R: Again question about edns (like swupdl.adobe.com)
IDS Sas - Support
support at ids.it
Wed Oct 22 13:22:47 UTC 2014
Good morning,
I have those Bind versions installed:
BIND 9.10.1-x86 in a Windows Server 32 bit
BIND 9.10.1-x64 in a Windows Server 64 bit
Both versions have the SIT (Source Identity Token) EDNS option enabled by
default.
You have DiG 9.10-P1 (May 8 2014) and my problems start with 9.10.0-P2 (June
6 2014)
Regards
Staff IDS
Da: Chiesa Stefano [mailto:Stefano.Chiesa at wki.it]
Inviato: mercoledì 22 ottobre 2014 14.44
A: IDS Submit; bind-users at isc.org
Oggetto: R: Again question about edns (like swupdl.adobe.com)
Hello all.
Maybe I didnt understand the problem but in my installation of BIND 9.10
WINDOWS I cant replicate the error:
C:\>dig swupdl.adobe.com @10.39.128.11
; <<>> DiG 9.10-P1 <<>> swupdl.adobe.com @10.39.128.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43143
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;swupdl.adobe.com. IN A
;; ANSWER SECTION:
swupdl.adobe.com. 10761 IN CNAME swupdl.wip4.adobe.com.
swupdl.wip4.adobe.com. 561 IN CNAME
swupdl.adobe.com.edgesuite.net.
swupdl.adobe.com.edgesuite.net. 21561 IN CNAME a1577.d.akamai.net.
a1577.d.akamai.net. 20 IN A 95.101.34.43
a1577.d.akamai.net. 20 IN A 95.101.34.51
----------------------------------------------------------------------------
---------------------
C:\>dig www.acer.it @10.39.128.11
; <<>> DiG 9.10-P1 <<>> www.acer.it @10.39.128.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49188
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.acer.it. IN A
;; ANSWER SECTION:
www.acer.it. 275 IN CNAME public-akamai.gtm.acer.com.
public-akamai.gtm.acer.com. 6 IN CNAME www.acer.com.edgesuite.net.
www.acer.com.edgesuite.net. 21576 IN CNAME a492.b.akamai.net.
a492.b.akamai.net. 20 IN A 2.228.46.113
a492.b.akamai.net. 20 IN A 2.228.46.122
Regards.
Stefano Chiesa
Da: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] Per conto di IDS Submit
Inviato: mercoledì 22 ottobre 2014 12:30
A: bind-users at isc.org
Oggetto: Again question about edns (like swupdl.adobe.com)
Good morning,
with www.acer.it I have the same problem as swupdl.adobe.com
NXDOMAIN with bind 9.10 but NOERROR with Google DNS
I have read the Mark Andrews reply on july 4 2014:
------------------------------------------------------------------
It looks like nameserver vendors are not doing even rudimentry checks like
those above. DiG has thos options so that we could perform checks like
these.
Until Adobe fix their broken servers you can use a server clause to disable
sending SIT requests to them. Obviously this does not scale.
server <address> { request-sit no; };
Mark
------------------------------------------------------------------
But this doesnt solve the problem on others domains
should be possible enable request-sit no for all domains and not
manually add it?
Because I think there are lot of domains with this problem L
------------------------------------------------------------------
\Server\Bind\bin\dig.exe @81.174.15.142 www.acer.it
; <<>> DiG 9.10.1 <<>> @81.174.15.142 www.acer.it
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42228
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.acer.it. IN A
;; ANSWER SECTION:
www.acer.it. 300 IN CNAME public-akamai.gtm.acer.com.
;; AUTHORITY SECTION:
gtm.acer.com. 60 IN SOA gtm1.acer.com.
hostmaster.gtm1.acer.com. 482 10800 3600 604800 60
;; Query time: 572 msec
;; SERVER: 81.174.15.142#53(81.174.15.142)
;; WHEN: Wed Oct 22 12:13:12 ora legale Europa occidentale 2014
;; MSG SIZE rcvd: 132
------------------------------------------------------------------
------------------------------------------------------------------
\Server\Bind\bin\dig.exe @8.8.8.8 www.acer.it
; <<>> DiG 9.10.1 <<>> @8.8.8.8 www.acer.it
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34510
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.acer.it. IN A
;; ANSWER SECTION:
www.acer.it. 281 IN CNAME public-akamai.gtm.acer.com.
public-akamai.gtm.acer.com. 11 IN CNAME www.acer.com.edgesuite.net.
www.acer.com.edgesuite.net. 12306 IN CNAME a492.b.akamai.net.
a492.b.akamai.net. 19 IN A 88.149.196.137
a492.b.akamai.net. 19 IN A 88.149.196.145
;; Query time: 60 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Oct 22 12:14:02 ora legale Europa occidentale 2014
;; MSG SIZE rcvd: 180
------------------------------------------------------------------
Thanks in advance and best regards
Staff IDS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20141022/ff80ff2c/attachment-0001.html>
More information about the bind-users
mailing list