different answers from google's authoritative servers
Sotiris Tsimbonis
stsimb at forthnet.gr
Wed Jun 1 13:10:24 UTC 2016
On 1/6/16 15:50, Nico CARTRON wrote:
> Hi Sotiris,
>
> On 1 June 2016 at 14:47:31, Sotiris Tsimbonis (stsimb at forthnet.gr
> <mailto:stsimb at forthnet.gr>) wrote:
>
>> On 1/6/16 15:30, Kevin Kretz wrote:
>> > There's also no reason to assume that the different responses have
>> > anything to do with the client network. They could, of course (with
>> > views), but that you get different responses from the same/similar IP
>> > is, again, not anything wrong.
>> >
>>
>> True, so below is probably the visualisation of load balancing ... which
>> most of the times gives me "the wrong logical answer".
>>
>> [root at syz3ns03 ~]# while true ; do sleep 0.1 ; echo "$(date) $(dig
>> +short A www.google.com. @ns3.google.com.)" ; done
>> ...
>> Wed Jun 1 15:42:31 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:32 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:32 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:32 EEST 2016 216.58.208.100
>> Wed Jun 1 15:42:32 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:32 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:32 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:33 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:33 EEST 2016 216.58.208.100
>> Wed Jun 1 15:42:33 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:33 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:33 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:33 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:34 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:34 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:34 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:34 EEST 2016 216.58.208.100
>> Wed Jun 1 15:42:34 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:34 EEST 2016 172.217.16.36
>> Wed Jun 1 15:42:35 EEST 2016 172.217.16.36
>> ...
>>
>> So what I'm really trying to find out is if there's anything from my
>> side to influence the load balancer's decision..
>
>
> Why would you want to influence the LB decision?
> Is there any difference between the different IP addresses you have as
> answers?
>
> You mentioned SSL errors in the browser, could you give more details?
> I don’t think you should have to fix that on your side, but rather find
> out what is happening.
Because when google resolves to 172.217.16.*, browsers report an HSTS
violation and SEC_ERROR_UNKNOWN_ISSUER if firefox or
NET::ERR_CERT_AUTHORITY_INVALID in chrome.
When google resolves to 216.58.208.* they work as intented (no error).
Sot.
More information about the bind-users
mailing list