[dns-operations] Issue with cisco.com resolution
Shreyas Zare
shreyas at technitium.com
Wed Jan 15 11:31:40 UTC 2020
Hi List,
Is there anyone on the list from Cisco managing cisco.com?
I have observed a reproducible issue that is as follows:
- I have a small DNS server running which does recursive resolution over
local private network and also hosts some live zones for testing and
experiments.
- When I visit cisco.com, my DNS server does the recursive resolution and
things work as expected i.e. the website loads, except that 3 IP addresses
from Cisco start querying back to my DNS server indefinitely. It continues
for hours and I have seen it from logs that it was doing so for 18 hrs. It
stops when the DNS server stops responding which I found out by taking the
DNS server "offline" by removing inbound port forwarding rules on router
for few minutes.
- The 3 Cisco IP addresses that keep querying indefinitely are:
- 173.37.149.230 [alln01-ucs-dcz03n-cnt-gslb3-snip.cisco.com]
- 72.163.5.22 [rcdn9-ucs-dcz05n-cnt-gslb3-snip.cisco.com]
- 64.101.37.86
- All the queries from these 3 IP addresses are same:
QNAME: .
QTYPE: A
CLASS: IN
- The DNS server returns response with RCODE: Refused
- The overall query rate for all these IP addresses combined is exactly 23
queries per minute.
I have successfully reproduced this issue twice by visiting cisco.com which
triggers it immediately. I believe there is something really wrong that
needs fixing.
Regards,
*Shreyas Zare*
Technitium <https://technitium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200115/c9705115/attachment.html>
More information about the dns-operations
mailing list