[Unbound-users] problems resolving akamai hosted domains with unbound?

Blacka, David davidb at verisign.com
Mon Jun 9 00:22:41 UTC 2008

On Jun 8, 2008, at 4:03 PM, Peter Koch wrote:

> Out of curiosity, the other
> system mentioned in the packet trace gives unusual responses, as well:
> dig +norec @ images-na.ssl-images-amazon.com.edgekey.net.
> will give you random samples of eight out of thirteen root NS RRs in  
> the
> authority section.  Nothing to worry about too much, but another
> indication that this whole setup is "special".

Er, Peter, those responses are normal.  It is just the server chasing  
the CNAME and returning the closest set of NS records, which just  
happen to be the root hints.  This behavior is a direct consequence of  
following the authoritative server algorithm in RFC 1034.

David Blacka                          <davidb at verisign.com>
Sr. Engineer                   Platform Product Development

More information about the Unbound-users mailing list