CNAME chain not being followed while resolving ap-southeast-1.console.aws.amazon.com.
Hello, we are currently running instance of Knot Resolver with these settings config
and we were alerted that when we are resolving ap-southeast-1.console.aws.amazon.com.
domain through the instance of Knot Resolver (100.64.0.104 is the address of our instance of Knot Resolver), we receive this answer with no answer section
dig @100.64.0.104 ap-southeast-1.console.aws.amazon.com.
; <<>> DiG 9.16.20 <<>> @100.64.0.104 ap-southeast-1.console.aws.amazon.com.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27863
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ap-southeast-1.console.aws.amazon.com. IN A
;; Query time: 220 msec
;; SERVER: 100.64.0.104#53(100.64.0.104)
;; WHEN: Mon Dec 20 09:20:43 UTC 2021
;; MSG SIZE rcvd: 66
on the other hand, when we resolve the same domain using GoogleDNS(8.8.8.8), we get this proper answer
dig @8.8.8.8 ap-southeast-1.console.aws.amazon.com.
; <<>> DiG 9.16.20 <<>> @8.8.8.8 ap-southeast-1.console.aws.amazon.com.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1185
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ap-southeast-1.console.aws.amazon.com. IN A
;; ANSWER SECTION:
ap-southeast-1.console.aws.amazon.com. 28 IN CNAME gr.console-geo.ap-southeast-1.amazonaws.com.
gr.console-geo.ap-southeast-1.amazonaws.com. 60 IN CNAME a299197c08ba4f000.awsglobalaccelerator.com.
a299197c08ba4f000.awsglobalaccelerator.com. 9 IN A 3.3.14.1
a299197c08ba4f000.awsglobalaccelerator.com. 9 IN A 3.3.15.1
;; Query time: 16 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Dec 20 11:11:35 UTC 2021
;; MSG SIZE rcvd: 205
the logs from the Knot Resolver for problematic resolution looks like this logs.log
Do you see where is the problem? Could you assist me? It seems that we are hitting this issue only for some subdomains of console.aws.amazon.com. For example us-east-1.console.aws.com resolves through the instance of Knot Resolver with no problems