nested CNAMEs resolution failures?
cardenas at sig.com
cardenas at sig.com
Mon Jan 29 12:29:33 UTC 2018
I have BIND 9.11.2 caching-only servers. So it is plain vanilla no authoritative zones configuration and resolv.conf points to locahost address. Can someone help me understand why I cannot resolve file.caixin.com, but if I direct my queries to open resolvers from the likes of Google/Verizon they yield positive results? The only reported resolutions we cannot get are links from web content at www.caixin.com, such as image1.caixin.com and the aforementioned file.caixin.com. Do these resolve for others or NXDOMAIN? Could it be something about my source address space? The only thing I noticed that may be different for these names is they are triply-nested CNAMEs. The A records may yield different addresses, I assume due to geo-awareness. The end users perception is that there is something I should be able to do to fix this.
Here is the query to Google DNS followed by same query from our vantage point and delegation traces.
$ dig file.caixin.com @8.8.8.8
; <<>> DiG 9.9.6-P1 <<>> file.caixin.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22007
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;file.caixin.com. IN A
;; ANSWER SECTION:
file.caixin.com. 2017 IN CNAME www.caixin.com.bbdglb.com.
www.caixin.com.bbdglb.com. 599 IN CNAME scsec-download.usgcac.cdnetworks.net.
scsec-download.usgcac.cdnetworks.net. 299 IN CNAME gg.caixin.com.gccdn.net.
gg.caixin.com.gccdn.net. 19 IN A 174.35.56.145
gg.caixin.com.gccdn.net. 19 IN A 174.35.54.145
;; Query time: 274 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jan 03 13:09:12 EST 2018
;; MSG SIZE rcvd: 196
$ dig file.caixin.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23428
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;file.caixin.com. IN A
;; AUTHORITY SECTION:
caixin.com. 57 IN SOA bj.gtm.caijingnews.com. hostmaster.bj.gtm.caijingnews.com. 2363 10800 3600 604800 60
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jan 03 13:08:02 EST 2018
;; MSG SIZE rcvd: 110
$ dig +trace file.caixin.com
; <<>> DiG 9.9.6-P1 <<>> +trace file.caixin.com
;; global options: +cmd
. 334490 IN NS d.root-servers.net.
. 334490 IN NS c.root-servers.net.
. 334490 IN NS b.root-servers.net.
. 334490 IN NS h.root-servers.net.
. 334490 IN NS m.root-servers.net.
. 334490 IN NS a.root-servers.net.
. 334490 IN NS i.root-servers.net.
. 334490 IN NS f.root-servers.net.
. 334490 IN NS k.root-servers.net.
. 334490 IN NS e.root-servers.net.
. 334490 IN NS l.root-servers.net.
. 334490 IN NS j.root-servers.net.
. 334490 IN NS g.root-servers.net.
. 334496 IN RRSIG NS 8 0 518400 20180113170000 20171231160000 46809 . d38ylstGYAWSlSxSzfpqhV6XUZN6M1QMJi64jKGYqAykq2rcPiF4WCXO CFMW0/dpLC+LROaZFACp61bA2ZzDvHcAJamDn22PKstsVANQapMH5XDv a76Cel0VdkErSnIM9PRMyD5+Cx9JKJTUK+wYdeVXA7S+9iI07ZWGoIir YlpwlRn2P6Y5MWR2ouPyQPE6bRhc5pGZqBb+NvU4ZS2dm3dpC1vlnz8U lgH3JpEtVep7oE4xHfYGXVwVZhSqEVxKIClktkPb1mCvuwg8fQtcsuh5 /5VecoaGL+OIIUVDVhmXcTIsdsd7iCTWBLQRqIc+1V6JwMkB0LkRtkXe Zf7NeA==
;; Received 733 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20180116050000 20180103040000 41824 . OzM6h4IU2WLR9NnvDDLlu8hde53ySAwkSWHZbfQq115DsEIhIgtlDZj7 raUXZ0Te8Gl8ewr288F1GsfMIpy0uTFiPTmYClOOe/iXmxGjMbiMQ5qo CaufwXQpna88phfNusACN7NtmGLyqiaj5zxLkPOK6RDAa/tHi7SxINIq n7H5bXwvml975408sZgOCwlrqD9ItBpo1pIBh+f5CNKPN0ohZqjkE97N z5pZmTVelssmOCFlJTM2unGJj5VYu/1QS6B+Iudr6lc2/SKYM0L9pzCr f0vi2YeRFimNceb3fjJf/fwJmlibZKrgI6/1Weu8SWPQV1yY+hiPPzrM dqdXGQ==
;; Received 1175 bytes from 199.7.91.13#53(d.root-servers.net) in 5 ms
caixin.com. 172800 IN NS ns0.caing.com.
caixin.com. 172800 IN NS ns10.caixin.com.
caixin.com. 172800 IN NS ns20.caixin.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20180108054916 20180101043916 11324 com. lVsOMB+D71FpGGZWdQ7UEoUbmQ5M9YWaKbihbSaryE2agNtoi7DTBM2N 684cmyvTrCr1B9KbCX3EvvZyZ8UaJY1N8bkyLkgArfWGjflLoov9kiSb nUDT3rEKoXDnDUlwSNPfnk7nbY/kWzlU1tVmc+6QmQMgD2QBg65aLc4A Ous=
C7U09JR8IN1LJDTO0JFIVTB8T1J1IDDK.com. 86400 IN NSEC3 1 1 0 - C7U2OGDQJ92Q0NCH01JU5HHDCEH9TFKK NS DS RRSIG
C7U09JR8IN1LJDTO0JFIVTB8T1J1IDDK.com. 86400 IN RRSIG NSEC3 8 2 86400 20180110051819 20180103040819 11324 com. tVaF8Pz9hLF6x3EIWkmwn4JIvVwtCN3rXgys2LwPRVEz3DSOK8VJ9zrs mshUngQMEMxxdqe4NbM1hLG0WA1+PZIw1snW1RUbYcJm7soN7Yeykvbt DFTfe6zI7UfwzRirLHCKkyWJJbVwbEZLv15AkQQQMH4AdogW9roD3dbz zEg=
;; Received 639 bytes from 192.48.79.30#53(j.gtld-servers.net) in 84 ms
file.caixin.com. 3600 IN CNAME www.caixin.com.bbdglb.com.
;; Received 80 bytes from 113.209.232.210#53(ns0.caing.com) in 298 ms
$ dig +trace file.caixin.com | tail
caixin.com. 172800 IN NS ns20.caixin.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20180108054916 20180101043916 11324 com. lVsOMB+D71FpGGZWdQ7UEoUbmQ5M9YWaKbihbSaryE2agNtoi7DTBM2N 684cmyvTrCr1B9KbCX3EvvZyZ8UaJY1N8bkyLkgArfWGjflLoov9kiSb nUDT3rEKoXDnDUlwSNPfnk7nbY/kWzlU1tVmc+6QmQMgD2QBg65aLc4A Ous=
C7U09JR8IN1LJDTO0JFIVTB8T1J1IDDK.com. 86400 IN NSEC3 1 1 0 - C7U2OGDQJ92Q0NCH01JU5HHDCEH9TFKK NS DS RRSIG
C7U09JR8IN1LJDTO0JFIVTB8T1J1IDDK.com. 86400 IN RRSIG NSEC3 8 2 86400 20180110051819 20180103040819 11324 com. tVaF8Pz9hLF6x3EIWkmwn4JIvVwtCN3rXgys2LwPRVEz3DSOK8VJ9zrs mshUngQMEMxxdqe4NbM1hLG0WA1+PZIw1snW1RUbYcJm7soN7Yeykvbt DFTfe6zI7UfwzRirLHCKkyWJJbVwbEZLv15AkQQQMH4AdogW9roD3dbz zEg=
;; Received 639 bytes from 192.55.83.30#53(m.gtld-servers.net) in 38 ms
file.caixin.com. 3600 IN CNAME www.caixin.com.bbdglb.com.
;; Received 80 bytes from 43.242.49.158#53(ns10.caixin.com) in 225 ms
$ dig +trace www.caixin.com.bbdglb.com. | tail
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20180108054916 20180101043916 11324 com. lVsOMB+D71FpGGZWdQ7UEoUbmQ5M9YWaKbihbSaryE2agNtoi7DTBM2N 684cmyvTrCr1B9KbCX3EvvZyZ8UaJY1N8bkyLkgArfWGjflLoov9kiSb nUDT3rEKoXDnDUlwSNPfnk7nbY/kWzlU1tVmc+6QmQMgD2QBg65aLc4A Ous=
P0SPS5IFJMDSUNHQI3AJMRQSG0GB4B1V.com. 86400 IN NSEC3 1 1 0 - P0SR4CDF2GDHQSI8BGMTFCB08L6K7JC4 NS DS RRSIG
P0SPS5IFJMDSUNHQI3AJMRQSG0GB4B1V.com. 86400 IN RRSIG NSEC3 8 2 86400 20180109054337 20180102043337 11324 com. PRdeS+DcEmyiZp12FAKLQc19wmSAXscxwN8E1sYebuajhRkrzL2ZLHz4 fv6kQv/7kFZOWD7PbWa5Q9KjXvbS2vSfM3ERTIrEOLMBeSLjX/s5VySq FjiD6wswt1wnXvL0yoFwCErAN9E9ExrGdCkEDHTsX7jCgv063wN3eIwG 2iY=
;; Received 917 bytes from 192.52.178.30#53(k.gtld-servers.net) in 38 ms
www.caixin.com.bbdglb.com. 600 IN CNAME scsec-download.usgcac.cdnetworks.net.
bbdglb.com. 86400 IN NS ns3.dnsv5.com.
bbdglb.com. 86400 IN NS ns4.dnsv5.com.
;; Received 158 bytes from 61.151.180.51#53(ns3.dnsv5.com) in 283 ms
$ dig +trace scsec-download.usgcac.cdnetworks.net. | tail
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20180108062515 20180101051515 18737 net. oSw2RTbkdDYXOBbwvIQWmWjbWRACuKEOa1+Ryw9RTg10VLv3F9pq2fDN xKsJM250lqbIUhMKU9NB3dyB4Yxrms6Sy7kkhllbCTG9oJ1FUN2ztGUF i5Lk7o0o0IYrmyF4gBlrnMQJd0jjo+cXHVe6YaPygIcxNKFP5oM2WYqg FOQ=
TKT8AQAE1RD0HEHQD52AMHUREK85PF01.net. 86400 IN NSEC3 1 1 0 - TKTB45MHIAIO815CSIFF2HNHQJBUS8MI NS DS RRSIG
TKT8AQAE1RD0HEHQD52AMHUREK85PF01.net. 86400 IN RRSIG NSEC3 8 2 86400 20180108062120 20180101051120 18737 net. CZjqoTl1dMYiOjLOtdNXYRsnRDdTjr99Qw+4FgpntM53PZ5A60RuhfSW TPZUWNA2/wbRczfB3IkMgRNp8F71Riu/kpVu0ZJL+LkauvkDSPX6MjRw 1P7zh0aQBuRD02dGHmSDylQol3hfQ5Rsj/f4YgOza9WHz3U67FwRdW4q 89c=
;; Received 674 bytes from 192.54.112.30#53(h.gtld-servers.net) in 84 ms
scsec-download.usgcac.cdnetworks.net. 300 IN CNAME gg.caixin.com.gccdn.net.
gg.caixin.com.gccdn.net. 20 IN A 174.35.56.68
gg.caixin.com.gccdn.net. 20 IN A 174.35.52.17
;; Received 134 bytes from 174.35.55.22#53(ns1.cdnetdns.net) in 4 ms
More information about the bind-users
mailing list