cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1353
Views
0
Helpful
9
Replies

Access Mediaset Akamay CDN - WSA DNS lookup failed. Ver:10.5.3-025

apmari
Beginner
Beginner

Hi all,

maybe i found an issue. Trying to access to a mediaset video, the browser try to access to the selected site (eg. vod02.msf.cdn.mediaset.net). DNS used are the google ones (8.8.4.4, 8.8.8.8)

Lookup vod02.msf.cdn.mediaset.net

IP 2.18.255.53 and 2.18.255.58

Reverse lookup:

a2-18-255-58.deploy.static.akamaitechnologies.com

a2-18-255-53.deploy.static.akamaitechnologies.com

 

All the DNS configuration appears coherent.

Anyway, trying to access to the content the proxy send back the error: NONE/503.

1546604421.352 44 172.16.10.24 NONE/503 0 CONNECT tunnel://vod02.msf.cdn.mediaset.net:443/ DOMAIN\user@REALM NONE/vod02.msf.cdn.mediaset.net - PASSTHRU_CUSTOMCAT_7-WHITELISTING-REALM-DefaultGroup-NONE-NONE-DefaultGroup <C_WHIT,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-",-,-,"-"> -

Executing a policy trace:

 

Final Result
Request blocked
Details: DNS lookup failed
Trace session complete

 

Any clue?

Regs,

apm

1 Accepted Solution

Accepted Solutions


@balaji.bandi wrote:

is the squid resolve same IP address as WSA, is this only issue with this site ? or any other sites also ?

 


Solved,

the problem is related to the DNS.
If the the DNS is queryed in AAAA it returns an error "No such name".
Instead queryed for A it's resolving. My WSAs have ipv6 preferred.

I engaged the DNS hostmaster, askin him to solve the error.

apm

View solution in original post

9 Replies 9

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

Proxy can not do anything, this is more of DNS related. i did lookup against google DNS from UK, i got different IP.

 

> server 8.8.8.8
Default Server: google-public-dns-a.google.com
Address: 8.8.8.8

> vod02.msf.cdn.mediaset.net
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: e30046.v.akamaiedge.net
Addresses: 2.16.167.99
2.16.167.83
Aliases: vod02.msf.cdn.mediaset.net
media.mediaset.net.edgekey.net

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks for your answer BB.

I do not agree.

Despite the service have direct and reverse resolution, the proxy refuse to allow access to the streaming service.

I suspect is related some reputational classification mechanism.

I will open a TT to the TAC too.

apm

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

WSA rely on DNS Solution, if the DNS have resolved wrong, WSA not in a postion to process the request.

 

As i see different location have different resolution since Akamai send the request based on GLB based on the location.

 

Quick test you can do is to prove WSA was the issue, same site cab be opened and tested with out WSA, before we blame WSA?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes, already tested.
From a squid, same subnet, no problem.
apm

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

is the squid resolve same IP address as WSA, is this only issue with this site ? or any other sites also ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help


@balaji.bandi wrote:

is the squid resolve same IP address as WSA, is this only issue with this site ? or any other sites also ?

 


Solved,

the problem is related to the DNS.
If the the DNS is queryed in AAAA it returns an error "No such name".
Instead queryed for A it's resolving. My WSAs have ipv6 preferred.

I engaged the DNS hostmaster, askin him to solve the error.

apm

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

is Microsoft DNS Servers ? Then this was some issue with DNS we see when we using MS DNS Server.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

balaji.bandi
It was a misconfiguration in the dns zone. Now it's solved.
apm

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

Good and Glad to know it was resolved, can you make it as resolved so it will be useful for other community members

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: