Question about name resolution.
Mark Andrews
marka at isc.org
Tue Oct 27 01:42:06 UTC 2015
Adobe's admins have been repeatedly told that their nameservers are
broken yet refuse / don't know how to fix them. They are Cc'd here
again.
The nameservers return bad answers when there is a EDNS option
present in the query.
e.g.
dig +nsid airdownload.wip4.adobe.com @da1gtm001.adobe.com
dig +expire airdownload.wip4.adobe.com @da1gtm001.adobe.com
dig +subnet=0.0.0.0/0 airdownload.wip4.adobe.com @da1gtm001.adobe.com
The first query below as a EDNS COOKIES option. The second does
not (note the +nocookie which turns off EDNS COOKIES which is on
by default in BIND 9.11. BIND 9.10 Windows sends SIT/EDNS COOKIES
option by default. Which option of the two options is version
dependent).
Mark
[rock:~/git/bind9] marka% dig airdownload.wip4.adobe.com @da1gtm001.adobe.com
; <<>> DiG 9.11.0pre-alpha <<>> airdownload.wip4.adobe.com @da1gtm001.adobe.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32924
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;airdownload.wip4.adobe.com. IN A
;; ANSWER SECTION:
airdownload.wip4.adobe.com. 300 IN CNAME airdownload.adobe.com.edgesuite.net.wip4.adobe.com.
;; AUTHORITY SECTION:
wip4.adobe.com. 30 IN SOA sj1gtm001.adobe.com. hostmaster.sj1gtm001.adobe.com. 1354 10800 3600 604800 60
;; Query time: 225 msec
;; SERVER: 192.150.16.247#53(192.150.16.247)
;; WHEN: Tue Oct 27 12:11:40 EST 2015
;; MSG SIZE rcvd: 162
[rock:~/git/bind9] marka% dig airdownload.wip4.adobe.com @da1gtm001.adobe.com +nocookie
; <<>> DiG 9.11.0pre-alpha <<>> airdownload.wip4.adobe.com @da1gtm001.adobe.com +nocookie
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3676
;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;airdownload.wip4.adobe.com. IN A
;; ANSWER SECTION:
airdownload.wip4.adobe.com. 300 IN CNAME ssl-download.adobe.com.edgekey.net.
;; Query time: 201 msec
;; SERVER: 192.150.16.247#53(192.150.16.247)
;; WHEN: Tue Oct 27 12:11:45 EST 2015
;; MSG SIZE rcvd: 103
[rock:~/git/bind9] marka%
In message <alpine.LSU.2.00.1510261445111.25050 at hermes-2.csi.cam.ac.uk>, Tony Finch writes:
> Bhangui, Sandeep - BLS CTR <Bhangui.Sandeep at bls.gov> wrote:
> >
> > If I do a dig on "airdownload.adobe.com" I only see an CNAME record. And
> > folks get the error host not resolvable when they try to access on our
> > Internal Network.
> >
> > airdownload.adobe.com
>
> This looks like a DNS misconfiguration by Adobe.
>
> airdownload.adobe.com. 10800 IN CNAME airdownload.wip4.adobe.com.
> airdownload.wip4.adobe.com. 300 IN CNAME airdownload.adobe.com.edgesuite.net.wip4.adobe.com.
>
> I think they missed the dot off the target address of the second CNAME. If
> I manually correct for this error I get the remarkably concatenative:
>
> airdownload.adobe.com.edgesuite.net. 21600 IN CNAME airdownload.adobe.com.edgesuite.net.globalredir.akadns.net.
> airdownload.adobe.com.edgesuite.net.globalredir.akadns.net. 3600 IN CNAME a1396.d.akamai.net.
> a1396.d.akamai.net. 20 IN A 184.27.136.17
> a1396.d.akamai.net. 20 IN A 184.27.136.25
>
> Tony.
> --
> f.anthony.n.finch <dot at dotat.at> http://dotat.at/
> Fitzroy, Sole: Southwesterly 5 to 7, becoming cyclonic later in far west. Very
> rough or high. Thundery showers. Good, occasionally poor.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list