[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Inconsistent response for one specific A record



We are seeing an inconsistent response from 8.8.4.4 on „sa-update.dnswl.org“ (used in SpamAssassin update script). 

The A record was changed on March 11 to 116.203.4.105, and we flushed resolver cache at https://developers.google.com/speed/public-dns/cache on March 13. 

*Most* of the time, we receive the expected response:


# dig a sa-update.dnswl.org @8.8.4.4
(...)
;; ANSWER SECTION:
sa-update.dnswl.org.    21591   IN      A       116.203.4.105

But sometimes the response is unexpected:

# dig a sa-update.dnswl.org @8.8.4.4

; <<>> DiG 9.10.3-P4-Debian <<>> a sa-update.dnswl.org @8.8.4.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56063
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;sa-update.dnswl.org.           IN      A

;; ANSWER SECTION:
sa-update.dnswl.org.    18965   IN      A       78.47.167.123

;; Query time: 11 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Fri Mar 15 11:38:57 CET 2019
;; MSG SIZE  rcvd: 64

Also, we sometimes get the former SOA value (1902152221) instead of the current one (1903112142). Format of the SOA is YYMMDDHHmm, i.e. 2019 March 11 21:42. 

(Note the „YOU.ARE.BLOCKED“ in the SOA indicates that the list.dnswl.org zone can not be queried through public DNS servers, but this is not related to the sa-update.dnswl.org name.)

https://dns.google.com/query?name=sa-update.dnswl.org seems to always return the current value/SOA.

The domain is not DNSSEC-enabled.

The queries in the example here came from 94.130.169.93/2a01:4f8:c0c:4526::2 located in Germany, others come from an internal SpamAssassin machine located in France.

Any ideas how to further debug/diagnose?

Thanks,
— Matthias

-- 
Matthias Leisi
Katzenrütistrasse 68, 8153 Rümlang
Mobile +41 79 377 04 43
matthias AT leisi.net
Skype matthias.leisi


--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/65D68D16-1841-418A-AD2D-C601BC38AF72%40leisi.net.
For more options, visit https://groups.google.com/d/optout.

Attachment: smime.p7s
Description: S/MIME cryptographic signature