Erratic rule behavior for an alias

trumee

Hello,

I have an alias defined for an akamai CDN host originating from LAN with a Gateway (VPN) assigned to. Sometimes the rule is honored and the traceroute shows that VPN gateway is used. However, for other times the gateway is not at all used.

Here is a traceroute within minutes of each other:

Incorrect behaviour
$ traceroute delta39tatasky.akamaized.net
traceroute to delta39tatasky.akamaized.net (23.222.29.17), 30 hops max, 60 byte packets
 1  pfSense.localdomain (172.16.1.1)  0.192 ms  0.167 ms  0.143 ms
 9  a23-222-29-17.deploy.static.akamaitechnologies.com (23.222.29.17)  72.576 ms  71.077 ms *

Correct behaviour (using VPN gateway)
$ traceroute delta39tatasky.akamaized.net
traceroute to delta39tatasky.akamaized.net (23.222.29.17), 30 hops max, 60 byte packets
 1  10.35.0.1 (10.35.0.1)  260.782 ms  260.796 ms  260.826 ms
16  a23-222-29-17.deploy.static.akamaitechnologies.com (23.222.29.17)  536.298 ms  531.746 ms *

Is there any way to debug this behaviour?

Thanks

trumee

Turns out that the akamai host is changing its ip address and filterdns is not able to catchup.

trumee

I decided to use my own dns server as domain override. To test the DNS server i tried it directly,

$ nslookup 
> server 192.168.1.166
Default server: 192.168.1.166
Address: 192.168.1.166#53
> delta37tatasky.akamaized.net
Server:         192.168.1.166
Address:        192.168.1.166#53

Non-authoritative answer:
delta37tatasky.akamaized.net    canonical name = a1279.w10.akamai.net.
Name:   a1279.w10.akamai.net
Address: 122.15.34.35

and it works as seen above. Next i changed the Domain override as follows,

But nslookup fails to work

$ nslookup 
> delta37tatasky.akamaized.net
;; Got SERVFAIL reply from 172.16.1.1, trying next server
;; connection timed out; no servers could be reached
 

Any idea what is wrong?