I’m seeing some odd DNS behavior (or maybe I’ve misunderstood something). This started happening recently. I’ve set up DNS to forward to “Quad9 (Filtered)”. If I dig for www.linkedin.com against kresd, I get this (NXDOMAIN):
# dig www.linkedin.com +dnssec +multi
; <<>> DiG 9.14.12 <<>> www.linkedin.com +dnssec +multi
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3331
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.linkedin.com. IN A
;; ANSWER SECTION:
www.linkedin.com. 13 IN CNAME 2-01-2c3e-005a.cdx.cedexis.net.
2-01-2c3e-005a.cdx.cedexis.net. 176 IN CNAME www-linkedin-com.l-0005.l-msedge.net.
;; Query time: 41 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jun 13 09:45:09 PDT 2020
;; MSG SIZE rcvd: 136
However if I query against the Quad9 servers directly (9.9.9.9), I get this (correct result). Shouldn’t kresd have returned this as well?
# dig www.linkedin.com +dnssec +multi @9.9.9.9
; <<>> DiG 9.14.12 <<>> www.linkedin.com +dnssec +multi @9.9.9.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47003
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.linkedin.com. IN A
;; ANSWER SECTION:
www.linkedin.com. 66 IN CNAME 2-01-2c3e-005a.cdx.cedexis.net.
2-01-2c3e-005a.cdx.cedexis.net. 42 IN CNAME www-linkedin-com.l-0005.l-msedge.net.
www-linkedin-com.l-0005.l-msedge.net. 204 IN CNAME l-0005.l-msedge.net.
l-0005.l-msedge.net. 204 IN A 13.107.42.14
;; Query time: 13 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Sat Jun 13 09:46:29 PDT 2020
;; MSG SIZE rcvd: 166