www.cnn.com
Jeroen Massar
jeroen at unfix.org
Thu Apr 26 10:56:16 UTC 2007
Stefan Schmidt wrote:
> On Thu, Apr 26, 2007 at 10:06:32AM +0100, Randy Bush wrote:
>> roam.psg.com:/usr/home/randy> doc -p -w www.cnn.com.
>> Doc-2.2.3: doc -p -w www.cnn.com.
>> Doc-2.2.3: Starting test of www.cnn.com. parent is cnn.com.
>> Doc-2.2.3: Test date - Thu Apr 26 09:04:52 GMT 2007
>> DIGERR (NOT_AUTHORIZED): dig @dmtns01.turner.com. for SOA of www.cnn.com. failed
>> DIGERR (NOT_AUTHORIZED): dig @dmtns02.turner.com. for SOA of www.cnn.com. failed
>
> I think your debugging tool is faulty, as a dig ns cnn.com
[..]
> All of the above answer to me and have the same serial for cnn.com.
Randy is looking at www.cnn.com (note the www portion) and if you would
do a 'dig +trace www.cnn.com' you would see:
www.cnn.com. 3600 IN NS dmtns01.turner.com.
www.cnn.com. 3600 IN NS dmtns02.turner.com.
;; Received 112 bytes from 207.200.73.85#53(twdns-03.ns.aol.com) in 176 ms
www.cnn.com. 600 IN A 64.236.16.20
[..9 ip's..]
;; Received 157 bytes from 64.236.22.150#53(dmtns02.turner.com) in 100 ms
And dmtns0{1|2}.turner.com. don't have a SOA for www.cnn.com although
they are authoritive. They only respond to queries for "A". Fortunatily
they do respond for "AAAA" queries, 0 records result, but it doesn't
break. They do simply drop queries asking for SOA,MX,TXT and prolly others.
Aka just another peeped up "DNS loadbalancer" for which the implementers
didn't read the RFCs or where the configurators decided that they can
ignore other stuff for "anti-ddos" or other reasons.
Greets,
Jeroen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 311 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070426/cf8c4154/attachment.sig>
More information about the NANOG
mailing list