Hello

Not sure why I am getting different responses when I perform a dig on sso.dol.gov.

Dig is performed from a server which is capable of querying the root servers
.what could be the issue. Both dig commands below are run from the same server which acts as DNS server capable of performing DNS queries on the internet.

The dig +trace +all output is the same when I query my local server as well as when I query the VZ NS.

Any guidance/pointers would be appreciated.

Running Bind 9.11.3 on RHEL 6.x is that is of any relevance.

I have a feeling that the external DNS entry presented for sso.dol.gov is messed up


Thanks
Sandeep



sh-4.1# dig sso.dol.gov

; <<>> DiG 9.11.3 <<>> sso.dol.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12647
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 191369419bc6df077b8f30ce5b688c9e77211f348bb29b35 (good)
;; QUESTION SECTION:
;sso.dol.gov. IN A

;; ANSWER SECTION:
sso.dol.gov. 77266 IN CNAME sso.gslb.dol.gov.
sso.gslb.dol.gov. 15 IN A 10.49.1.80

;; AUTHORITY SECTION:
gslb.dol.gov. 77266 IN NS silprodgslb.dol.gov.
gslb.dol.gov. 77266 IN NS stldrpgslb.dol.gov.

;; Query time: 27 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 06 13:59:58 EDT 2018
;; MSG SIZE rcvd: 158


sh-4.1# dig @198.6.1.1 sso.dol.gov

; <<>> DiG 9.11.3 <<>> @198.6.1.1 sso.dol.gov
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25189
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;sso.dol.gov. IN A

;; ANSWER SECTION:
sso.dol.gov. 86378 IN CNAME sso.gslb.dol.gov.
sso.gslb.dol.gov. 15 IN A 152.180.20.21

;; Query time: 93 msec
;; SERVER: 198.6.1.1#53(198.6.1.1)
;; WHEN: Mon Aug 06 14:01:42 EDT 2018
;; MSG SIZE rcvd: 79