1

Problems with lol.secure.dyn.riotcdn.net

My kids are killing me for the game League of legens refusing update.

I have reported this problem a few times at the time the chat was available and then I needed to use yogadns on their computers with a rule for lol.secure.dyn.riotcdn.net to be resolved over Quad9 instead of NextDNS.

On any other DNS services this query always works, only NextDNS I know it has a problems for months now.

Today I have made a rewrite lol.secure.dyn.riotcdn.netscd.akacdn.riotgames.com.edgesuite.net on NextDNS to make it work, but the problem is that this is not a permanent solution. To know in what it should rewite ATM, I have made the DNS query on Quad9.

Please guys, would you be so kind and take a look into.

 

Thank you in advance and cheers

20 replies

null
    • crssi
    • 3 yrs ago
    • Reported - view

     

      • crssi
      • 3 yrs ago
      • Reported - view

      crssi can anyone reproduce or is it just me?

      • tangerine_scissors
      • 3 yrs ago
      • Reported - view

      crssi 45.90.28.0   <-- are you sure? dot 0?

      • olivier
      • 3 yrs ago
      • Reported - view

      crssi don't use ANY qtype for testing, it's a deprecated qtype and we block it. Please provide the output of the same queries using A or AAAA with both resolvers.

      • crssi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey 

      Setting any DNS that is NOT the NextDNS (in this case 9.9.9.9):

       

      Using the NextDNS:

       

      Cheers

      • olivier
      • 3 yrs ago
      • Reported - view

      crssi please provide the output of dig for this domain with our server.

      • crssi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey Would you be so kind and let me know how to do it?

      Cheers

      • olivier
      • 3 yrs ago
      • Reported - view

      crssi you can follow those instructions on how to install dig on windows: https://help.dyn.com/how-to-use-binds-dig-tool/

      Then execute "dig lol.secure.dyn.riotcdn.net @45.90.28.0"

      • crssi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey 

       

      C:\BIND9.16.10.x64>dig lol.secure.dyn.riotcdn.net @45.90.28.0

      ; <<>> DiG 9.16.10 <<>> lol.secure.dyn.riotcdn.net @45.90.28.0
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40228
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 1220
      ;; QUESTION SECTION:
      ;lol.secure.dyn.riotcdn.net.    IN      A

      ;; AUTHORITY SECTION:
      secure.dyn.riotcdn.net. 3017 IN SOA dns1.p07.nsone.net. hostmaster.nsone.net. 1610057293 43200 7200 1209600 3600

      ;; Query time: 53 msec
      ;; SERVER: 45.90.28.0#53(45.90.28.0)
      ;; WHEN: Mon Jan 18 16:53:19 Central Europe Standard Time 2021
      ;; MSG SIZE  rcvd: 117

      • olivier
      • 3 yrs ago
      • Reported - view

      crssi what about "dig +tcp CHAOS lol.secure.dyn.riotcdn.net @45.90.28.0"

      • crssi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey thank you

       

      I have changed the client.nextdns.io IP address for anonymity... if you need it, let me know.

       

      :\BIND9.16.10.x64>dig +tcp CHAOS lol.secure.dyn.riotcdn.net @45.90.28.0
      ;; Warning: Message parser reports malformed message packet.

      ; <<>> DiG 9.16.10 <<>> +tcp CHAOS lol.secure.dyn.riotcdn.net @45.90.28.0
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59831
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 7

      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 1220
      ;; QUESTION SECTION:
      ;lol.secure.dyn.riotcdn.net.    CH      A

      ;; AUTHORITY SECTION:
      secure.dyn.riotcdn.net. 2084 IN SOA dns1.p07.nsone.net. hostmaster.nsone.net. 1610057293 43200 7200 1209600 3600

      ;; ADDITIONAL SECTION:
      client-name.nextdns.io. 0 CH TXT "unknown"
      server.nextdns.io. 0 CH TXT "zepto-fra-1"
      conf.nextdns.io. 0 CH TXT "default"
      client.nextdns.io. 0 CH TXT "11.111.20.80"
      proto.nextdns.io. 0 CH TXT "TCP"
      smart-ecs.nextdns.io. 0 CH TXT "not sent"

      ;; Query time: 29 msec
      ;; SERVER: 45.90.28.0#53(45.90.28.0)
      ;; WHEN: Mon Jan 18 17:08:52 Central Europe Standard Time 2021
      ;; MSG SIZE  rcvd: 300

      • olivier
      • 3 yrs ago
      • Reported - view

      crssi seems like one instance of NSOne (dns4.p07.nsone.net) auth in FRA is misconfigured:

      dig +norecurse lol.secure.dyn.riotcdn.net @2a00:edc0:6259:7:7::4
      
      ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> +norecurse lol.secure.dyn.riotcdn.net @2a00:edc0:6259:7:7::4
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61431
      ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
      
      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 1232
      ;; QUESTION SECTION:
      ;lol.secure.dyn.riotcdn.net.    IN    A
      
      ;; AUTHORITY SECTION:
      secure.dyn.riotcdn.net.    3600    IN    SOA    dns1.p07.nsone.net. hostmaster.nsone.net. 1610057293 43200 7200 1209600 3600
      
      ;; Query time: 0 msec
      ;; SERVER: 2a00:edc0:6259:7:7::4#53(2a00:edc0:6259:7:7::4)
      ;; WHEN: Mon Jan 18 16:24:20 UTC 2021
      ;; MSG SIZE  rcvd: 117
      

      Same query from somewhere else returns the right CNAME:

      dig +norecurse lol.secure.dyn.riotcdn.net @2a00:edc0:6259:7:7::4
      
      ; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8 <<>> +norecurse lol.secure.dyn.riotcdn.net @2a00:edc0:6259:7:7::4
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26879
      ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
      
      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 1232
      ;; QUESTION SECTION:
      ;lol.secure.dyn.riotcdn.net.    IN    A
      
      ;; ANSWER SECTION:
      lol.secure.dyn.riotcdn.net. 60    IN    CNAME    scd.akacdn.riotgames.com.edgesuite.net.
      
      ;; Query time: 2 msec
      ;; SERVER: 2a00:edc0:6259:7:7::4#53(2a00:edc0:6259:7:7::4)
      ;; WHEN: Mon Jan 18 16:29:05 UTC 2021
      ;; MSG SIZE  rcvd: 104
      

      There is nothing we can do about it. This need to be reported to Riot Games who should then check with NSOne (their DNS auth provider here).

      • crssi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey 

      Thank you Olivier.

      I have reported it now to Riot Games.

      Cheers

      • crssi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey 

      Long story short... Riot Games advised me to change DNS to 8.8.8.8.

      I have also contacted NSOne support at support@ns1.com, but I am not competent enough to get through, otherwise they do respond nicely even doe I do not have account there.

      I do not know how to go on, but the situation it is really annoying since the application is useless until I set a rewrite in the settings, but this is not a solution, since the destination is not always the same.

      I would really appreciate your help here, since using NextDNS as DNS resolving this address just doesn't work.

       

      Cheers

      • olivier
      • 3 yrs ago
      • Reported - view

      crssi we'll contact NSOne to have their IPv6 servers fixed.

      • Suedroc
      • 3 yrs ago
      • Reported - view

      crssi I just experienced this yesterday but with:

      valorant.secure.dyn.riotcdn.net
      

      I had to change the dns just to get the game updated.

      • crssi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey Thank you. You have made my day. 😍👍

      Please, let us know when resolved... to make my day again. 🙂

      Cheers

      • olivier
      • 3 yrs ago
      • Reported - view

      crssi look like it's fixed

      • crssi
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey  YES, it is. 👍

      OMG, I ❤️U. Thank you. 🙂

    • crssi
    • 3 yrs ago
    • Reported - view

    Why wouldn't it be?

Content aside

  • 1 Likes
  • 3 yrs agoLast active
  • 20Replies
  • 575Views
  • 4 Following