8.8.8.8 Query prod.odcsm1.live.com.akadns.net with ecs subnet cannot be resolved

590 views
Skip to first unread message

rodge liu

unread,
Mar 1, 2021, 8:55:17 AM3/1/21
to public-dns-discuss

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> @8.8.8.8 prod.odcsm1.live.com.akadns.net +subnet=103.84.136.0/24
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 25037
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 103.84.136.0/24/0
;; QUESTION SECTION:

;; Query time: 2 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb 27 13:14:51 CST 2021
;; MSG SIZE  rcvd: 71


; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> @8.8.8.8 prod.odcsm1.live.com.akadns.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21611
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:

;; ANSWER SECTION:
asia.odcsm1.live.com.akadns.net. 299 IN A       52.109.124.127

;; Query time: 39 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb 27 13:14:58 CST 2021
;; MSG SIZE  rcvd: 95
1614403039(1).jpg

Kisalaya Prasad

unread,
Mar 3, 2021, 9:03:04 AM3/3/21
to public-dns-discuss
Hi,

I've tried the query on my end, and I do get back the answer intermittently. Can you provide more details here as to what you're trying to do ? (It would be useful to know where you're querying us from?) 



; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35138

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 103.84.136.0/24/0
;; QUESTION SECTION:
;prod.odcsm1.live.com.akadns.net. IN A
 
;; ANSWER SECTION:
prod.odcsm1.live.com.akadns.net. 234 IN CNAME us1.odcsm1.live.com.akadns.net.
us1.odcsm1.live.com.akadns.net. 299 IN A 52.109.8.40
 
;; Query time: 15 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Mar 01 16:38:44 EST 2021
;; MSG SIZE rcvd: 105
 
dig @8.8.8.8 prod.odcsm1.live.com.akadns.net +subnet=103.84.136.0/24 

; <<>> DiG 9.16.11-Debian <<>> @8.8.8.8 prod.odcsm1.live.com.akadns.net +subnet=103.84.136.0/24

; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 39875

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; CLIENT-SUBNET: 103.84.136.0/24/0
;; QUESTION SECTION:
;prod.odcsm1.live.com.akadns.net. IN A
 
;; Query time: 3 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Mar 01 16:38:58 EST 2021
;; MSG SIZE rcvd: 71

Ding Chen Tsai

unread,
Mar 31, 2021, 9:26:31 AM3/31/21
to public-dns-discuss
I have same issue, seems only happen on akamai's cdn domain with enable EDNS.

image_2021-03-31_08-54-19.png

kisa...@google.com 在 2021年3月3日 星期三下午10:03:04 [UTC+8] 的信中寫道:

Alex Dupuy

unread,
Apr 20, 2021, 6:42:27 PM4/20/21
to public-dns-discuss
Google Public DNS is starting to return REFUSED when you send EDNS Client Subnet data that it cannot honor. See https://groups.google.com/g/public-dns-discuss/c/JpK7GblfDTA/m/1vNdjHMQCgAJ. The relevant part of RFC 7871 section 7.1.1:

FAMILY and ADDRESS information MAY be used from the ECS option in the incoming query. Passing the existing address data is supportive of the Recursive Resolver being used as the target of a Forwarding Resolver, but could possibly run into policy problems with regard to usage agreements between the Recursive Resolver and Authoritative Nameserver. See Section 12.2 for more discussion on this point. If the Recursive Resolver will not forward FAMILY and ADDRESS data from the incoming ECS option, it SHOULD return a REFUSED response.

Reply all
Reply to author
Forward
0 new messages