R: Again question about edns (like swupdl.adobe.com)
Hello all.
Maybe I didn't understand the problem but in my installation of BIND 9.10
WINDOWS I can't replicate the error:
C:\dig swupdl.adobe.com @10.39.128.11
; DiG 9.10-P1 swupdl.adobe.com @10.39.128.11
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 43143
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;swupdl.adobe.com. IN A
;; ANSWER SECTION:
swupdl.adobe.com. 10761 IN CNAME swupdl.wip4.adobe.com.
swupdl.wip4.adobe.com. 561 IN CNAME swupdl.adobe.com.edgesuite.net.
swupdl.adobe.com.edgesuite.net. 21561 IN CNAME a1577.d.akamai.net.
a1577.d.akamai.net. 20 IN A 95.101.34.43
a1577.d.akamai.net. 20 IN A 95.101.34.51
-
C:\dig www.acer.it @10.39.128.11
; DiG 9.10-P1 www.acer.it @10.39.128.11
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 49188
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.acer.it. IN A
;; ANSWER SECTION:
www.acer.it.275 IN CNAME public-akamai.gtm.acer.com.
public-akamai.gtm.acer.com. 6 IN CNAME www.acer.com.edgesuite.net.
www.acer.com.edgesuite.net. 21576 INCNAME a492.b.akamai.net.
a492.b.akamai.net. 20 IN A 2.228.46.113
a492.b.akamai.net. 20 IN A 2.228.46.122
Regards.
Stefano Chiesa
Da: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org]
Per conto di IDS Submit
Inviato: mercoledì 22 ottobre 2014 12:30
A: bind-us...@isc.org
Oggetto: Again question about edns (like swupdl.adobe.com)
Good morning,
with www.acer.it I have the same problem as swupdl.adobe.com
NXDOMAIN with bind 9.10 but NOERROR with Google DNS
I have read the Mark Andrews reply on july 4 2014:
--
It looks like nameserver vendors are not doing even rudimentry checks like
those above. DiG has thos options so that we could perform checks like these.
Until Adobe fix their broken servers you can use a server clause to disable
sending SIT requests to them. Obviously this does not scale.
server address { request-sit no; };
Mark
--
But this doesn't solve the problem on others domains ...
... should be possible enable request-sit no for all domains and not manually
add it?
Because I think there are lot of domains with this problem L
--
\Server\Bind\bin\dig.exe @81.174.15.142 www.acer.it
; DiG 9.10.1 @81.174.15.142 www.acer.it
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 42228
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.acer.it. IN A
;; ANSWER SECTION:
www.acer.it.300 IN CNAME public-akamai.gtm.acer.com.
;; AUTHORITY SECTION:
gtm.acer.com. 60 IN SOA gtm1.acer.com.
hostmaster.gtm1.acer.com. 482 10800 3600 604800 60
;; Query time: 572 msec
;; SERVER: 81.174.15.142#53(81.174.15.142)
;; WHEN: Wed Oct 22 12:13:12 ora legale Europa occidentale 2014
;; MSG SIZE rcvd: 132
--
--
\Server\Bind\bin\dig.exe @8.8.8.8 www.acer.it
; DiG 9.10.1 @8.8.8.8 www.acer.it
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 34510
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.acer.it. IN A
;; ANSWER SECTION:
www.acer.it.281 IN CNAME public-akamai.gtm.acer.com.
public-akamai.gtm.acer.com. 11 IN CNAME www.acer.com.edgesuite.net.
www.acer.com.edgesuite.net. 12306 INCNAME a492.b.akamai.net.
a492.b.akamai.net. 19 IN A 88.149.196.137
a492.b.akamai.net. 19 IN A 88.149.196.145
;; Query time: 60 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Oct 22 12:14:02 ora legale Europa occidentale 2014
;; MSG SIZE rcvd: 180
--
Thanks in
R: Again question about edns (like swupdl.adobe.com)
Good morning,
I have those Bind versions installed:
BIND 9.10.1-x86 in a Windows Server 32 bit
BIND 9.10.1-x64 in a Windows Server 64 bit
Both versions have the SIT (Source Identity Token) EDNS option enabled by
default.
You have DiG 9.10-P1 (May 8 2014) and my problems start with 9.10.0-P2 (June
6 2014)
Regards
Staff IDS
Da: Chiesa Stefano [mailto:stefano.chi...@wki.it]
Inviato: mercoledì 22 ottobre 2014 14.44
A: IDS Submit; bind-us...@isc.org
Oggetto: R: Again question about edns (like swupdl.adobe.com)
Hello all.
Maybe I didnt understand the problem but in my installation of BIND 9.10
WINDOWS I cant replicate the error:
C:\dig swupdl.adobe.com @10.39.128.11
; DiG 9.10-P1 swupdl.adobe.com @10.39.128.11
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 43143
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;swupdl.adobe.com. IN A
;; ANSWER SECTION:
swupdl.adobe.com. 10761 IN CNAME swupdl.wip4.adobe.com.
swupdl.wip4.adobe.com. 561 IN CNAME
swupdl.adobe.com.edgesuite.net.
swupdl.adobe.com.edgesuite.net. 21561 IN CNAME a1577.d.akamai.net.
a1577.d.akamai.net. 20 IN A 95.101.34.43
a1577.d.akamai.net. 20 IN A 95.101.34.51
-
C:\dig www.acer.it @10.39.128.11
; DiG 9.10-P1 www.acer.it @10.39.128.11
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 49188
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.acer.it. IN A
;; ANSWER SECTION:
www.acer.it.275 IN CNAME public-akamai.gtm.acer.com.
public-akamai.gtm.acer.com. 6 IN CNAME www.acer.com.edgesuite.net.
www.acer.com.edgesuite.net. 21576 INCNAME a492.b.akamai.net.
a492.b.akamai.net. 20 IN A 2.228.46.113
a492.b.akamai.net. 20 IN A 2.228.46.122
Regards.
Stefano Chiesa
Da: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] Per conto di IDS Submit
Inviato: mercoledì 22 ottobre 2014 12:30
A: bind-us...@isc.org
Oggetto: Again question about edns (like swupdl.adobe.com)
Good morning,
with www.acer.it I have the same problem as swupdl.adobe.com
NXDOMAIN with bind 9.10 but NOERROR with Google DNS
I have read the Mark Andrews reply on july 4 2014:
--
It looks like nameserver vendors are not doing even rudimentry checks like
those above. DiG has thos options so that we could perform checks like
these.
Until Adobe fix their broken servers you can use a server clause to disable
sending SIT requests to them. Obviously this does not scale.
server address { request-sit no; };
Mark
--
But this doesnt solve the problem on others domains
should be possible enable request-sit no for all domains and not
manually add it?
Because I think there are lot of domains with this problem L
--
\Server\Bind\bin\dig.exe @81.174.15.142 www.acer.it
; DiG 9.10.1 @81.174.15.142 www.acer.it
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 42228
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.acer.it. IN A
;; ANSWER SECTION:
www.acer.it.300 IN CNAME public-akamai.gtm.acer.com.
;; AUTHORITY SECTION:
gtm.acer.com. 60 IN SOA gtm1.acer.com.
hostmaster.gtm1.acer.com. 482 10800 3600 604800 60
;; Query time: 572 msec
;; SERVER: 81.174.15.142#53(81.174.15.142)
;; WHEN: Wed Oct 22 12:13:12 ora legale Europa occidentale 2014
;; MSG SIZE rcvd: 132
--
--
\Server\Bind\bin\dig.exe @8.8.8.8 www.acer.it
; DiG 9.10.1 @8.8.8.8 www.acer.it
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 34510
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.acer.it. IN A
;; ANSWER SECTION:
www.acer.it.281 IN CNAME public
