R: Again question about edns (like swupdl.adobe.com)

IDS Sas - Support support at ids.it
Wed Oct 22 13:22:47 UTC 2014 

Good morning,

 

I have those Bind versions installed:

 

BIND 9.10.1-x86 in a Windows Server 32 bit

BIND 9.10.1-x64 in a Windows Server 64 bit

 

Both versions have the “SIT (Source Identity Token) EDNS option” enabled by
default.

You have DiG 9.10-P1 (May 8 2014) and my problems start with 9.10.0-P2 (June
6 2014)

 

Regards

 

Staff IDS

 

Da: Chiesa Stefano [mailto:Stefano.Chiesa at wki.it] 
Inviato: mercoledì 22 ottobre 2014 14.44
A: IDS Submit; bind-users at isc.org
Oggetto: R: Again question about edns (like swupdl.adobe.com)

 

Hello all.

Maybe I didn’t understand the problem but in my installation of BIND 9.10
WINDOWS I can’t replicate the error:

 

C:\>dig swupdl.adobe.com @10.39.128.11

 

; <<>> DiG 9.10-P1 <<>> swupdl.adobe.com @10.39.128.11

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43143

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 9

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;swupdl.adobe.com.              IN      A

 

;; ANSWER SECTION:

swupdl.adobe.com.       10761   IN      CNAME   swupdl.wip4.adobe.com.

swupdl.wip4.adobe.com.  561     IN      CNAME
swupdl.adobe.com.edgesuite.net.

swupdl.adobe.com.edgesuite.net. 21561 IN CNAME  a1577.d.akamai.net.

a1577.d.akamai.net.     20      IN      A       95.101.34.43

a1577.d.akamai.net.     20      IN      A       95.101.34.51

 

----------------------------------------------------------------------------
---------------------

C:\>dig www.acer.it @10.39.128.11

 

; <<>> DiG 9.10-P1 <<>> www.acer.it @10.39.128.11

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49188

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 9

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.acer.it.                   IN      A

 

;; ANSWER SECTION:

www.acer.it.            275     IN      CNAME   public-akamai.gtm.acer.com.

public-akamai.gtm.acer.com. 6   IN      CNAME   www.acer.com.edgesuite.net.

www.acer.com.edgesuite.net. 21576 IN    CNAME   a492.b.akamai.net.

a492.b.akamai.net.      20      IN      A       2.228.46.113

a492.b.akamai.net.      20      IN      A       2.228.46.122

 

Regards.

Stefano Chiesa

 

Da: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] Per conto di IDS Submit
Inviato: mercoledì 22 ottobre 2014 12:30
A: bind-users at isc.org
Oggetto: Again question about edns (like swupdl.adobe.com)

 

Good morning, 

  

with www.acer.it I have the same problem as swupdl.adobe.com 

  

NXDOMAIN with bind 9.10 but NOERROR with Google DNS 

  

I have read the Mark Andrews reply on july 4 2014: 

------------------------------------------------------------------ 

It looks like nameserver vendors are not doing even rudimentry checks like
those above.  DiG has thos options so that we could perform checks like
these. 

  

Until Adobe fix their broken servers you can use a server clause to disable
sending SIT requests to them.  Obviously this does not scale. 

  

      server <address> { request-sit no; }; 

  

Mark 

------------------------------------------------------------------ 

But this doesn’t solve the problem on others domains 
 


 should be possible enable “request-sit no” for all domains and not
manually add it? 

Because I think there are lot of domains with this problem L 

  

  

------------------------------------------------------------------ 

\Server\Bind\bin\dig.exe @81.174.15.142 www.acer.it 

  

; <<>> DiG 9.10.1 <<>> @81.174.15.142 www.acer.it 

; (1 server found) 

;; global options: +cmd 

;; Got answer: 

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42228 

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 

  

;; OPT PSEUDOSECTION: 

; EDNS: version: 0, flags:; udp: 4096 

;; QUESTION SECTION: 

;www.acer.it.                   IN      A 

  

;; ANSWER SECTION: 

www.acer.it.            300     IN      CNAME   public-akamai.gtm.acer.com. 

  

;; AUTHORITY SECTION: 

gtm.acer.com.           60      IN      SOA     gtm1.acer.com.
hostmaster.gtm1.acer.com. 482 10800 3600 604800 60 

  

;; Query time: 572 msec 

;; SERVER: 81.174.15.142#53(81.174.15.142) 

;; WHEN: Wed Oct 22 12:13:12 ora legale Europa occidentale 2014 

;; MSG SIZE  rcvd: 132 

------------------------------------------------------------------ 

  

  

------------------------------------------------------------------ 

\Server\Bind\bin\dig.exe @8.8.8.8 www.acer.it 

  

; <<>> DiG 9.10.1 <<>> @8.8.8.8 www.acer.it 

; (1 server found) 

;; global options: +cmd 

;; Got answer: 

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34510 

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 

  

;; OPT PSEUDOSECTION: 

; EDNS: version: 0, flags:; udp: 512 

;; QUESTION SECTION: 

;www.acer.it.                   IN      A 

  

;; ANSWER SECTION: 

www.acer.it.            281     IN      CNAME   public-akamai.gtm.acer.com. 

public-akamai.gtm.acer.com. 11  IN      CNAME   www.acer.com.edgesuite.net. 

www.acer.com.edgesuite.net. 12306 IN    CNAME   a492.b.akamai.net. 

a492.b.akamai.net.      19      IN      A       88.149.196.137 

a492.b.akamai.net.      19      IN      A       88.149.196.145 

  

;; Query time: 60 msec 

;; SERVER: 8.8.8.8#53(8.8.8.8) 

;; WHEN: Wed Oct 22 12:14:02 ora legale Europa occidentale 2014 

;; MSG SIZE  rcvd: 180 

------------------------------------------------------------------ 

  

Thanks in advance and best regards 

  

Staff IDS 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20141022/ff80ff2c/attachment-0001.html>

More information about the bind-users mailing list