nslookup of paypal.com succeeds byt www.paypal.com returns SERVFAIL
I have a bind9 server here forwarding to openDNS:
options {
directory "/var/cache/bind";
allow-query { goodclients; };
forwarders {
208.67.222.222;
208.67.220.220;
};
dnssec-validation auto;
recursion yes;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
response-policy { zone "rpz"; } break-dnssec yes max-policy-ttl 7200;
};
But when I NSLOOKUP or dig www.paypal.com I get a SERVFAIl error, and if I do the same for paypal.com I get success. Other domains seem to be working, but I havent exhaustively checked, obviously:
# dig www.paypal.com
; <<>> DiG 9.10.3-P4-Debian <<>> www.paypal.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45562
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.paypal.com. IN A
;; Query time: 0 msec
;; SERVER: 10.0.1.2#53(10.0.1.2)
;; WHEN: Thu Apr 18 08:50:39 EDT 2019
;; MSG SIZE rcvd: 43
# dig paypal.com
; <<>> DiG 9.10.3-P4-Debian <<>> paypal.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43283
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;paypal.com. IN A
;; ANSWER SECTION:
paypal.com. 152 IN A 64.4.250.36
paypal.com. 152 IN A 64.4.250.37
;; AUTHORITY SECTION:
paypal.com. 152 IN NS pdns100.ultradns.net.
paypal.com. 152 IN NS ns1.p57.dynect.net.
paypal.com. 152 IN NS pdns100.ultradns.com.
paypal.com. 152 IN NS ns2.p57.dynect.net.
;; ADDITIONAL SECTION:
ns2.p57.dynect.NET. 16488 IN A 204.13.250.57
pdns100.ultradns.com. 2568 IN A 156.154.64.100
pdns100.ultradns.com. 76706 IN AAAA 2001:502:f3ff::88
pdns100.ultradns.NET. 1454 IN A 156.154.65.100
pdns100.ultradns.NET. 16528 IN AAAA 2610:a1:1014::88
;; Query time: 0 msec
;; SERVER: 10.0.1.2#53(10.0.1.2)
;; WHEN: Thu Apr 18 08:51:28 EDT 2019
;; MSG SIZE rcvd: 322
-
It works for me.
; <<>> DiG 9.13.3 <<>> @fd00::ca0e:14ff:fee9:8362 @192.168.178.1 +dnssec +noqr +multiline www.paypal.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36706
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.paypal.com. IN A
;; ANSWER SECTION:
www.paypal.com. 1788 IN CNAME www.glb.paypal.com.
www.glb.paypal.com. 1788 IN CNAME www.paypal.com.edgekey.net.
www.paypal.com.edgekey.net. 27 IN CNAME e16973.a.akamaiedge.net.
e16973.a.akamaiedge.net. 20 IN A 2.21.38.79
;; Query time: 21 msec
;; SERVER: fd00::ca0e:14ff:fee9:8362#53(fd00::ca0e:14ff:fee9:8362)
;; WHEN: Thu Apr 18 14:56:13 CEST 2019
;; MSG SIZE rcvd: 155
Please sign in to leave a comment.
Comments
4 comments