Cannot ping FQDN
-
You do understand that is a CDN name your resolving http://en.wikipedia.org/wiki/Akamai_Technologies
;; QUESTION SECTION:
;wfbssvc51.icrc.trendmicro.com. IN A;; ANSWER SECTION:
wfbssvc51.icrc.trendmicro.com. 11 IN CNAME icrc2048.trendmicro.com.edgekey.net.
icrc2048.trendmicro.com.edgekey.net. 15555 IN CNAME e6033.g.akamaiedge.net.
e6033.g.akamaiedge.net. 16 IN A 23.60.130.101It has a VERY sort TTL, and will change all the time
;; ANSWER SECTION:
e6033.g.akamaiedge.net. 10 IN A 23.194.127.247So that is clearly not a good choice for testing if ping works?? Also pinging is not a very good test of actual pulling some sort of update or dat file off their servers. As mentioned not everyone answers ping..
-
Yes, I got that but why is it ping'able from many other different places even for the same resolvable IP?
-
Well has mentioned already - your location might block.. Can you ping anything from that location. I can ping that IP for example
C:>ping wfbssvc51.icrc.trendmicro.com
Pinging e6033.g.akamaiedge.net [23.210.66.101] with 32 bytes of data:
Reply from 23.210.66.101: bytes=32 time=254ms TTL=57
Reply from 23.210.66.101: bytes=32 time=243ms TTL=57
Reply from 23.210.66.101: bytes=32 time=280ms TTL=57Doesn't mean you can, or as IP changes you might have connectivity issues to that IP, etc.
-
Well has mentioned already - your location might block.. Can you ping anything from that location. I can ping that IP for example
C:>ping wfbssvc51.icrc.trendmicro.com
Pinging e6033.g.akamaiedge.net [23.210.66.101] with 32 bytes of data:
Reply from 23.210.66.101: bytes=32 time=254ms TTL=57
Reply from 23.210.66.101: bytes=32 time=243ms TTL=57
Reply from 23.210.66.101: bytes=32 time=280ms TTL=57Doesn't mean you can, or as IP changes you might have connectivity issues to that IP, etc.
Yes, I can ping other IP's not just this one.
-
what does it matter - it changes every few seconds.. Its a CDN.. There are thousands of servers with hundreds of IPs
-
what does it matter - it changes every few seconds.. Its a CDN.. There are thousands of servers with hundreds of IPs
When I say other IP's, I meant like google.com's IP.
For the wfbssvc51.icrc.trendmicro.com FQDN, I ALWAYS get the same IP every single time so it does matter.
-
Christ… last time - this has absolutely NOTHING to do with pfSense. Move your pointless "efforts" elsewhere.
-
In the screenshot of the traceroute(from the link in your first post), you can see clearly the traffic going beyond pfSense, so as pointed by other members it is NOT a pfSense issue
-
" I ALWAYS get the same IP every single time so it does matter."
Well you have a problem there.. This fqdn you have points to a CNAME of
;; ANSWER SECTION:
wfbssvc51.icrc.trendmicro.com. 377 IN CNAME icrc2048.trendmicro.com.edgekey.net.
icrc2048.trendmicro.com.edgekey.net. 5396 IN CNAME e6033.g.akamaiedge.net.
e6033.g.akamaiedge.net. 8 IN A 23.7.146.101So you end up at e6033.g.akamaiedge.net
This TTL is SHORT!!! 20 seconds when you query the authoritative ns for that domain.
; <<>> DiG 9.9.3-rpz2+rl.13214.22-P2-Ubuntu-1:9.9.3.dfsg.P2-4ubuntu1.1 <<>> @n1g.akamaiedge.net e6033.g.akamaiedge.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13792
;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;e6033.g.akamaiedge.net. IN A;; ANSWER SECTION:
e6033.g.akamaiedge.net. 20 IN A 23.79.210.101;; Query time: 34 msec
;; SERVER: 23.3.8.23#53(23.3.8.23)
;; WHEN: Sun Apr 06 13:10:57 CDT 2014
;; MSG SIZE rcvd: 67you should not be getting the same IP all the time - they rotate them.
Look
;; ANSWER SECTION:
wfbssvc51.icrc.trendmicro.com. 109 IN CNAME icrc2048.trendmicro.com.edgekey.net.
icrc2048.trendmicro.com.edgekey.net. 5128 IN CNAME e6033.g.akamaiedge.net.
e6033.g.akamaiedge.net. 1 IN A 23.194.127.247;; Query time: 5 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Sun Apr 06 13:12:56 CDT 2014
;; MSG SIZE rcvd: 148ubuntu:~$ dig wfbssvc51.icrc.trendmicro.com
; <<>> DiG 9.9.3-rpz2+rl.13214.22-P2-Ubuntu-1:9.9.3.dfsg.P2-4ubuntu1.1 <<>> wfbssvc51.icrc.trendmicro.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52663
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;wfbssvc51.icrc.trendmicro.com. IN A;; ANSWER SECTION:
wfbssvc51.icrc.trendmicro.com. 1528 IN CNAME icrc2048.trendmicro.com.edgekey.net.
icrc2048.trendmicro.com.edgekey.net. 1722 IN CNAME e6033.g.akamaiedge.net.
e6033.g.akamaiedge.net. 8 IN A 23.60.130.101;; Query time: 22 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Sun Apr 06 13:12:59 CDT 2014
;; MSG SIZE rcvd: 156And I am with doktor here – your trace clearly shows you getting past pfsense - so what does pfsense have to do with the issue?
You sure someone didn't create a host entry or host over ride in your pfsense dns locking this to 1 IP.. That would not be a good idea if they are serving up this stuff from a CDN.. You have no idea what servers are loaded, offline, etc. etc.. They create such a short TTL for a specific reason.. You getting the same IP every time you query that points to something wrong in your name resolution.
-
@ptt:
In the screenshot of the traceroute(from the link in your first post), you can see clearly the traffic going beyond pfSense, so as pointed by other members it is NOT a pfSense issue
Yes, I completely understand that. It's just that johnpoz answered back to this thread so I replied back, got it?