--- Begin Message ---
I got reports that some gitlab/runner/docker stuff sporadically failed
and it turned out its caused by trafficmanager.net which has been
reported here in the past already to misbehave.
So the host in question is mcr.microsoft.com which hosts docker images for
dotnet which fails sporadically to resolve with bind 9.18.33 on Debian/Bookworm
aswell as Debian/Trixie with 9.20.11-4.
;; ANSWER SECTION:
mcr.microsoft.com. 40 IN CNAME mcr.trafficmanager.net.
mcr.trafficmanager.net. 40 IN CNAME mcr-0001.mcr-msedge.net.
mcr-0001.mcr-msedge.net. 40 IN A 150.171.69.10
mcr-0001.mcr-msedge.net. 40 IN A 150.171.70.10
After debugging i found that i can reliably trigger it when flushing
the cache. Previous reports had v4/v6 indifferences. In this case its
v4 only with "dnssec-validation no;"
Once the host successfully resolved it only fails sporadically, i guess
caused by the low ttls and some cache expiry.
root@dnstest-trixie:/tmp# dpkg -l bind9 | grep ^ii
ii bind9 1:9.20.11-4 amd64 Internet Domain Name Server
root@dnstest-trixie:/tmp# rndc flush; for i in 1 2 3 4 5 6 7 8 9 0; do dig -t
cname mcr.trafficmanager.net @localhost | grep status ; sleep 2; done
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29555
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35650
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51146
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61121
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 24384
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 65086
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50226
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63898
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28750
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25243
root@dnstest-trixie:/tmp# rndc flush; for i in 1 2 3 4 5 6 7 8 9 0; do dig -t
cname mcr.trafficmanager.net @localhost | grep status ; sleep 2; done
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56049
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48192
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35103
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47369
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8478
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4581
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17626
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58256
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62685
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11774
root@dnstest-trixie:/tmp# rndc flush; for i in 1 2 3 4 5 6 7 8 9 0; do dig -t
cname mcr.trafficmanager.net @localhost | grep status ; sleep 2; done
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 24885
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16846
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34394
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25253
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60834
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35364
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10299
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37346
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64553
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30751
Flo
--
Florian Lohoff [email protected]
Any sufficiently advanced technology is indistinguishable from magic.
signature.asc
Description: PGP signature
--- End Message ---
