R: Again question about edns (like swupdl.adobe.com)

2014-10-22 Thread IDS Sas - Support 
Good morning,

 

I have those Bind versions installed:

 

BIND 9.10.1-x86 in a Windows Server 32 bit

BIND 9.10.1-x64 in a Windows Server 64 bit

 

Both versions have the “SIT (Source Identity Token) EDNS option” enabled by
default.

You have DiG 9.10-P1 (May 8 2014) and my problems start with 9.10.0-P2 (June
6 2014)

 

Regards

 

Staff IDS

 

Da: Chiesa Stefano [mailto:stefano.chi...@wki.it] 
Inviato: mercoledì 22 ottobre 2014 14.44
A: IDS Submit; bind-us...@isc.org
Oggetto: R: Again question about edns (like swupdl.adobe.com)

 

Hello all.

Maybe I didn’t understand the problem but in my installation of BIND 9.10
WINDOWS I can’t replicate the error:

 

C:\dig swupdl.adobe.com @10.39.128.11

 

;  DiG 9.10-P1  swupdl.adobe.com @10.39.128.11

;; global options: +cmd

;; Got answer:

;; -HEADER- opcode: QUERY, status: NOERROR, id: 43143

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 9

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;swupdl.adobe.com.  IN  A

 

;; ANSWER SECTION:

swupdl.adobe.com.   10761   IN  CNAME   swupdl.wip4.adobe.com.

swupdl.wip4.adobe.com.  561 IN  CNAME
swupdl.adobe.com.edgesuite.net.

swupdl.adobe.com.edgesuite.net. 21561 IN CNAME  a1577.d.akamai.net.

a1577.d.akamai.net. 20  IN  A   95.101.34.43

a1577.d.akamai.net. 20  IN  A   95.101.34.51

 


-

C:\dig www.acer.it @10.39.128.11

 

;  DiG 9.10-P1  www.acer.it @10.39.128.11

;; global options: +cmd

;; Got answer:

;; -HEADER- opcode: QUERY, status: NOERROR, id: 49188

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 9

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.acer.it.   IN  A

 

;; ANSWER SECTION:

www.acer.it.275 IN  CNAME   public-akamai.gtm.acer.com.

public-akamai.gtm.acer.com. 6   IN  CNAME   www.acer.com.edgesuite.net.

www.acer.com.edgesuite.net. 21576 INCNAME   a492.b.akamai.net.

a492.b.akamai.net.  20  IN  A   2.228.46.113

a492.b.akamai.net.  20  IN  A   2.228.46.122

 

Regards.

Stefano Chiesa

 

Da: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] Per conto di IDS Submit
Inviato: mercoledì 22 ottobre 2014 12:30
A: bind-us...@isc.org
Oggetto: Again question about edns (like swupdl.adobe.com)

 

Good morning, 

  

with www.acer.it I have the same problem as swupdl.adobe.com 

  

NXDOMAIN with bind 9.10 but NOERROR with Google DNS 

  

I have read the Mark Andrews reply on july 4 2014: 

-- 

It looks like nameserver vendors are not doing even rudimentry checks like
those above.  DiG has thos options so that we could perform checks like
these. 

  

Until Adobe fix their broken servers you can use a server clause to disable
sending SIT requests to them.  Obviously this does not scale. 

  

  server address { request-sit no; }; 

  

Mark 

-- 

But this doesn’t solve the problem on others domains … 

… should be possible enable “request-sit no” for all domains and not
manually add it? 

Because I think there are lot of domains with this problem L 

  

  

-- 

\Server\Bind\bin\dig.exe @81.174.15.142 www.acer.it 

  

;  DiG 9.10.1  @81.174.15.142 www.acer.it 

; (1 server found) 

;; global options: +cmd 

;; Got answer: 

;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 42228 

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 

  

;; OPT PSEUDOSECTION: 

; EDNS: version: 0, flags:; udp: 4096 

;; QUESTION SECTION: 

;www.acer.it.   IN  A 

  

;; ANSWER SECTION: 

www.acer.it.300 IN  CNAME   public-akamai.gtm.acer.com. 

  

;; AUTHORITY SECTION: 

gtm.acer.com.   60  IN  SOA gtm1.acer.com.
hostmaster.gtm1.acer.com. 482 10800 3600 604800 60 

  

;; Query time: 572 msec 

;; SERVER: 81.174.15.142#53(81.174.15.142) 

;; WHEN: Wed Oct 22 12:13:12 ora legale Europa occidentale 2014 

;; MSG SIZE  rcvd: 132 

-- 

  

  

-- 

\Server\Bind\bin\dig.exe @8.8.8.8 www.acer.it 

  

;  DiG 9.10.1  @8.8.8.8 www.acer.it 

; (1 server found) 

;; global options: +cmd 

;; Got answer: 

;; -HEADER- opcode: QUERY, status: NOERROR, id: 34510 

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 

  

;; OPT PSEUDOSECTION: 

; EDNS: version: 0, flags:; udp: 512 

;; QUESTION SECTION: 

;www.acer.it.   IN  A 

  

;; ANSWER SECTION: 

www.acer.it.281 IN  CNAME

R: Question about swupdl.adobe.com

2014-10-10 Thread IDS Sas - Support 
Thanks Carl,

with your fix it works:

--
Server\Bind\bin\dig.exe @81.174.15.142 swupdl.adobe.com

;  DiG 9.10.1  @81.174.15.142 swupdl.adobe.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 26321
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;swupdl.adobe.com.  IN  A

;; ANSWER SECTION:
swupdl.adobe.com.   10800   IN  CNAME   swupdl.wip4.adobe.com.
swupdl.wip4.adobe.com.  600 IN  CNAME
swupdl.adobe.com.edgesuite.net.
swupdl.adobe.com.edgesuite.net. 21600 IN CNAME  a1577.d.akamai.net.
a1577.d.akamai.net. 20  IN  A   88.149.196.147
a1577.d.akamai.net. 20  IN  A   88.149.196.144

;; AUTHORITY SECTION:
d.akamai.net.   4000IN  NS  n1d.akamai.net.
d.akamai.net.   4000IN  NS  n7d.akamai.net.
d.akamai.net.   4000IN  NS  n4d.akamai.net.
d.akamai.net.   4000IN  NS  n6d.akamai.net.
d.akamai.net.   4000IN  NS  n0d.akamai.net.
d.akamai.net.   4000IN  NS  n3d.akamai.net.
d.akamai.net.   4000IN  NS  n2d.akamai.net.
d.akamai.net.   4000IN  NS  n5d.akamai.net.

;; ADDITIONAL SECTION:
n0d.akamai.net. 4000IN  A   88.221.81.194
n1d.akamai.net. 6000IN  A   88.149.196.142
n2d.akamai.net. 8000IN  A   88.221.212.76
n3d.akamai.net. 4000IN  A   213.254.249.61
n4d.akamai.net. 6000IN  A   88.149.196.143
n5d.akamai.net. 8000IN  A   88.221.212.77
n6d.akamai.net. 4000IN  A   88.149.196.141
n7d.akamai.net. 6000IN  A   88.221.212.84

;; Query time: 2370 msec
;; SERVER: 81.174.15.142#53(81.174.15.142)
;; WHEN: Fri Oct 10 10:23:48 ora legale Europa occidentale 2014
;; MSG SIZE  rcvd: 448
--

Thank you very much

Best regards

Michele


-Messaggio originale-
Da: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] Per conto di Carl Byington
Inviato: venerdì 10 ottobre 2014 0.54
A: bind-users@lists.isc.org
Oggetto: Re: Question about swupdl.adobe.com

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 2014-10-09 at 13:24 +0200, IDS Submit wrote:
 I have BIND 9.10.1 x86 and I have error on query swupdl.adobe.com

See the archives around July 3rd for previous issues with adobe.

You might add this to /etc/named.conf


// adobe servers that don't understand edns options
server 192.150.16.247   { request-sit no; };
server 192.150.19.247   { request-sit no; };
server 193.104.215.247  { request-sit no; };
// eia.gov servers that don't understand edns options
server 205.254.135.9{ request-sit no; };
server 199.36.140.199   { request-sit no; };


The following two queries demonstrate that.

dig ardownload.wip4.adobe.com @da1gtm001.adobe.com +nsid
dig ardownload.wip4.adobe.com @da1gtm001.adobe.com


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAlQ3EfQACgkQL6j7milTFsHTUgCfSSkvXuoJTWwzOighxBBtCmaR
AXkAnjjqaDiPL+1EpPssUb/ZNbGidgWz
=Z/tE
-END PGP SIGNATURE-


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users