On Mon, Dec 29, 2014 at 5:22 PM, Brian Dickson < brian.peter.dick...@gmail.com> wrote:
> > - Another thing to possibly call out is the behavior of some name servers > when the QNAME is an Empty Non-Terminal, e.g. a non-zone-cut with a child, > but no RRs at the owner name. I seem to recall something along those lines > but don't recall details, e.g. which software, version, etc., has this > issue. > Here's one example I'm familiar with (the website of my previous employer, U of Penn, which uses the Akamai CDN): $ ./test.py www.upenn.edu >> Query: edu. A IN at zone . >> [Got Referral to zone: edu.] >> Query: upenn.edu. A IN at zone edu. >> [Got Referral to zone: upenn.edu.] >> Query: www.upenn.edu. A IN at zone upenn.edu. www.upenn.edu. 300 IN CNAME www.upenn.edu-dscg.edgesuite.net. >> Query: net. A IN at zone . >> [Got Referral to zone: net.] >> Query: edgesuite.net. A IN at zone net. >> [Got Referral to zone: edgesuite.net.] >> Query: edu-dscg.edgesuite.net. A IN at zone edgesuite.net. ERROR: NXDOMAIN: edu-dscg.edgesuite.net. not found www.upenn.edu is an alias for www.upenn.edu-dscg.edgesuite.net. The Akamai DNS server for zone edgesuite.net incorrectly responds with NXDOMAIN (rather than NOERROR, empty answer) for the intermediate qname " edu-dscg.edgesuite.net." and thus halts the resolution there. It also provides NXDOMAIN at the next query name "upenn.edu-dscg.edgesuite.net.". This seems to be the case with other Akamaized sites too, e.g. www.apple.com, which goes through akadns.net. I'm assuming this will get fixed as qname minimization gets deployed, but I'm wondering if anyone from Akamai can comment on this behavior. Shumon.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
