Problems with lol.secure.dyn.riotcdn.net

crssi
3 yrs ago
20replies

My kids are killing me for the game League of legens refusing update.

I have reported this problem a few times at the time the chat was available and then I needed to use yogadns on their computers with a rule for lol.secure.dyn.riotcdn.net to be resolved over Quad9 instead of NextDNS.

On any other DNS services this query always works, only NextDNS I know it has a problems for months now.

Today I have made a rewrite lol.secure.dyn.riotcdn.net → scd.akacdn.riotgames.com.edgesuite.net on NextDNS to make it work, but the problem is that this is not a permanent solution. To know in what it should rewite ATM, I have made the DNS query on Quad9.

Please guys, would you be so kind and take a look into.

Thank you in advance and cheers

- crssi
- 3 yrs ago
- Reported - view
- crssi
  
  3 yrs ago
  
  Reported - view
  crssi can anyone reproduce or is it just me?
- tangerine_scissors
  
  3 yrs ago
  
  Reported - view
  crssi 45.90.28.0 <-- are you sure? dot 0?
- olivier
  
  3 yrs ago
  
  Reported - view
  crssi don't use ANY qtype for testing, it's a deprecated qtype and we block it. Please provide the output of the same queries using A or AAAA with both resolvers.
- crssi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey
  
  Setting any DNS that is NOT the NextDNS (in this case 9.9.9.9):
  
  Using the NextDNS:
  
  Cheers
- olivier
  
  3 yrs ago
  
  Reported - view
  crssi please provide the output of dig for this domain with our server.
- crssi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey Would you be so kind and let me know how to do it?
  
  Cheers
- olivier
  
  3 yrs ago
  
  Reported - view
  crssi you can follow those instructions on how to install dig on windows: https://help.dyn.com/how-to-use-binds-dig-tool/
  
  Then execute "dig lol.secure.dyn.riotcdn.net @45.90.28.0"
- crssi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey
  
  C:\BIND9.16.10.x64>dig lol.secure.dyn.riotcdn.net @45.90.28.0
  
  ; <<>> DiG 9.16.10 <<>> lol.secure.dyn.riotcdn.net @45.90.28.0
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40228
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  
  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 1220
  ;; QUESTION SECTION:
  ;lol.secure.dyn.riotcdn.net. IN A
  
  ;; AUTHORITY SECTION:
  secure.dyn.riotcdn.net. 3017 IN SOA dns1.p07.nsone.net. hostmaster.nsone.net. 1610057293 43200 7200 1209600 3600
  
  ;; Query time: 53 msec
  ;; SERVER: 45.90.28.0#53(45.90.28.0)
  ;; WHEN: Mon Jan 18 16:53:19 Central Europe Standard Time 2021
  ;; MSG SIZE rcvd: 117
- olivier
  
  3 yrs ago
  
  Reported - view
  crssi what about "dig +tcp CHAOS lol.secure.dyn.riotcdn.net @45.90.28.0"
- crssi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey thank you
  
  I have changed the client.nextdns.io IP address for anonymity... if you need it, let me know.
  
  :\BIND9.16.10.x64>dig +tcp CHAOS lol.secure.dyn.riotcdn.net @45.90.28.0
  ;; Warning: Message parser reports malformed message packet.
  
  ; <<>> DiG 9.16.10 <<>> +tcp CHAOS lol.secure.dyn.riotcdn.net @45.90.28.0
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59831
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 7
  
  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 1220
  ;; QUESTION SECTION:
  ;lol.secure.dyn.riotcdn.net. CH A
  
  ;; AUTHORITY SECTION:
  secure.dyn.riotcdn.net. 2084 IN SOA dns1.p07.nsone.net. hostmaster.nsone.net. 1610057293 43200 7200 1209600 3600
  
  ;; ADDITIONAL SECTION:
  client-name.nextdns.io. 0 CH TXT "unknown"
  server.nextdns.io. 0 CH TXT "zepto-fra-1"
  conf.nextdns.io. 0 CH TXT "default"
  client.nextdns.io. 0 CH TXT "11.111.20.80"
  proto.nextdns.io. 0 CH TXT "TCP"
  smart-ecs.nextdns.io. 0 CH TXT "not sent"
  
  ;; Query time: 29 msec
  ;; SERVER: 45.90.28.0#53(45.90.28.0)
  ;; WHEN: Mon Jan 18 17:08:52 Central Europe Standard Time 2021
  ;; MSG SIZE rcvd: 300
- olivier
  
  3 yrs ago
  
  Reported - view
  crssi seems like one instance of NSOne (dns4.p07.nsone.net) auth in FRA is misconfigured:
  
  dig +norecurse lol.secure.dyn.riotcdn.net @2a00:edc0:6259:7:7::4 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> +norecurse lol.secure.dyn.riotcdn.net @2a00:edc0:6259:7:7::4 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61431 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;lol.secure.dyn.riotcdn.net. IN A ;; AUTHORITY SECTION: secure.dyn.riotcdn.net. 3600 IN SOA dns1.p07.nsone.net. hostmaster.nsone.net. 1610057293 43200 7200 1209600 3600 ;; Query time: 0 msec ;; SERVER: 2a00:edc0:6259:7:7::4#53(2a00:edc0:6259:7:7::4) ;; WHEN: Mon Jan 18 16:24:20 UTC 2021 ;; MSG SIZE rcvd: 117
  
  Same query from somewhere else returns the right CNAME:
  
  dig +norecurse lol.secure.dyn.riotcdn.net @2a00:edc0:6259:7:7::4 ; <<>> DiG 9.11.20-RedHat-9.11.20-5.el8 <<>> +norecurse lol.secure.dyn.riotcdn.net @2a00:edc0:6259:7:7::4 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26879 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;lol.secure.dyn.riotcdn.net. IN A ;; ANSWER SECTION: lol.secure.dyn.riotcdn.net. 60 IN CNAME scd.akacdn.riotgames.com.edgesuite.net. ;; Query time: 2 msec ;; SERVER: 2a00:edc0:6259:7:7::4#53(2a00:edc0:6259:7:7::4) ;; WHEN: Mon Jan 18 16:29:05 UTC 2021 ;; MSG SIZE rcvd: 104
  
  There is nothing we can do about it. This need to be reported to Riot Games who should then check with NSOne (their DNS auth provider here).
- crssi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey
  
  Thank you Olivier.
  
  I have reported it now to Riot Games.
  
  Cheers
- crssi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey
  
  Long story short... Riot Games advised me to change DNS to 8.8.8.8.
  
  I have also contacted NSOne support at support@ns1.com, but I am not competent enough to get through, otherwise they do respond nicely even doe I do not have account there.
  
  I do not know how to go on, but the situation it is really annoying since the application is useless until I set a rewrite in the settings, but this is not a solution, since the destination is not always the same.
  
  I would really appreciate your help here, since using NextDNS as DNS resolving this address just doesn't work.
  
  Cheers
- olivier
  
  3 yrs ago
  
  Reported - view
  crssi we'll contact NSOne to have their IPv6 servers fixed.
- Suedroc
  
  3 yrs ago
  
  Reported - view
  crssi I just experienced this yesterday but with:
  
  valorant.secure.dyn.riotcdn.net
  
  I had to change the dns just to get the game updated.
- crssi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey Thank you. You have made my day.
  
  Please, let us know when resolved... to make my day again.
  
  Cheers
- olivier
  
  3 yrs ago
  
  Reported - view
  crssi look like it's fixed
- crssi
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey YES, it is.
  
  OMG, I U. Thank you.
- crssi
- 3 yrs ago
- Reported - view
Why wouldn't it be?

Content aside

1 Likes
3 yrs agoLast active
20Replies
884Views
4 Following

Problems with lol.secure.dyn.riotcdn.net

20 replies

Content aside

Home

Tags