Re: problem resolving ardownload.adobe.com

2014-07-08 Thread Nicholas F Miller
FWIW, I ran into this issue with www.elevationsbanking.com as well. The setup was very similar, the record resolved to a CNAME which in turn resolved to another CNAME. When the TTL expired on the CNAME the record would revert to NXDOMAIN. It wasn’t until the TTL expired for the SOA that things

Re: problem resolving ardownload.adobe.com

2014-07-08 Thread Barry Margolin
In article , Mark Andrews wrote: > > The adobe servers are just plain broken. > > Request a CNAME -> NXDOMAIN (Should return CNAME record) > Request a TXT -> NXDOMAIN (Should return CNAME record) > Request a NS -> NXDOMAIN (Should return CNAME record) > Add a EDNS optio

Re: problem resolving ardownload.adobe.com

2014-07-07 Thread Mark Andrews
The adobe servers are just plain broken. Request a CNAME -> NXDOMAIN (Should return CNAME record) Request a TXT -> NXDOMAIN (Should return CNAME record) Request a NS -> NXDOMAIN (Should return CNAME record) Add a EDNS option -> NXDOMAIN (Should return CNAME record)

Re: problem resolving ardownload.adobe.com

2014-07-07 Thread Casey Deccio
On Wed, Jul 2, 2014 at 2:51 PM, Carl Byington wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > version: 9.10.0-P2 > > dig ardownload.adobe.com. @localhost > > ;; ANSWER SECTION: > ardownload.adobe.com. 8743IN CNAME ardownload.wip4.adobe.com. > > What is the rest of the dig ou

Re: problem resolving ardownload.adobe.com --enable-sit harmful?

2014-07-03 Thread Carl Byington
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 2014-07-04 at 09:41 +1000, Mark Andrews wrote: > Until Adobe fix their broken servers you can use a server clause to > disable sending SIT requests to them. Obviously this does not scale. > server { request-sit no; }; Thanks. That

Re: problem resolving ardownload.adobe.com --enable-sit harmful?

2014-07-03 Thread Mark Andrews
I suggest that you log a complaint with Adobe requesting that they contact their nameserver vendor for a fix. This bug is similar in nature to that of http://www.kb.cert.org/vuls/id/714121 (NXDOMAIN incorrectly returned to a query). Unknown EDNS options are supposed to be ignored by the nam

Re: problem resolving ardownload.adobe.com --enable-sit harmful?

2014-07-03 Thread Carl Byington
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I re-ran the dig to localhost (running bind 9.10.0-P2), and grabbed the packets with tcpdump. dig ardownload.adobe.com. @localhost That sent a query to 192.150.19.247 with flags = 0, edns size = 512, and got an NXDOMAIN answer. So I tried to reproduc

problem resolving ardownload.adobe.com

2014-07-02 Thread Carl Byington
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 version: 9.10.0-P2 dig ardownload.adobe.com. @localhost ;; ANSWER SECTION: ardownload.adobe.com. 8743IN CNAME ardownload.wip4.adobe.com. dig ardownload.adobe.com. @8.8.8.8 ;; ANSWER SECTION: ardownload.adobe.com. 4141IN CNAME ard