources) I can get to the site www.ssa.gov which I would mean to believe that it is able to resolve www.ssa.gov.
Does that mean the dns resolution for www.ssa.gov is not broken globally as explained below? Or maybe personal computer & my personal phone are querying different DNS servers over the internet which are able to resolve www.ssa.gov correctly and get to the website? Thanks Sandeep -----Original Message----- From: bind-users <bind-users-boun...@lists.isc.org> On Behalf Of Bjørn Mork Sent: Thursday, September 1, 2022 5:26 PM To: BIND users <bind-users@lists.isc.org> Subject: Re: Issue with dns resolution for www.ssa.gov CAUTION: This email originated from outside of BLS. DO NOT click links or open attachments unless you recognize the sender and know the content is safe. Please send suspicious emails as an attachment to sec...@bls.gov. www.ssa.gov is a separate zone according to the ssa.gov NS: bjorn@idefix:~$ dig ns www.ssa.gov @dns1.ssa.gov ; <<>> DiG 9.16.27-Debian <<>> ns www.ssa.gov @dns1.ssa.gov ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56002 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 9 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 3419fe2b41b19e86fd0d2330631122fd3a26a591e846d4b1 (good) ;; QUESTION SECTION: ;www.ssa.gov. IN NS ;; AUTHORITY SECTION: www.ssa.gov. 60 IN NS gtms2.ssa.gov. www.ssa.gov. 60 IN NS gtms1.ssa.gov. www.ssa.gov. 60 IN NS gtmu1.ssa.gov. www.ssa.gov. 60 IN NS gtmu2.ssa.gov. ;; ADDITIONAL SECTION: GTMS1.ssa.gov. 36000 IN AAAA 2001:1930:e03::13 GTMS2.ssa.gov. 36000 IN AAAA 2001:1930:e03::14 GTMU1.ssa.gov. 36000 IN AAAA 2001:1930:d07:1::10 GTMU2.ssa.gov. 36000 IN AAAA 2001:1930:d07:1::11 GTMS1.ssa.gov. 36000 IN A 137.200.4.203 GTMS2.ssa.gov. 36000 IN A 137.200.4.204 GTMU1.ssa.gov. 36000 IN A 137.200.43.16 GTMU2.ssa.gov. 36000 IN A 137.200.43.17 ;; Query time: 107 msec ;; SERVER: 2001:1930:d07:1::8#53(2001:1930:d07:1::8) ;; WHEN: Thu Sep 01 23:24:13 CEST 2022 ;; MSG SIZE rcvd: 348 But it's a CNAME according to the www.ssa.gov NS: bjorn@idefix:~$ dig a www.ssa.gov @gtms1.ssa.gov ; <<>> DiG 9.16.27-Debian <<>> a www.ssa.gov @gtms1.ssa.gov ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43620 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.ssa.gov. IN A ;; ANSWER SECTION: www.ssa.gov. 300 IN CNAME www.ssa.gov.edgekey.net. ;; Query time: 127 msec ;; SERVER: 2001:1930:e03::13#53(2001:1930:e03::13) ;; WHEN: Thu Sep 01 23:25:01 CEST 2022 ;; MSG SIZE rcvd: 77 CDNs playing tricks. This won't fly. Bjørn -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
