issue with gas.mcd.com

Unbound unbound at tacomawireless.net
Thu Jan 14 18:10:06 UTC 2021 

On 2021-01-14 10:04, Unbound via Unbound-users wrote:
> On 2021-01-14 07:01, A. Schulze via Unbound-users wrote:
>> Hello,
>> 
>> a customer informed me about trouble with https://account.mcd.com
>> I found, the resolver had problems to get an IP for the related name 
>> "gas.mcd.com"
>> 
>> mcd.com return a CNAME gas.gslb.mcd.com:
>> 
>> $ kdig @pdns1.cscdns.net. gas.mcd.com. +norec +noall +answer
>> 
>> ;; ANSWER SECTION:
>> gas.mcd.com.            180     IN      CNAME   gas.gslb.mcd.com.
>> 
>> 
>> gslb.mcd.com seem to be a subdomain.
>> 
>> $ kdig @pdns1.cscdns.net. gslb.mcd.com. NS +norec +noall +add
>> 
>> ;; ADDITIONAL SECTION:
>> ELB-APSE-PROD-GSLB-01-PIPDNS.gslb.mcd.com. 900  IN      A       
>> 13.67.105.153
>> ELB-EUWE-PROD-GSLB-01-PIPDNS.gslb.mcd.com. 900  IN      A       
>> 13.73.228.106
>> ELB-USCN-PROD-GSLB-01-PIPDNS.gslb.mcd.com. 900  IN      A       
>> 52.176.102.138
>> 
>> 13.67.105.153 and 13.73.228.106 are unresponsive on UDP and reject TCP
>> 52.176.102.138 is alive and respond with complete other nameservers:
>> 
>> $ kdig @52.176.102.138 gslb.mcd.com. NS +norec +noall +answer +add
>> 
>> ;; ANSWER SECTION:
>> gslb.mcd.com.           300     IN      NS      
>> zewpgtsgslbdns.gslb.mcd.com.
>> gslb.mcd.com.           300     IN      NS      
>> zucpgtsgslbdns.gslb.mcd.com.
>> gslb.mcd.com.           300     IN      NS      
>> zappgtsgslbdns.gslb.mcd.com.
>> 
>> ;; ADDITIONAL SECTION:
>> zewpgtsgslbdns.gslb.mcd.com.    900     IN      A       152.142.150.180
>> zucpgtsgslbdns.gslb.mcd.com.    900     IN      A       152.140.216.180
>> zappgtsgslbdns.gslb.mcd.com.    900     IN      A       152.140.218.180
>> 
>> But all three nameservers don't answer on UDP and reject TCP
>> 
>> I verified this from different location. (SRC IP)
>> 
>> That means for me that no resolver ever have a chance to get an IP for the 
>> initial question.
>> But the CNAME above have a short TTL. So I retry some minutes later and 
>> sometimes I *do*
>> get an answer for a simple "dig gas.mcd.com. A" to my unbound. This is 
>> good, but I
>> don't see, why !?
>> 
>> reproduced on unbound-1.12.0 and unbound-1.13.0
> I'm guessing they're using failover (carp?), and their servers are swamped. 
> It's
> also possible your upstream BGP isn't current enough. Either way; if _they_ 
> are having
> problems answering authoritatively. There isn't much _you_ can do; aside 
> from informing
> them. :-)
FWIW this is what I see:
udns# drill gas.mcd.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 9379
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; gas.mcd.com.	IN	A

;; ANSWER SECTION:
gas.mcd.com.	300	IN	CNAME	gas.gslb.mcd.com.
gas.gslb.mcd.com.	300	IN	A	40.122.111.34

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 344 msec
I mention it, because _my_ numbers are different than yours.
> 
>> 
>> Any Ideas?
>> Andreas

More information about the Unbound-users mailing list