[dns-operations] anybody from Double Click DNS reading this?

Mark Andrews Mark_Andrews at isc.org
Wed Feb 11 09:49:00 UTC 2009 

In message <20090211071250.GA18582 at outpost.ds9a.nl>, bert hubert writes:
> On Sun, Feb 08, 2009 at 05:30:15PM +0100, bert hubert wrote:
> > I've encountered relatively little problems blasting the net with EDNS-PING
> > queries, but I'd like to speak to someone from Double Click - some of their
> > servers return hard to interpret answers on receiving any query with an EDN
> S
> > Option in there.
> 
> (some more information on EDNS-PING is on http://edns-ping.org)
> 
> This turns out to be an issue in BIND 9.2.2. Compare:

	Looks like a load balancer in front of BIND 9.2.2 that was
	not configured to know about the A record at ad.3fr.doubleclick.net
	and the query fell through to it.  If you add +dnssec to the
	initial query you will get a udp size of 2048 returned.

	Mark
 
>   $ dig +norecurs ad.3fr.doubleclick.net  @209.62.177.21 
>   ; <<>> DiG 9.5.1-P1 <<>> +norecurs ad.3fr.doubleclick.net @209.62.177.21
>   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54497
>   ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>   
>   ;; QUESTION SECTION:
>   ;ad.3fr.doubleclick.net.		IN	A
>   
>   ;; ANSWER SECTION:
>   ad.3fr.doubleclick.net.	30	IN	A	209.62.179.57
> 
> to:
> 
>  $ dig +norecurs +nsid ad.3fr.doubleclick.net  @209.62.177.21 
> 
>   ; <<>> DiG 9.5.1-P1 <<>> +norecurs +nsid ad.3fr.doubleclick.net @209.62.177
> .21
>   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9228
>   ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> 
>   ;; OPT PSEUDOSECTION:
>   ; EDNS: version: 0, flags:; udp: 4096
>   ;; QUESTION SECTION:
>   ;ad.3fr.doubleclick.net.		IN	A
> 
>   ;; AUTHORITY SECTION:
>   3fr.doubleclick.net.	300	IN	SOA	localhost.3fr.doublecli
> ck.net. hostmaster.doubleclick.net. 2006091801 86400 10800 604800 300
> 
> No EDNS-PING involved here.
> 
> > So if you do DNS over at Double Click, or if you know someone who does,
> > please contact me.
> 
> I'll try a bit harder. So far, only BIND 9.2.2 deployments (and one or two
> strange load balancers) are causing problems for EDNS-PING. 
> 
> 	Bert
> 
> -- 
> http://www.PowerDNS.com      Open source, database driven DNS Software 
> http://netherlabs.nl              Open and Closed source services
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the dns-operations mailing list