This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

[DNS] incorrect domain address return

Posted on 03-11-2024 03:13 AM
Clickmeeting
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We are having trouble resolving our domain address sc.stat-cdn.com by your DNS server.

host sc.stat-cdn.com 8.8.8.8 returns:

sc.stat-cdn.com has address 135.148.29.30
sc.stat-cdn.com has address 177.54.148.191
sc.stat-cdn.com has address 142.44.255.227

It should return the following addresses:

sc.stat-cdn.com has address 212.32.251.176
sc.stat-cdn.com has address 51.195.1.43
sc.stat-cdn.com has address 51.68.187.140
sc.stat-cdn.com has address 178.32.106.183

host sc.stat-cdn.com 1.1.1.1 and host sc.stat-cdn.com 9.9.9.9 return correct IPs

Once every dozen or so attempts, the host sc.stat-cdn.com 8.8.8.8 gives the correct result.

The problem has been occurring since Friday at 9:30 a.m. (UTC+01:00).

Can anyone help me?

1 2 96
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
AI
Staff
Reply posted on --/--/---- --:-- AM

@Clickmeeting hello!

I am trying to follow the delegation chain here and here is how it looks:

 

; <<>> DiG 9.18.24 <<>> -4 sc.stat-cdn.com +trace +nodnssec
;; global options: +cmd
.			87203	IN	NS	m.root-servers.net.
.			87203	IN	NS	f.root-servers.net.
.			87203	IN	NS	i.root-servers.net.
.			87203	IN	NS	l.root-servers.net.
.			87203	IN	NS	d.root-servers.net.
.			87203	IN	NS	a.root-servers.net.
.			87203	IN	NS	g.root-servers.net.
.			87203	IN	NS	e.root-servers.net.
.			87203	IN	NS	h.root-servers.net.
.			87203	IN	NS	c.root-servers.net.
.			87203	IN	NS	j.root-servers.net.
.			87203	IN	NS	k.root-servers.net.
.			87203	IN	NS	b.root-servers.net.
;; Received 239 bytes from 8.8.8.8#53(8.8.8.8) in 45 ms

com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
;; Received 840 bytes from 193.0.14.129#53(k.root-servers.net) in 64 ms

stat-cdn.com.		172800	IN	NS	ns11.constellix.com.
stat-cdn.com.		172800	IN	NS	ns51.constellix.net.
stat-cdn.com.		172800	IN	NS	ns41.constellix.net.
stat-cdn.com.		172800	IN	NS	ns21.constellix.com.
stat-cdn.com.		172800	IN	NS	ns61.constellix.net.
stat-cdn.com.		172800	IN	NS	ns31.constellix.com.
;; Received 315 bytes from 192.31.80.30#53(d.gtld-servers.net) in 50 ms

sc.stat-cdn.com.	120	IN	A	135.148.29.30
sc.stat-cdn.com.	120	IN	A	142.44.255.227
sc.stat-cdn.com.	120	IN	A	199.115.114.35
stat-cdn.com.		86400	IN	NS	ns31.constellix.com.
stat-cdn.com.		86400	IN	NS	ns41.constellix.net.
stat-cdn.com.		86400	IN	NS	ns51.constellix.net.
stat-cdn.com.		86400	IN	NS	ns61.constellix.net.
stat-cdn.com.		86400	IN	NS	ns11.constellix.com.
stat-cdn.com.		86400	IN	NS	ns21.constellix.com.
;; Received 231 bytes from 43.247.171.1#53(ns61.constellix.net) in 32 ms

 

As always the root servers delegate com. to gTLD, TLD delegates stat-cdn.com. to a number of nameservers in constellix -

 

ns11.constellix.com.
ns51.constellix.net.
ns41.constellix.net.
ns21.constellix.com.
ns61.constellix.net.
ns31.constellix.com.

 

So these appear to be the authoritative name server for the domain.

Now, if we go and ask either of these servers to give us an A record for sc.stat-cdn.com, here is what we would see:

 

for ns in ns11.constellix.com. ns51.constellix.net. ns41.constellix.net. ns21.constellix.com. ns61.constellix.net. ns31.constellix.com.; do
for> echo $ns; dig @$ns sc.stat-cdn.com +short;
for> done
ns11.constellix.com.
199.115.114.35
135.148.29.30
142.44.255.227
ns51.constellix.net.
142.44.255.227
199.115.114.35
135.148.29.30
ns41.constellix.net.
142.44.255.227
199.115.114.35
135.148.29.30
ns21.constellix.com.
199.115.114.35
135.148.29.30
142.44.255.227
ns61.constellix.net.
142.44.255.227
199.115.114.35
135.148.29.30
ns31.constellix.com.
142.44.255.227
199.115.114.35
135.148.29.30

 

Which mean that authoritative name servers (the ultimate source of truth if you will) when asked directly, tell us that the answer should be 

 

199.115.114.35
135.148.29.30
142.44.255.227

 

I assume there could be some geo location resolution involved, where depending on where the request is coming from authoritative name servers will return different sets of answers. If you check propagation with https://dnschecker.org/ you can notice that most of the requests in North America end up having the set above, while most of the requests coming from EU will resolve to a different set:

 

212.32.251.176
178.32.106.183
51.68.131.149
51.68.187.140

 

Since we can see that clearly this is not just Google public resolvers that resolve the domain to 3 addresses, which you consider wrong, I am hesitant to believe that the issue is with Google, and is likely to revolve around either delegation or geo-location of the requests.

You can see pretty much the same resolution result at 

The last thing I would like to mention is that Google Public resolvers also return different sets depending on where the request is coming from, and there is more than just two different types of answers - there is one set returned in Africa and EU, two sets for APAC (separate for Australia and the rest), another set for NA and one for SA.

Hope it helps.

Posted on --/--/---- --:-- AM
Clickmeeting
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @AI 

Thank you for your answer.

Our problem has been solved. 

Top Solution Authors
View all