1. watchNS/msidentity.com

このゾーンの設定がデタラメ -- ToshinoriMaeno 2021-10-06 02:58:32

1.1. whois

   Domain Name: MSIDENTITY.COM
   Registry Domain ID: 2014447737_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.markmonitor.com
   Registrar URL: http://www.markmonitor.com
   Updated Date: 2021-02-17T10:30:28Z
   Creation Date: 2016-03-21T19:14:15Z
   Registry Expiry Date: 2022-03-21T19:14:15Z
   Registrar: MarkMonitor Inc.
   Registrar IANA ID: 292
   Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
   Registrar Abuse Contact Phone: +1.2083895740
   Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Name Server: EUR2.AKAM.NET
   Name Server: NS1-01.AZURE-DNS.COM
   Name Server: NS1-169.AKAM.NET
   Name Server: NS2-01.AZURE-DNS.NET
   Name Server: NS3-01.AZURE-DNS.ORG
   Name Server: NS4-01.AZURE-DNS.INFO
   Name Server: USE2.AKAM.NET
   Name Server: USW1.AKAM.NET
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2021-09-18T07:14:19Z <<<

;; ANSWER SECTION:
login.msa.msidentity.com. 300   IN      CNAME   www.tm.lg.prod.aadmsa.akadns.net

1.2. history

$ dig login.msa.msidentity.com @NS1-01.AZURE-DNS.COM

msa.msidentity.com.     3600    IN      NS      ns1-06.azure-dns.com.
msa.msidentity.com.     3600    IN      NS      ns2-06.azure-dns.net.
msa.msidentity.com.     3600    IN      NS      ns3-06.azure-dns.org.
msa.msidentity.com.     3600    IN      NS      ns4-06.azure-dns.info.
msa.msidentity.com.     3600    IN      NS      eur2.akam.net.
msa.msidentity.com.     3600    IN      NS      use2.akam.net.
msa.msidentity.com.     3600    IN      NS      usw1.akam.net.
msa.msidentity.com.     3600    IN      NS      ns1-169.akam.net.

eur2.akam.net などは msidentity.com とその子のNSを兼ねている。-- ToshinoriMaeno 2021-09-18 07:25:12

azure NS は親子は分離されている。

問題は msa.msidentity.com の SOAが不一致だということ。

$ dig login.msa.msidentity.com @EUR2.AKAM.NET

; <<>> DiG 9.11.3-1ubuntu1.14-Ubuntu <<>> login.msa.msidentity.com @EUR2.AKAM.NET
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39939
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;login.msa.msidentity.com.      IN      A

;; ANSWER SECTION:
login.msa.msidentity.com. 300   IN      CNAME   www.tm.lg.prod.aadmsa.akadns.net.

;; Query time: 209 msec
;; SERVER: 95.100.173.64#53(95.100.173.64)
;; WHEN: Sat Sep 18 16:18:12 JST 2021
;; MSG SIZE  rcvd: 99

1.3. azure-dns

trafficmanager.net を指す。

$ dig login.msa.msidentity.com @ns1-06.azure-dns.com

login.msa.msidentity.com. 300   IN      CNAME   www.tm.lg.prod.aadmsa.trafficmanager.net.


CategoryDns CategoryWatch CategoryTemplate

MoinQ: watchNS/azure/msidentity.com (last edited 2022-04-07 02:06:47 by ToshinoriMaeno)