1. DNS/返答/NXDOMAIN/akamai

Akamai/ENT で経緯を紹介している。-- ToshinoriMaeno 2019-06-07 09:33:52

akamaiサーバーの返すNXDOMAINはNoDataかもしれないという話

-- ToshinoriMaeno 2017-05-30 07:01:14 今もなおせないらしい。

They can't fix this brokenness right away because customers rely on it.
See Dave's comment at @dnsoarc in Madrid:

https://twitter.com/vavrusam/status/869444953264365568

I've seen it, made me remember.
Yr ago it was "we're rolling the fix". 
I didn't get how NODATA/NXDOMAIN affects wildcard greediness though.

whois/akamaistream.net

%dig -t ns akamaitechnologies.com @a.gtld-servers.net ~

; <<>> DiG 9.9.0 <<>> -t ns akamaitechnologies.com @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31123
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 11, ADDITIONAL: 12
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;akamaitechnologies.com.                IN      NS

;; AUTHORITY SECTION:
akamaitechnologies.com. 172800  IN      NS      p5.akamaistream.net.
akamaitechnologies.com. 172800  IN      NS      p7.akamaistream.net.
akamaitechnologies.com. 172800  IN      NS      p8.akamaistream.net.
akamaitechnologies.com. 172800  IN      NS      p6.akamaistream.net.
akamaitechnologies.com. 172800  IN      NS      ax0.akamaistream.net.
akamaitechnologies.com. 172800  IN      NS      ax1.akamaistream.net.
akamaitechnologies.com. 172800  IN      NS      ax2.akamaistream.net.
akamaitechnologies.com. 172800  IN      NS      ax3.akamaistream.net.
akamaitechnologies.com. 172800  IN      NS      ns2-32.akamaistream.net.
akamaitechnologies.com. 172800  IN      NS      ns3-32.akamaistream.net.
akamaitechnologies.com. 172800  IN      NS      ns6-32.akamaistream.net.

;; ADDITIONAL SECTION:
p5.akamaistream.net.    172800  IN      A       193.108.88.66
p7.akamaistream.net.    172800  IN      A       95.101.36.32
p8.akamaistream.net.    172800  IN      A       23.74.25.32
p6.akamaistream.net.    172800  IN      A       95.100.175.32
ax0.akamaistream.net.   172800  IN      A       72.246.46.32
ax1.akamaistream.net.   172800  IN      A       184.26.161.32
ax2.akamaistream.net.   172800  IN      A       95.100.174.35
ax3.akamaistream.net.   172800  IN      A       96.7.49.32
ns2-32.akamaistream.net. 172800 IN      A       2.22.230.32
ns3-32.akamaistream.net. 172800 IN      A       23.61.199.32
ns6-32.akamaistream.net. 172800 IN      A       95.100.168.32

;; Query time: 188 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Sun Mar 20 07:30:09 2016
;; MSG SIZE  rcvd: 446

%dig -t ns akamaitechnologies.com @193.108.88.66 ~

; <<>> DiG 9.9.0 <<>> -t ns akamaitechnologies.com @193.108.88.66
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48503
;; flags: qr aa rd; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 12
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;akamaitechnologies.com.                IN      NS

;; ANSWER SECTION:
akamaitechnologies.com. 21600   IN      NS      ns6-32.akamaistream.net.
akamaitechnologies.com. 21600   IN      NS      ns3-32.akamaistream.net.
akamaitechnologies.com. 21600   IN      NS      ns2-32.akamaistream.net.
akamaitechnologies.com. 21600   IN      NS      ax0.akamaistream.net.
akamaitechnologies.com. 21600   IN      NS      ax1.akamaistream.net.
akamaitechnologies.com. 21600   IN      NS      ax2.akamaistream.net.
akamaitechnologies.com. 21600   IN      NS      ax3.akamaistream.net.
akamaitechnologies.com. 21600   IN      NS      p5.akamaistream.net.
akamaitechnologies.com. 21600   IN      NS      p6.akamaistream.net.
akamaitechnologies.com. 21600   IN      NS      p7.akamaistream.net.
akamaitechnologies.com. 21600   IN      NS      p8.akamaistream.net.

;; ADDITIONAL SECTION:
ns6-32.akamaistream.net. 90000  IN      A       95.100.168.32
ns3-32.akamaistream.net. 90000  IN      A       23.61.199.32
ns2-32.akamaistream.net. 90000  IN      A       2.22.230.32
ax0.akamaistream.net.   90000   IN      A       72.246.46.32
ax1.akamaistream.net.   90000   IN      A       184.26.161.32
ax2.akamaistream.net.   90000   IN      A       95.100.174.35
ax3.akamaistream.net.   90000   IN      A       96.7.49.32
p5.akamaistream.net.    90000   IN      A       193.108.88.66
p6.akamaistream.net.    90000   IN      A       95.100.175.32
p7.akamaistream.net.    90000   IN      A       95.101.36.32
p8.akamaistream.net.    90000   IN      A       23.74.25.32

;; Query time: 6 msec
;; SERVER: 193.108.88.66#53(193.108.88.66)
;; WHEN: Sun Mar 20 07:32:15 2016
;; MSG SIZE  rcvd: 446

余計なAレコード群!

1.1. NXDOMAIN 返答だが

こういう例もある。zoneサーバが返す返事を精査しなくては。

%dig -t any deploy.akamaitechnologies.com ~

; <<>> DiG 9.9.0 <<>> -t any deploy.akamaitechnologies.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25410
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;deploy.akamaitechnologies.com. IN      ANY

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 20 07:25:42 2016
;; MSG SIZE  rcvd: 47

%dig a95-100-176-188.deploy.akamaitechnologies.com ~

; <<>> DiG 9.9.0 <<>> a95-100-176-188.deploy.akamaitechnologies.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35811
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;a95-100-176-188.deploy.akamaitechnologies.com. IN A

;; ANSWER SECTION:
a95-100-176-188.deploy.akamaitechnologies.com. 1782 IN A 95.100.176.188

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 20 07:25:47 2016
;; MSG SIZE  rcvd: 79

MoinQ: DNS/返答/NXDOMAIN/akamai (last edited 2021-09-23 14:21:30 by ToshinoriMaeno)