Maintained by: NLnet Labs

[Unbound-users] unbound and newegg.com

Robert Edmonds
Wed Jun 25 00:34:18 CEST 2008


newegg.com's NS is hosted by ultradns:

    $ unbound-host -t ns newegg.com
    newegg.com has NS record dns1.magnellmail.net.
    newegg.com has NS record pdns6.ultradns.co.uk.
    newegg.com has NS record pdns5.ultradns.info.
    newegg.com has NS record pdns4.ultradns.org.
    newegg.com has NS record pdns3.ultradns.org.
    newegg.com has NS record pdns2.ultradns.net.
    newegg.com has NS record pdns1.ultradns.net.
    $

but interestingly ultradns delegates www.newegg.com and
secure.newegg.com to other servers.

    ;; QUESTION SECTION:
    ;secure.newegg.com.             IN      A

    ;; AUTHORITY SECTION:
    secure.newegg.com.      30000   IN      NS      ns14b.newegg.com.
    secure.newegg.com.      30000   IN      NS      ns13b.newegg.com.

    ;; ADDITIONAL SECTION:
    ns14b.newegg.com.       30000   IN      A       204.14.213.149
    ns13b.newegg.com.       30000   IN      A       216.52.208.149

these servers will answer authoritatively for the A records www and
secure, but provide root referrals when asked about the AAAA records.

    $ dnsq aaaa www.newegg.com ns14b.newegg.com
    28 www.newegg.com:
    512 bytes, 1+0+13+4 records, response, noerror
    query: 28 www.newegg.com
    authority: . 3600000 NS a.root-servers.net
    authority: . 3600000 NS b.root-servers.net
    authority: . 3600000 NS c.root-servers.net
    authority: . 3600000 NS d.root-servers.net
    authority: . 3600000 NS e.root-servers.net
    authority: . 3600000 NS f.root-servers.net
    authority: . 3600000 NS g.root-servers.net
    authority: . 3600000 NS h.root-servers.net
    authority: . 3600000 NS i.root-servers.net
    authority: . 3600000 NS j.root-servers.net
    authority: . 3600000 NS k.root-servers.net
    authority: . 3600000 NS l.root-servers.net
    authority: . 3600000 NS m.root-servers.net
    additional: a.root-servers.net 3600000 A 198.41.0.4
    additional: b.root-servers.net 3600000 A 128.9.0.107
    additional: c.root-servers.net 3600000 A 192.33.4.12
    additional: d.root-servers.net 3600000 A 128.8.10.90
    $ dnsq a www.newegg.com ns14b.newegg.com 
    1 www.newegg.com:
    48 bytes, 1+1+0+0 records, response, authoritative, noerror
    query: 1 www.newegg.com
    answer: www.newegg.com 120 A 204.14.213.185
    $

unbound, when asked about the AAAA then the A record, as a typical
resolver(3) client will do, responds with SERVFAILs, as it seems the
referral from the failed AAAA query somehow poisons unbound (see
attached newegg-fail.log).  when asked for only the A record, unbound
doesn't receive any bad data and returns the record (see attached
newegg-success.log).

bind and dnscache handle this lameness, so include the usual
new-kid-on-the-block / abuse-of-the-robustness-principle arguments.

-- 
Robert Edmonds
edmonds at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: newegg-fail.log.gz
Type: application/octet-stream
Size: 12522 bytes
Desc: not available
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20080624/10a27c0e/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: newegg-success.log.gz
Type: application/octet-stream
Size: 12906 bytes
Desc: not available
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20080624/10a27c0e/attachment-0001.obj>