On Jun 8, 2008, at 4:03 PM, Peter Koch wrote: > Out of curiosity, the other > system mentioned in the packet trace gives unusual responses, as well: > > dig +norec @81.52.250.132 images-na.ssl-images-amazon.com.edgekey.net. > > will give you random samples of eight out of thirteen root NS RRs in > the > authority section. Nothing to worry about too much, but another > indication that this whole setup is "special". Er, Peter, those responses are normal. It is just the server chasing the CNAME and returning the closest set of NS records, which just happen to be the root hints. This behavior is a direct consequence of following the authoritative server algorithm in RFC 1034. -- David Blacka <davidb at verisign.com> Sr. Engineer Platform Product Development