Issue with dns resolution for www.ssa.gov
Bhangui, Sandeep - BLS CTR
Bhangui.Sandeep at bls.gov
Thu Sep 1 22:02:27 UTC 2022
Thanks Bjorn.
This indeed looks like a mess up from SSA side.
Sandeep
-----Original Message-----
From: bind-users <bind-users-bounces at lists.isc.org> On Behalf Of Bjørn Mork
Sent: Thursday, September 1, 2022 5:26 PM
To: BIND users <bind-users at lists.isc.org>
Subject: Re: Issue with dns resolution for www.ssa.gov
CAUTION: This email originated from outside of BLS. DO NOT click links or open attachments unless you recognize the sender and know the content is safe. Please send suspicious emails as an attachment to SECURE at BLS.GOV.
www.ssa.gov is a separate zone according to the ssa.gov NS:
bjorn at idefix:~$ dig ns www.ssa.gov @dns1.ssa.gov
; <<>> DiG 9.16.27-Debian <<>> ns www.ssa.gov @dns1.ssa.gov ;; global options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56002 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 9 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 3419fe2b41b19e86fd0d2330631122fd3a26a591e846d4b1 (good) ;; QUESTION SECTION:
;www.ssa.gov. IN NS
;; AUTHORITY SECTION:
www.ssa.gov. 60 IN NS gtms2.ssa.gov.
www.ssa.gov. 60 IN NS gtms1.ssa.gov.
www.ssa.gov. 60 IN NS gtmu1.ssa.gov.
www.ssa.gov. 60 IN NS gtmu2.ssa.gov.
;; ADDITIONAL SECTION:
GTMS1.ssa.gov. 36000 IN AAAA 2001:1930:e03::13
GTMS2.ssa.gov. 36000 IN AAAA 2001:1930:e03::14
GTMU1.ssa.gov. 36000 IN AAAA 2001:1930:d07:1::10
GTMU2.ssa.gov. 36000 IN AAAA 2001:1930:d07:1::11
GTMS1.ssa.gov. 36000 IN A 137.200.4.203
GTMS2.ssa.gov. 36000 IN A 137.200.4.204
GTMU1.ssa.gov. 36000 IN A 137.200.43.16
GTMU2.ssa.gov. 36000 IN A 137.200.43.17
;; Query time: 107 msec
;; SERVER: 2001:1930:d07:1::8#53(2001:1930:d07:1::8)
;; WHEN: Thu Sep 01 23:24:13 CEST 2022
;; MSG SIZE rcvd: 348
But it's a CNAME according to the www.ssa.gov NS:
bjorn at idefix:~$ dig a www.ssa.gov @gtms1.ssa.gov
; <<>> DiG 9.16.27-Debian <<>> a www.ssa.gov @gtms1.ssa.gov ;; global options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43620 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.ssa.gov. IN A
;; ANSWER SECTION:
www.ssa.gov. 300 IN CNAME www.ssa.gov.edgekey.net.
;; Query time: 127 msec
;; SERVER: 2001:1930:e03::13#53(2001:1930:e03::13)
;; WHEN: Thu Sep 01 23:25:01 CEST 2022
;; MSG SIZE rcvd: 77
CDNs playing tricks. This won't fly.
Bjørn
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list