[dns-operations] does anybody know why yahoo+akamai are doing this?

David Blacka davidb at verisignlabs.com
Mon Mar 20 19:37:45 UTC 2006


On Mar 20, 2006, at 12:11 PM, Mark Andrews wrote:

>
>>
>> On Mar 20, 2006, at 9:23 AM, Mark Andrews wrote:
>>
>>>
>>>>> Ah Akamai!  I am much behind Paul on depth of understanding,  
>>>>> albeit,
>>>>> I will pro-offer the following, mostly clueless, attempt at an
>>>>> explanation.
>>>>
>>>> I'm in the same boat r.e. depth of understanding, but doesn't that
>>>> seem awfully redundant?  The nameserver doing the lookup should  
>>>> go to
>>>> the roots anyway, assuming it hasn't already cached referrals
>>>> for .net or akamai.net.
>>>>
>>>> Matt
>>>
>>> 	This all falls out of RFC 1034.  They are returning the
>>> 	*best* referral they can on the second (or later) pass
>>> 	through RFC1034 Section 4.3.2.
>>
>> Er, what?  If this was a non-authoritative response, it would not be
>> terribly unusual -- the resolver would just be returning the closest
>> NS RRset that it had.  However, the aa bit is set, so I am puzzled as
>> to how it could not have a better NS set.  Namely, the one for
>> yahoo.com.  Fingerprinting ns5.yahoo.com returns:
>>    fingerprint (ns5.yahoo.com, 216.109.116.17): BIND 8.3.0-RC1 --  
>> 8.4.4
>
> 	AA says that the *first* answer (CNAME) is authoritative.  Any
> 	other records in the answer section may not be authoritative.

Yes, I know that.  What puzzled me was that it had www.yahoo.com  
CNAME as authoritative data, yet not yahoo.com NS.

I'm guessing that there is some sort of semi-obvious scenario here,  
but I haven't been able to think of it, so I'm asking.

--
David Blacka    <davidb at verisignlabs.com>
Sr. Engineer    VeriSign Applied Research






More information about the dns-operations mailing list