[dns-operations] does anybody know why yahoo+akamai are doing this?
RLVaughn
Randy_Vaughn at baylor.edu
Mon Mar 20 13:55:07 UTC 2006
Paul Vixie wrote:
> as i continue to puzzle about the query storms seen at the root name servers,
> the fact that all five of yahoo.com's nameservers respond to their most popular
> query with a meaningless and unnecessary root-referral, strikes me as notable.
>
> (and as someone who thinks he knows what assertions the dns protocol is capable
> of asserting, i do not know what could be intended or meant by this encoding.)
>
> ; <<>> DiG 9.4.0a3 <<>> www.yahoo.com a @ns5.yahoo.com
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46514
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0
> ;; WARNING: recusion requested but not available
>
> ;; QUESTION SECTION:
> ;www.yahoo.com. IN A
>
> ;; ANSWER SECTION:
> www.yahoo.com. 300 IN CNAME www.yahoo.akadns.net.
>
> ;; AUTHORITY SECTION:
> . 3600000 IN NS A.ROOT-SERVERS.net.
> . 3600000 IN NS B.ROOT-SERVERS.net.
> . 3600000 IN NS C.ROOT-SERVERS.net.
> . 3600000 IN NS D.ROOT-SERVERS.net.
> . 3600000 IN NS E.ROOT-SERVERS.net.
> . 3600000 IN NS F.ROOT-SERVERS.net.
> . 3600000 IN NS G.ROOT-SERVERS.net.
> . 3600000 IN NS H.ROOT-SERVERS.net.
> . 3600000 IN NS I.ROOT-SERVERS.net.
> . 3600000 IN NS J.ROOT-SERVERS.net.
> . 3600000 IN NS K.ROOT-SERVERS.net.
> . 3600000 IN NS L.ROOT-SERVERS.net.
> . 3600000 IN NS M.ROOT-SERVERS.net.
>
> ;; Query time: 84 msec
> ;; SERVER: 216.109.116.17#53(216.109.116.17)
> ;; WHEN: Sun Mar 19 07:53:28 2006
> ;; MSG SIZE rcvd: 273
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
Ah Akamai! I am much behind Paul on depth of understanding, albeit,
I will pro-offer the following, mostly clueless, attempt at an
explanation.
It is all about akamafication. nsX.yahoo.com offers up a
CNAME for www.yahoo.com but has not a clue where
www.yahoo.akadns.net is located. After all, it is an akamai
name and is akamalocified to the requesting IP. Hence
nsX.yahoo.com tossed out the root referrals. These
in turn send the resolver to
one of akamai.net's dnsservers (use1.akamai.net, asia9.akamai.net,
etc) using some akamagic assignment.
As further evidence I humbly offer barnesandnoble:
; <<>> DiG 9.3.1 <<>> images.barnesandnoble.com @ns2.barnesandnoble.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11433
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0
;; QUESTION SECTION:
;images.barnesandnoble.com. IN A
;; ANSWER SECTION:
images.barnesandnoble.com. 3600 IN CNAME images.barnesandnoble.com.edgesu
ite.net.
;; AUTHORITY SECTION:
. 3600000 IN NS F.ROOT-SERVERS.net.
. 3600000 IN NS G.ROOT-SERVERS.net.
. 3600000 IN NS H.ROOT-SERVERS.net.
. 3600000 IN NS I.ROOT-SERVERS.net.
. 3600000 IN NS J.ROOT-SERVERS.net.
. 3600000 IN NS K.ROOT-SERVERS.net.
. 3600000 IN NS L.ROOT-SERVERS.net.
. 3600000 IN NS M.ROOT-SERVERS.net.
. 3600000 IN NS A.ROOT-SERVERS.net.
. 3600000 IN NS B.ROOT-SERVERS.net.
. 3600000 IN NS C.ROOT-SERVERS.net.
. 3600000 IN NS D.ROOT-SERVERS.net.
. 3600000 IN NS E.ROOT-SERVERS.net.
;; Query time: 62 msec
;; SERVER: 208.237.178.77#53(208.237.178.77)
;; WHEN: Mon Mar 20 07:48:05 2006
;; MSG SIZE rcvd: 304
movies.aol.com:
; <<>> DiG 9.3.1 <<>> movies.aol.com @dns-02.ns.aol.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20729
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 0
;; QUESTION SECTION:
;movies.aol.com. IN A
;; ANSWER SECTION:
movies.aol.com. 3600 IN CNAME aolchannels.aol.com.
aolchannels.aol.com. 300 IN CNAME
aolchannels.aol.com.websys.akadns.net.
;; AUTHORITY SECTION:
. 99999999 IN NS G.ROOT-SERVERS.net.
. 99999999 IN NS H.ROOT-SERVERS.net.
. 99999999 IN NS I.ROOT-SERVERS.net.
. 99999999 IN NS J.ROOT-SERVERS.net.
. 99999999 IN NS K.ROOT-SERVERS.net.
. 99999999 IN NS L.ROOT-SERVERS.net.
. 99999999 IN NS M.ROOT-SERVERS.net.
. 99999999 IN NS A.ROOT-SERVERS.net.
. 99999999 IN NS B.ROOT-SERVERS.net.
. 99999999 IN NS C.ROOT-SERVERS.net.
. 99999999 IN NS D.ROOT-SERVERS.net.
. 99999999 IN NS E.ROOT-SERVERS.net.
. 99999999 IN NS F.ROOT-SERVERS.net.
;; Query time: 46 msec
;; SERVER: 205.188.157.232#53(205.188.157.232)
;; WHEN: Mon Mar 20 07:50:13 2006
;; MSG SIZE rcvd: 317
and what evidence would be complete without the FBI?
; <<>> DiG 9.3.1 <<>> www.fbi.gov @ns5.vericenter.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38687
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0
;; QUESTION SECTION:
;www.fbi.gov. IN A
;; ANSWER SECTION:
www.fbi.gov. 300 IN CNAME fbi.edgesuite.net.
;; AUTHORITY SECTION:
. 518400 IN NS G.ROOT-SERVERS.net.
. 518400 IN NS H.ROOT-SERVERS.net.
. 518400 IN NS I.ROOT-SERVERS.net.
. 518400 IN NS J.ROOT-SERVERS.net.
. 518400 IN NS K.ROOT-SERVERS.net.
. 518400 IN NS L.ROOT-SERVERS.net.
. 518400 IN NS M.ROOT-SERVERS.net.
. 518400 IN NS A.ROOT-SERVERS.net.
. 518400 IN NS B.ROOT-SERVERS.net.
. 518400 IN NS C.ROOT-SERVERS.net.
. 518400 IN NS D.ROOT-SERVERS.net.
. 518400 IN NS E.ROOT-SERVERS.net.
. 518400 IN NS F.ROOT-SERVERS.net.
;; Query time: 14 msec
;; SERVER: 65.163.244.251#53(65.163.244.251)
;; WHEN: Mon Mar 20 07:52:36 2006
;; MSG SIZE rcvd: 268
AFAICT all edgesuite-ized (aka akamai-ized) and akamai-ized domains act in much
the same manner.
Randy
More information about the dns-operations
mailing list