[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [public-dns-discuss] Google Public DNS mostly doesn't reply with the correct DNS answer



I agree there was the TTL set a 7200 seconds, however, even after 48 hours we still had this problem (we created that subdomain 2 days ago and deleted + recreated today to check if it was still happening).

Anyway I just checked again and it seems to be working fine now according to the dig reply

Thank you ! :)

Le mercredi 6 mars 2019 17:36:17 UTC+1, Puneet Sood a écrit :
This was likely due to caching of the CNAME record. Note the TTL of
7199 in the CNAME response. Even if a record is changed, the old
record may continue to be used by resolvers until its TTL expires. See
https://developers.google.com/speed/public-dns/faq#update_cache

natasha.mpulse.eu.      4969    IN      CNAME   mpulse.eu.
mpulse.eu.              7199    IN      A       80.92.66.204

I am not seeing the CNAME response now across our service globally so
I expect the records have expired and returning the AWS based records.

On Wed, Mar 6, 2019 at 11:16 AM <corenti... AT gmail.com> wrote:
>
> Hi all,
>
> We created a CNAME record a few days ago and noticed it was not redirecting to the correct target most of the time (it's supposed to redirect to an AWS service, but instead just returning to our *.domain.tld target).
> We tried creating another subdomain and it worked fine without any issue, we deleted and re-created our CNAME record and it's still going on the wrong target.
>
> 1. We can communicate with Google DNS through a traceroute
>
> 2. When executing dig on the subdomain, we have the issue :
>
> corentin@LAPTOP-O3NO25DV:/mnt/c/Users/CorentinCloss $ dig @8.8.8.8 natasha.mpulse.eu.
>
> ; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @8.8.8.8 natasha.mpulse.eu.
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55796
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;natasha.mpulse.eu.             IN      A
>
> ;; ANSWER SECTION:
> natasha.mpulse.eu.      3599    IN      CNAME   eafe5b63-albnginxingress-a-b742-1480374157.eu-west-1.elb.amazonaws.com.
> eafe5b63-albnginxingress-a-b742-1480374157.eu-west-1.elb.amazonaws.com. 59 IN A 54.77.72.213
> eafe5b63-albnginxingress-a-b742-1480374157.eu-west-1.elb.amazonaws.com. 59 IN A 52.213.108.113
> eafe5b63-albnginxingress-a-b742-1480374157.eu-west-1.elb.amazonaws.com. 59 IN A 54.246.150.238
>
> ;; Query time: 51 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Wed Mar 06 16:47:14 STD 2019
> ;; MSG SIZE  rcvd: 178
>
> corentin@LAPTOP-O3NO25DV:/mnt/c/Users/CorentinCloss $ dig @8.8.8.8 natasha.mpulse.eu.
>
> ; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @8.8.8.8 natasha.mpulse.eu.
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64119
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;natasha.mpulse.eu.             IN      A
>
> ;; ANSWER SECTION:
> natasha.mpulse.eu.      4969    IN      CNAME   mpulse.eu.
> mpulse.eu.              7199    IN      A       80.92.66.204
>
> ;; Query time: 51 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Wed Mar 06 16:47:15 STD 2019
> ;; MSG SIZE  rcvd: 76
>
> As you can see above, we don't have the same reply for the 2 exact same commands at a few seconds interval (the correct one is the first with AWS, the bad one is the second one).
>
> Google Public DNS also struggles to reply the correct data without performing DNSSEC validation (returns both the true and bad values)
> We have no issues with Level 3's, OpenDNS or Cloudflare DNS servers.
>
> This has been tested on a computer running Ubuntu, a computer running Windows, an iPhone connected through 4G (no wifi on the same network as the 2 previous computers) and an AWS server.
>
> Please apologize for some typos ;)
>
> --
> You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
> To post to this group, send email to public-dn...@googlegroups.com.
> Visit this group at https://groups.google.com/group/public-dns-discuss.
> To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/b835478b-ef2f-40fd-bad6-d2237b917c9b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/3bb11148-9f08-4156-ab91-036576c438e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.