Erratic rule behavior for an alias
-
Hello,
I have an alias defined for an akamai CDN host originating from LAN with a Gateway (VPN) assigned to. Sometimes the rule is honored and the traceroute shows that VPN gateway is used. However, for other times the gateway is not at all used.
Here is a traceroute within minutes of each other:
Incorrect behaviour $ traceroute delta39tatasky.akamaized.net traceroute to delta39tatasky.akamaized.net (23.222.29.17), 30 hops max, 60 byte packets 1 pfSense.localdomain (172.16.1.1) 0.192 ms 0.167 ms 0.143 ms 9 a23-222-29-17.deploy.static.akamaitechnologies.com (23.222.29.17) 72.576 ms 71.077 ms * Correct behaviour (using VPN gateway) $ traceroute delta39tatasky.akamaized.net traceroute to delta39tatasky.akamaized.net (23.222.29.17), 30 hops max, 60 byte packets 1 10.35.0.1 (10.35.0.1) 260.782 ms 260.796 ms 260.826 ms 16 a23-222-29-17.deploy.static.akamaitechnologies.com (23.222.29.17) 536.298 ms 531.746 ms *
Is there any way to debug this behaviour?
Thanks
-
Turns out that the akamai host is changing its ip address and filterdns is not able to catchup.
-
I decided to use my own dns server as domain override. To test the DNS server i tried it directly,
$ nslookup > server 192.168.1.166 Default server: 192.168.1.166 Address: 192.168.1.166#53 > delta37tatasky.akamaized.net Server: 192.168.1.166 Address: 192.168.1.166#53 Non-authoritative answer: delta37tatasky.akamaized.net canonical name = a1279.w10.akamai.net. Name: a1279.w10.akamai.net Address: 122.15.34.35
and it works as seen above. Next i changed the Domain override as follows,
But nslookup fails to work
$ nslookup > delta37tatasky.akamaized.net ;; Got SERVFAIL reply from 172.16.1.1, trying next server ;; connection timed out; no servers could be reached
Any idea what is wrong?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.