problem resolving ardownload.adobe.com --enable-sit harmful?
Carl Byington
carl at byington.org
Thu Jul 3 20:23:04 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I re-ran the dig to localhost (running bind 9.10.0-P2), and grabbed the
packets with tcpdump.
dig ardownload.adobe.com. @localhost
That sent a query to 192.150.19.247 with flags = 0, edns size = 512, and
got an NXDOMAIN answer. So I tried to reproduce that query with dig:
dig ardownload.wip4.adobe.com a @192.150.19.247 +dnssec +norecur
+noadflag +bufsize=512
According to tcpdump, that sent the same query, but it got the cname
answer.
The outgoing query from the local bind-9.10.0-P2 contains an extra 12
bytes of data in the OPT record, after the Z field containing the DO
bit. This version of bind was compiled with --enable-sit
It seems that the adobe servers choke on that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlO1u5wACgkQL6j7milTFsH2IACfVK7hgK/L4XprzUWpJ7PGeXQV
938AmwcrygxiD7pZD3qYVtaL37idfHWp
=Ah7c
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list