[Ext] Re: Question on prod.msocdn.com

Jim Glassford jmglass at iup.edu
Wed Nov 9 19:42:30 UTC 2016



On 11/9/2016 4:55 AM, Tony Finch wrote:
> Jim Glassford <jmglass at iup.edu> wrote:
>> Doing dig +cd on prod.msocnd.com will get the CNAME, without +cd either
>> timeout or SERVFAIL depending on version of bind.
> It works for me with BIND 9.11 and 9.10.4-P4.
>
> There are some EDNS-related changes in 9.10 which might be why these
> versions are better able to resolve this domain.
>
> It looks like you are running 9.8.2rc1, which was released in 2012 (and
> 9.8 was EOL 2 years ago) and 9.9.4 which is 3 years old. You can't rely on
> Red Hat to backport all the relevant fixes, so if you are running an
> important production service on BIND you should use the latest versions
> from isc.org.
>
>> dnssec-debugger.versignlabs.com on prod.msocdn.com and not sure, looks like
>> the problem is in dspg.akamaiedge.net?
> Yes, there are several problems on the Akamai side of things
> http://dnsviz.net/d/prod.msocdn.com/dnssec/
>
> Tony.

Thanks Tony and also others that replied off list.
I installed 9.11.0-P1 and having the same issue. Tried out the nta and 
hey, It works pretty sweet.
Not sure what my problem is here but will continue to trouble shoot.
best!
jim

[root at dns3 bind-9.11.0-P1]# rndc status
version: BIND 9.11.0-P1 <id:1e9bd53>
running on dns3: Linux x86_64 2.6.32-642.6.2.el6.x86_64 #1 SMP Mon Oct 
24 10:22:33 EDT 2016
boot time: Wed, 09 Nov 2016 19:24:10 GMT
last configured: Wed, 09 Nov 2016 19:24:10 GMT
configuration file: /etc/named.conf
CPUs found: 2
worker threads: 2
UDP listeners per interface: 1
number of zones: 175 (80 automatic)
debug level: 3
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/9900/10000
tcp clients: 0/150
server is up and running


[root at dns3 bind-9.11.0-P1]# dig prod.msocdn.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> prod.msocdn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 65097
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;prod.msocdn.com.               IN      A
;; Query time: 4002 msec
;; WHEN: Wed Nov  9 14:40:02 2016
;; MSG SIZE  rcvd: 33

[root at dns3 bind-9.11.0-P1]#
[root at dns3 bind-9.11.0-P1]# rndc nta prod.msocdn.com
Negative trust anchor added: prod.msocdn.com/_default, expires 
09-Nov-2016 15:40:58.000
[root at dns3 bind-9.11.0-P1]#
[root at dns3 bind-9.11.0-P1]# dig prod.msocdn.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.3 <<>> prod.msocdn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25756
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 9, ADDITIONAL: 9

;; QUESTION SECTION:
;prod.msocdn.com.               IN      A

;; ANSWER SECTION:
prod.msocdn.com.        3600    IN      CNAME 
wildcard.msocdn.com.edgekey.net.
wildcard.msocdn.com.edgekey.net. 300 IN CNAME e7566.dspg.akamaiedge.net.
e7566.dspg.akamaiedge.net. 20   IN      A       104.95.43.11

;; AUTHORITY SECTION:
dspg.akamaiedge.net.    4000    IN      NS n2dspg.akamaiedge.net.
dspg.akamaiedge.net.    4000    IN      NS n4dspg.akamaiedge.net.
dspg.akamaiedge.net.    4000    IN      NS n1dspg.akamaiedge.net.
dspg.akamaiedge.net.    4000    IN      NS n6dspg.akamaiedge.net.
dspg.akamaiedge.net.    4000    IN      NS n3dspg.akamaiedge.net.
dspg.akamaiedge.net.    4000    IN      NS n5dspg.akamaiedge.net.
dspg.akamaiedge.net.    4000    IN      NS n7dspg.akamaiedge.net.
dspg.akamaiedge.net.    4000    IN      NS n0dspg.akamaiedge.net.
dspg.akamaiedge.net.    4000    IN      NS a0dspg.akamaiedge.net.

;; ADDITIONAL SECTION:
n7dspg.akamaiedge.net.  8000    IN      A       165.254.211.12
n5dspg.akamaiedge.net.  4000    IN      A       165.254.211.14
n2dspg.akamaiedge.net.  4000    IN      A       165.254.211.20
n4dspg.akamaiedge.net.  8000    IN      A       165.254.211.15
n0dspg.akamaiedge.net.  4000    IN      A       209.48.71.63
n1dspg.akamaiedge.net.  6000    IN      A       88.221.81.194
n3dspg.akamaiedge.net.  6000    IN      A       209.8.212.93
n6dspg.akamaiedge.net.  6000    IN      A       165.254.211.13
a0dspg.akamaiedge.net.  8000    IN      AAAA    2600:1480:e800::c0

;; Query time: 1282 msec
;; WHEN: Wed Nov  9 14:41:14 2016
;; MSG SIZE  rcvd: 475

[root at dns3 bind-9.11.0-P1]#






More information about the bind-users mailing list