Question on prod.msocdn.com
Tony Finch
dot at dotat.at
Wed Nov 9 09:55:14 UTC 2016
Jim Glassford <jmglass at iup.edu> wrote:
>
> Doing dig +cd on prod.msocnd.com will get the CNAME, without +cd either
> timeout or SERVFAIL depending on version of bind.
It works for me with BIND 9.11 and 9.10.4-P4.
There are some EDNS-related changes in 9.10 which might be why these
versions are better able to resolve this domain.
It looks like you are running 9.8.2rc1, which was released in 2012 (and
9.8 was EOL 2 years ago) and 9.9.4 which is 3 years old. You can't rely on
Red Hat to backport all the relevant fixes, so if you are running an
important production service on BIND you should use the latest versions
from isc.org.
> dnssec-debugger.versignlabs.com on prod.msocdn.com and not sure, looks like
> the problem is in dspg.akamaiedge.net?
Yes, there are several problems on the Akamai side of things
http://dnsviz.net/d/prod.msocdn.com/dnssec/
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Fair Isle, Faeroes: Southeasterly 6 to gale 8, becoming cyclonic 4 or 5 in
west. Rough or very rough. Wintry showers. Good, occasionally moderate.
More information about the bind-users
mailing list