01-04-2019 07:50 AM
Hi all,
maybe i found an issue. Trying to access to a mediaset video, the browser try to access to the selected site (eg. vod02.msf.cdn.mediaset.net). DNS used are the google ones (8.8.4.4, 8.8.8.8)
Lookup vod02.msf.cdn.mediaset.net
IP 2.18.255.53 and 2.18.255.58
Reverse lookup:
a2-18-255-58.deploy.static.akamaitechnologies.com
a2-18-255-53.deploy.static.akamaitechnologies.com
All the DNS configuration appears coherent.
Anyway, trying to access to the content the proxy send back the error: NONE/503.
1546604421.352 44 172.16.10.24 NONE/503 0 CONNECT tunnel://vod02.msf.cdn.mediaset.net:443/ DOMAIN\user@REALM NONE/vod02.msf.cdn.mediaset.net - PASSTHRU_CUSTOMCAT_7-WHITELISTING-REALM-DefaultGroup-NONE-NONE-DefaultGroup <C_WHIT,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-",-,-,"-"> -
Executing a policy trace:
Final Result
Request blocked
Details: DNS lookup failed
Trace session complete
Any clue?
Regs,
apm
Solved! Go to Solution.
01-17-2019 07:36 AM
@balaji.bandi wrote:is the squid resolve same IP address as WSA, is this only issue with this site ? or any other sites also ?
Solved,
the problem is related to the DNS.
If the the DNS is queryed in AAAA it returns an error "No such name".
Instead queryed for A it's resolving. My WSAs have ipv6 preferred.
I engaged the DNS hostmaster, askin him to solve the error.
apm
01-06-2019 01:19 PM
Proxy can not do anything, this is more of DNS related. i did lookup against google DNS from UK, i got different IP.
> server 8.8.8.8
Default Server: google-public-dns-a.google.com
Address: 8.8.8.8
> vod02.msf.cdn.mediaset.net
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: e30046.v.akamaiedge.net
Addresses: 2.16.167.99
2.16.167.83
Aliases: vod02.msf.cdn.mediaset.net
media.mediaset.net.edgekey.net
01-07-2019 12:57 AM
Thanks for your answer BB.
I do not agree.
Despite the service have direct and reverse resolution, the proxy refuse to allow access to the streaming service.
I suspect is related some reputational classification mechanism.
I will open a TT to the TAC too.
apm
01-07-2019 04:30 AM
WSA rely on DNS Solution, if the DNS have resolved wrong, WSA not in a postion to process the request.
As i see different location have different resolution since Akamai send the request based on GLB based on the location.
Quick test you can do is to prove WSA was the issue, same site cab be opened and tested with out WSA, before we blame WSA?
01-07-2019 04:58 AM
01-07-2019 09:56 AM
is the squid resolve same IP address as WSA, is this only issue with this site ? or any other sites also ?
01-17-2019 07:36 AM
@balaji.bandi wrote:is the squid resolve same IP address as WSA, is this only issue with this site ? or any other sites also ?
Solved,
the problem is related to the DNS.
If the the DNS is queryed in AAAA it returns an error "No such name".
Instead queryed for A it's resolving. My WSAs have ipv6 preferred.
I engaged the DNS hostmaster, askin him to solve the error.
apm
01-17-2019 11:19 AM
is Microsoft DNS Servers ? Then this was some issue with DNS we see when we using MS DNS Server.
07-23-2019 02:18 AM
07-23-2019 04:13 AM
Good and Glad to know it was resolved, can you make it as resolved so it will be useful for other community members
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: