← Back to context

Comment by ben509

4 years ago

dig ocsp.apple.com reports:

    ;; ANSWER SECTION:
    ocsp.apple.com.  3593 IN CNAME ocsp-lb.apple.com.akadns.net.
    ocsp-lb.apple.com.akadns.net. 53 IN CNAME ocsp.g.aaplimg.com.
    ocsp.g.aaplimg.com. 8 IN A 17.253.21.201
    ocsp.g.aaplimg.com. 8 IN A 17.253.119.201

"ocsp-lb.apple.com.akadns.net" is an entry indicating DNS based load balancing, done by Akamai.

Even with lots of redundancy, there are still lots of ways all that can fall over. You can have a batch of servers that soft-fail: they're not responding to real queries but the load balancer thinks they're healthy.

0 comments

ben509

Reply