1. Akamai/ENT

について、ここに記述してください。

Contents

  1. Akamai/ENT

[dns-operations] Akamai now works with ENT (Empty Non-Terminals)?

経緯、関連の整理 https://lists.dns-oarc.net/pipermail/dns-operations/2019-April/018639.html

AkamaiのJoh Reedによる説明 https://lists.dns-oarc.net/pipermail/dns-operations/2019-April/018640.html

[dns-operations] Akamai now works with ENT (Empty Non-Terminals)? Jon Reed jreed at akamai.com Sun Apr 14 13:59:33 UTC 2019

The problem was specifically around the interaction between wildcards and ENTs. Correctly answering ENTs wasn't the hard part, the hard part was ensuring that we didn't break existing customer wildcard behavior (which because of a lack of ENTs, was not compliant with RFC 4592).


But my larger point was that explaining the concept of wildcards, closest enclosers, and empty-non-terminals to our customers was a NIGHTMARE.

Customers choose cloud providers specifically so they _don't_ have to be DNS experts, and it's a non-starter to have a conversation along the lines of "Well yes, I know your zone works fine on $OTHER_PROVIDER, but you see there are actually hundreds of invisible records in your zone which are interfering with your wildcard matching."

-Jon

まだ修正されていない。-- ToshinoriMaeno 2019-06-07 09:38:26

$ dig a95-100-176-188.deploy.akamaitechnologies.com @p5.akamaistream.net.

%dig a95-100-176-188.deploy.akamaitechnologies.com
; <<>> DiG 9.14.0 <<>> a95-100-176-188.deploy.akamaitechnologies.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63443
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;a95-100-176-188.deploy.akamaitechnologies.com. IN A

;; ANSWER SECTION:
a95-100-176-188.deploy.akamaitechnologies.com. 1800 IN A 95.100.176.188

;; Query time: 291 msec
;; SERVER: 127.0.0.3#53(127.0.0.3)
;; WHEN: 金  6月 07 18:35:18 JST 2019
;; MSG SIZE  rcvd: 90

$ dig deploy.akamaitechnologies.com @p5.akamaistream.net.
; <<>> DiG 9.14.0 <<>> deploy.akamaitechnologies.com @p5.akamaistream.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34688
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;deploy.akamaitechnologies.com. IN      A

;; AUTHORITY SECTION:
akamaitechnologies.com. 180     IN      SOA     internal.akamaistream.net. hostmaster.akamai.com. 1559044082 90000 90000 90000 180

;; Query time: 5 msec
;; SERVER: 193.108.88.66#53(193.108.88.66)
;; WHEN: 金  6月 07 18:40:31 JST 2019
;; MSG SIZE  rcvd: 137

MoinQ: DNS/ENT/Akamai (last edited 2021-10-31 05:31:13 by ToshinoriMaeno)