--- Begin Message ---
On Tue, Sep 23, 2025 at 10:21:07PM +0200, Petr Špaček wrote:
On 23. 09. 25 19:45, Florian Lohoff wrote:
I got reports that some gitlab/runner/docker stuff sporadically
failed and it turned out its caused by trafficmanager.net which has
been reported here in the past already to misbehave.
So the host in question is mcr.microsoft.com which hosts docker images for
dotnet which fails sporadically to resolve with bind 9.18.33 on
Debian/ Bookworm
aswell as Debian/Trixie with 9.20.11-4.
Indeed.
$ delv -i +ns mcr.trafficmanager.net -d99 | grep exce
;; exceeded max queries resolving 'ns3-04.azure-dns.org/AAAA'
(max-recursion-queries, querycount=50)
;; exceeded max queries resolving 'ns3-04.azure-dns.org/A'
(max-recursion-queries, querycount=51)
TL;DR their setup is so complicated that resolution from an empty
cache is hitting limits designed to prevent misuse/stop attackers from
exploiting resolvers.
The cache-cold setup can be fixed with max-recursion-queries 100; but
i still see sporadic SERVFAIL although frequency/probability dropped.
Flo
--
Florian Lohoff [email protected]
Any sufficiently advanced technology is indistinguishable from magic.
signature.asc
Description: PGP signature
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
