Maintained by: NLnet Labs

[Unbound-users] problems resolving akamai hosted domains with unbound?

Blacka, David
Mon Jun 9 02:22:41 CEST 2008


On Jun 8, 2008, at 4:03 PM, Peter Koch wrote:

> Out of curiosity, the other
> system mentioned in the packet trace gives unusual responses, as well:
>
> dig +norec @81.52.250.132 images-na.ssl-images-amazon.com.edgekey.net.
>
> will give you random samples of eight out of thirteen root NS RRs in  
> the
> authority section.  Nothing to worry about too much, but another
> indication that this whole setup is "special".

Er, Peter, those responses are normal.  It is just the server chasing  
the CNAME and returning the closest set of NS records, which just  
happen to be the root hints.  This behavior is a direct consequence of  
following the authoritative server algorithm in RFC 1034.

--
David Blacka                          <davidb at verisign.com>
Sr. Engineer                   Platform Product Development