issue with gas.mcd.com

Unbound unbound at tacomawireless.net
Thu Jan 14 18:04:47 UTC 2021 

On 2021-01-14 07:01, A. Schulze via Unbound-users wrote:
> Hello,
> 
> a customer informed me about trouble with https://account.mcd.com
> I found, the resolver had problems to get an IP for the related name 
> "gas.mcd.com"
> 
> mcd.com return a CNAME gas.gslb.mcd.com:
> 
> $ kdig @pdns1.cscdns.net. gas.mcd.com. +norec +noall +answer
> 
> ;; ANSWER SECTION:
> gas.mcd.com.            180     IN      CNAME   gas.gslb.mcd.com.
> 
> 
> gslb.mcd.com seem to be a subdomain.
> 
> $ kdig @pdns1.cscdns.net. gslb.mcd.com. NS +norec +noall +add
> 
> ;; ADDITIONAL SECTION:
> ELB-APSE-PROD-GSLB-01-PIPDNS.gslb.mcd.com. 900  IN      A       
> 13.67.105.153
> ELB-EUWE-PROD-GSLB-01-PIPDNS.gslb.mcd.com. 900  IN      A       
> 13.73.228.106
> ELB-USCN-PROD-GSLB-01-PIPDNS.gslb.mcd.com. 900  IN      A       
> 52.176.102.138
> 
> 13.67.105.153 and 13.73.228.106 are unresponsive on UDP and reject TCP
> 52.176.102.138 is alive and respond with complete other nameservers:
> 
> $ kdig @52.176.102.138 gslb.mcd.com. NS +norec +noall +answer +add
> 
> ;; ANSWER SECTION:
> gslb.mcd.com.           300     IN      NS      zewpgtsgslbdns.gslb.mcd.com.
> gslb.mcd.com.           300     IN      NS      zucpgtsgslbdns.gslb.mcd.com.
> gslb.mcd.com.           300     IN      NS      zappgtsgslbdns.gslb.mcd.com.
> 
> ;; ADDITIONAL SECTION:
> zewpgtsgslbdns.gslb.mcd.com.    900     IN      A       152.142.150.180
> zucpgtsgslbdns.gslb.mcd.com.    900     IN      A       152.140.216.180
> zappgtsgslbdns.gslb.mcd.com.    900     IN      A       152.140.218.180
> 
> But all three nameservers don't answer on UDP and reject TCP
> 
> I verified this from different location. (SRC IP)
> 
> That means for me that no resolver ever have a chance to get an IP for the 
> initial question.
> But the CNAME above have a short TTL. So I retry some minutes later and 
> sometimes I *do*
> get an answer for a simple "dig gas.mcd.com. A" to my unbound. This is good, 
> but I
> don't see, why !?
> 
> reproduced on unbound-1.12.0 and unbound-1.13.0
I'm guessing they're using failover (carp?), and their servers are swamped. 
It's
also possible your upstream BGP isn't current enough. Either way; if _they_ 
are having
problems answering authoritatively. There isn't much _you_ can do; aside from 
informing
them. :-)

> 
> Any Ideas?
> Andreas

More information about the Unbound-users mailing list