[Unbound-users] problems resolving akamai hosted domains with unbound?
Blacka, David
davidb at verisign.com
Mon Jun 9 00:22:41 UTC 2008
On Jun 8, 2008, at 4:03 PM, Peter Koch wrote:
> Out of curiosity, the other
> system mentioned in the packet trace gives unusual responses, as well:
>
> dig +norec @81.52.250.132 images-na.ssl-images-amazon.com.edgekey.net.
>
> will give you random samples of eight out of thirteen root NS RRs in
> the
> authority section. Nothing to worry about too much, but another
> indication that this whole setup is "special".
Er, Peter, those responses are normal. It is just the server chasing
the CNAME and returning the closest set of NS records, which just
happen to be the root hints. This behavior is a direct consequence of
following the authoritative server algorithm in RFC 1034.
--
David Blacka <davidb at verisign.com>
Sr. Engineer Platform Product Development
More information about the Unbound-users
mailing list