<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 9/18/2012 12:59 PM, M. Meadows
wrote:<br>
</div>
<blockquote cite="mid:BLU156-W39C6F0379BBD6EC8F46AD3F3940@phx.gbl"
type="cite">
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
<div dir="ltr">
<br>
Thanks Kevin. I understand how the chained alias works. Sorry, I
didn't explain my question very well.<br>
<br>
I can see that the 8.8.8.8 google public dns server gets an
answer.<br>
<br>
I know that this domain has a cname coexisting with an SOA
record and NS records ... both of which I have read are a bad
thing. And I've seen the other reply that indicates that this
combination of records in a zone file wouldn't even load in BIND
... so it's done with some other more forgiving DNS app. <br>
<br>
What I also see (but failed to explain) is that we have a local
nameserver that can't find an answer to the dig
<a class="moz-txt-link-abbreviated" href="http://www.careerone.com.au">www.careerone.com.au</a> query. Gets no record back. Our local
nameserver is an AD server that just throws up its imaginary
hands in despair. So is this what we should expect from this
problematic DNS setup in the <a class="moz-txt-link-abbreviated" href="http://www.careerone.com.au">www.careerone.com.au</a> zone file?
Erratic or somewhat erratic results? Just curious why google and
some other public facing dns servers get an answer when our own
local nameserver can't figure it out.<br>
<br>
<br>
<br>
<div>
<hr id="stopSpelling">Date: Tue, 18 Sep 2012 11:18:58 -0400<br>
From: <a class="moz-txt-link-abbreviated" href="mailto:kcd@chrysler.com">kcd@chrysler.com</a><br>
To: <a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
Subject: Re: question about how a particular dig works ...<br>
<br>
<div class="ecxmoz-cite-prefix">On 9/18/2012 9:45 AM, M.
Meadows wrote:<br>
</div>
<blockquote
cite="mid:BLU156-W176DCC64F05372698F1620F3940@phx.gbl">
<style><!--
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:10pt;font-family:Tahoma;}
--></style>
<div dir="ltr"> <br>
dig <a moz-do-not-send="true"
class="ecxmoz-txt-link-abbreviated"
href="http://www.careerone.com.au" target="_blank">www.careerone.com.au</a>
+short @8.8.8.8<br>
<a moz-do-not-send="true"
class="ecxmoz-txt-link-abbreviated"
href="http://www.careerone.com.au.edgesuite.net"
target="_blank">www.careerone.com.au.edgesuite.net</a>.<br>
a903.g.akamai.net.<br>
208.44.23.99<br>
208.44.23.121<br>
<br>
Why does the above dig work when <br>
<br>
dig careerone.com.au +nssearch @8.8.8.8<br>
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200
3600 1200 86400 1200 from server usw1.akam.net in 106 ms.<br>
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200
3600 1200 86400 1200 from server usw4.akam.net in 136 ms.<br>
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200
3600 1200 86400 1200 from server usc4.akam.net in 124 ms.<br>
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200
3600 1200 86400 1200 from server usc1.akam.net in 40 ms.<br>
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200
3600 1200 86400 1200 from server usw5.akam.net in 190 ms.<br>
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200
3600 1200 86400 1200 from server ns1-24.akam.net in 171
ms.<br>
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200
3600 1200 86400 1200 from server asia1.akam.net in 161 ms.<br>
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200
3600 1200 86400 1200 from server ns1-50.akam.net in 161
ms.<br>
<br>
shows 8 auth nameservers for careerone.com.au<br>
<br>
and if you use <br>
<br>
dig <a moz-do-not-send="true"
class="ecxmoz-txt-link-abbreviated"
href="http://www.careerone.com.au" target="_blank">www.careerone.com.au</a>
+short @<any of the 8 auth nameservers> <br>
<br>
you get no answer.<br>
<br>
How does that work? Where does the 8.8.8.8 google public
dns server get its answer from?<br>
<br>
</div>
</blockquote>
<a moz-do-not-send="true" class="ecxmoz-txt-link-abbreviated"
href="http://www.careerone.com.au" target="_blank">www.careerone.com.au</a>
is an alias (through chained aliasing) ultimately to
a903.g.akamai.net. To get an authoritative answer for
a903g.akamai.net you'd need to ask one of the g.akamai.net
nameservers. Which is presumably what Google's public resolver
did to get the answers it returned to your query.<br>
<br>
</div>
</div>
</blockquote>
It's possible that the CNAME-and-other error is causing Microsoft
DNS to choke. Can you dump the cache on that box and see if it has
records other than the CNAME? <br>
<br>
Another possibility is that the CNAME chain is giving Microsoft DNS
fits, although Akamai has been doing that for years and it seems to
mostly work, despite being technically a violation of standards.<br>
<br>
I don't know much about troubleshooting Microsoft DNS resolution
problems, and I doubt many others on this list can (or would be
willing to) help either. Maybe try a Microsoft list?<br>
<br>
- Kevin<br>
</body>
</html>