$nslookup www.eielson.af.mil
Server: 209.165.131.12
Address: 209.165.131.12#53
Non-authoritative answer:
www.eielson.af.mil canonical name = www.eielson.af.mil.edgesuite.net.
www.eielson.af.mil.edgesuite.net canonical name = a1528.g.akamai.net.
Name: a1528.g.akamai.net
Address: 96.17.8.40
Name: a1528.g.akamai.net
Address: 96.17.8.11
$nslookup www.eielson.af.mil - 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find www.eielson.af.mil: NXDOMAIN
Short answer: The nameservers that provide complete or partial answers
for this hostname are returning inconsistent results. I see the same
results from some other open resolvers.
Long answer:
There are six .mil nameservers:
con1.nipr.mil
con2.nipr.mil
eur1.nipr.mil
eur2.nipr.mil
pac1.nipr.mil
pac2.nipr.mil
The first two are returning the same answer you mentioned (including
the CNAME and addresses of names they have no authority for, so
they're probably recursing, inappropriately):
; <<>> DiG 9.4.3-P3 <<>> @con1.nipr.mil www.eielson.af.mil
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52101
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.eielson.af.mil. IN A
;; ANSWER SECTION:
www.eielson.af.mil. 20586 IN CNAME www.eielson.af.mil.edgesuite.net.
www.eielson.af.mil.edgesuite.net. 5586 IN CNAME a1528.g.akamai.net.
a1528.g.akamai.net. 20 IN A 64.208.249.43
a1528.g.akamai.net. 20 IN A 64.208.249.1
;; Query time: 142 msec
;; SERVER: 199.252.157.234#53(199.252.157.234)
;; WHEN: Thu Jan 21 14:24:48 2010
;; MSG SIZE rcvd: 143
The others delegate to five nameservers for the af.mil. zone:
NS.USAFE.af.mil. 86400 IN A 132.25.88.211
NS3.ACC.af.mil. 86400 IN A 131.7.52.10
ARES.AFNOC.af.mil. 86400 IN A 131.63.50.2
MARS.AFNOC.af.mil. 86400 IN A 131.63.50.1
MUHJ-NS-001.ACC.af.mil. 86400 IN A 132.54.1.17
Of those five, one is returning a CNAME:
; <<>> DiG 9.4.3-P3 <<>> @131.63.50.2 www.eielson.af.mil
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24187
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.eielson.af.mil. IN A
;; ANSWER SECTION:
www.eielson.af.mil. 36600 IN CNAME www.eielson.af.mil.edgesuite.net.
and the other four are delegating to other nameservers for the
eielson.af.mil. zone:
icebox.eielson.af.mil. 86400 IN A 131.39.248.6
paf-dns1.pacaf.af.mil. 86400 IN A 131.49.50.24
paf-dns2.pacaf.af.mil. 86400 IN A 131.49.50.25
Of those (in order), one definitively says the name doesn't exist:
; <<>> DiG 9.4.3-P3 <<>> @131.39.248.6 www.eielson.af.mil.
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29176
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.eielson.af.mil. IN A
;; AUTHORITY SECTION:
eielson.af.mil. 36600 IN SOA icebox.eielson.af.mil.
354cs.scbbp.eielson.af.mil. 2009082648 3600 900 604800 36600
one sends REFUSED, and one never responds. That NXDOMAIN is cacheable
for over ten hours.
I'm glad your ISP (GCI) happened to get one of the CNAME responses, so
you could visit the site. Once your ISP's cached value expires, what
you'll get is based on the luck of the draw. (Unless the nameservers
are fixed by then.)
Hope this informs. --PSRC
-brian
On Jan 21, 11:02 am, "Paul S. R. Chisholm" <psrchish...@gmail.com>
wrote:
> Thanks for the report, Brian.
>
> Short answer: The nameservers that provide complete or partial answers
> for this hostname are returning inconsistent results. I see the same
> results from some other open resolvers.
>
> Long answer:
>
> There are six .mil nameservers:
>
> con1.nipr.mil
> con2.nipr.mil
> eur1.nipr.mil
> eur2.nipr.mil
> pac1.nipr.mil
> pac2.nipr.mil
>
> The first two are returning the same answer you mentioned (including
> the CNAME and addresses of names they have no authority for, so
> they're probably recursing, inappropriately):
>
> ; <<>> DiG 9.4.3-P3 <<>> @con1.nipr.milwww.eielson.af.mil
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52101
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.eielson.af.mil. IN A
>
> ;; ANSWER SECTION:www.eielson.af.mil. 20586 IN CNAME www.eielson.af.mil.edgesuite.net.www.eielson.af.mil.edgesuite.net. 5586 IN CNAME a1528.g.akamai.net.
> > $nslookupwww.eielson.af.mil- 8.8.8.8