[dns-operations] console.aws.amazon.com - breakage & confusing output from DNSViz?
Matthew Richardson
matthew-l at itconsult.co.uk
Mon Feb 7 18:27:37 UTC 2022
Having tried to access AWS's console today (for the first time in a while),
an NXDOMAIN (using Knot Resolver) was returned for
eu-west-1.console.aws.amazon.com (to which AWS had redirected the browser).
Trying a lab of 4 validating caching resolvers, PowerDNS returned the
answer:-
>; <<>> DiG 9.11.29 <<>> @dt05 -p 534 eu-west-1.console.aws.amazon.com
>; (1 server found)
>;; global options: +cmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51057
>;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
>
>;; OPT PSEUDOSECTION:
>; EDNS: version: 0, flags:; udp: 512
>;; QUESTION SECTION:
>;eu-west-1.console.aws.amazon.com. IN A
>
>;; ANSWER SECTION:
>eu-west-1.console.aws.amazon.com. 60 IN CNAME gr.console-geo.eu-west-1.amazonaws.com.
>gr.console-geo.eu-west-1.amazonaws.com. 60 IN CNAME a1b62e4959fcbcf72.awsglobalaccelerator.com.
>a1b62e4959fcbcf72.awsglobalaccelerator.com. 300 IN A 75.2.73.50
>a1b62e4959fcbcf72.awsglobalaccelerator.com. 300 IN A 99.83.251.236
>
>;; Query time: 1166 msec
>;; SERVER: 193.201.42.59#534(193.201.42.59)
>;; WHEN: Mon Feb 07 17:24:27 GMT Standard Time 2022
>;; MSG SIZE rcvd: 195
but Bind & Unbound returned SERVFAIL and Knot Resolver returned NXDOMAIN.
https://dnsviz.net/d/console.aws.amazon.com/YgEn7g/dnssec/
suggests a DNSSEC issue showing some things being BOGUS. However (unless I
am missing something obvious), there is no DNSSEC involved!
Can anyone more knowledgeable shed any light on what might be going wrong
here? I wonder whether this is relevant:-
>; <<>> DiG 9.11.29 <<>> @ns-912.amazon.com +norec -t ns aws.amazon.com
>; (1 server found)
>;; global options: +cmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34133
>;; flags: qr; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;aws.amazon.com. IN NS
>
>;; ANSWER SECTION:
>aws.amazon.com. 600 IN NS ns-912.amazon.com.
>aws.amazon.com. 60 IN CNAME tp.8e49140c2-frontier.amazon.com.
>
>;; Query time: 156 msec
>;; SERVER: 52.9.146.37#53(52.9.146.37)
>;; WHEN: Mon Feb 07 14:17:31 GMT Standard Time 2022
>;; MSG SIZE rcvd: 89
but it is something of a stab in the dark.
Also, is there anyone from AWS around these parts who might have an
insight?
--
Best wishes,
Matthew
More information about the dns-operations
mailing list