Symantec have finished migrating off Edgio, looks like - even DNS is over now.
The so what, if they hadn't - AV/EPP updates would have broken globally tomorrow.
If anybody is wondering Microsoft have almost everything off Edgio now, although it looks like some minor stuff is going to break - e.g. I've seen some dev pipeline stuff still on AzureEdge still on Edgio.
I still don't know if Akamai will really pull the plug or if they're just trying to get people off quickly - get the popcorn ready if they do.
If anybody from MSFT on the #Edgio migration call follows me, I'd recommend somebody looks at these before they break:
iecvlist.microsoft.com
ajax.aspnetcdn.com
platform-ecst.linkedin.com
Attached: 1 image azureedge.net domain and related Azure services are expected to stop working very soon as Azure's provider, Edgio, has gone bankrupt. It's more than .net team using that domain, customers do too. https://devblogs.microsoft.com/dotnet/critical-dotnet-install-links-are-changing/
@GossiTheDog the entry hasnt gone missing. it's there. but there's a cname chain which finishes at the zetacdn.net domain which is now lame (parent delegated name servers don't answer). they just turned the nameservers off???
you might find better diagnosis info from dig, instead of nslookup, which is deprecated on linux. I think it's still possible to install on windows but ymmv
@GossiTheDog This list was made by an intern running wireshark on Windows and clicking through dialogs. Not by engineers and developers.
It often contains wrong/misleading information as the one creating it did not check which process the traffic originates from and made some assumptions.
If you want to control where connections are mad from the information in the RTLFB guide is much more precise: https://learn.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services
Add some DNS-Client Event Logs, Get-DNSClientCache and pktmon and you can get accurate information.
@GossiTheDog
iecvlist is afaik used to load compability lists for IE (probably also IE mode). I don't think this will have a big (if any) impact.
There's a GH issue to report problems with ajax.aspnetcdn.com if you want: https://github.com/dotnet/AspNetCore.Docs/issues/34049
Also the documentation (https://learn.microsoft.com/en-us/aspnet/ajax/cdn/overview) states: "The Microsoft Ajax CDN has no SLA above and beyond using an Azure CDN."
@GossiTheDog Tangentially: Microsoft uses so many domains that I have to discuss them as an extensive list of exceptions in phishing training, contra the message of “know the domain, and distrust any site that mismatches even subtly as with a hyphen where there should be a dot.” They literally have domains with a hyphen where substituting a dot yields another Microsoft domain, which is usually a phishing tactic (to create look-alike domains).
Allowlisting them is also an absurdly lengthy undertaking: on the order of a hundred times as long as allowlisting Google services. What the hell is stopping them from having all internal services on a .microsoft.com? Or at least on a short list of .<well-known-Microsoft-trademark> domains?
@GossiTheDog Are you sure about that? This subdomain seems pretty important according to the docs and it still is resolving to an Edgecast IP.
https://bgp.he.net/dns/iecvlist.microsoft.com
"This network traffic is related to the Microsoft Edge browser. The Microsoft Edge browser requires this endpoint to contact external websites."
https://learn.microsoft.com/en-us/windows/privacy/manage-windows-11-endpoints
Kevin Beaumont
Kal Feher
faebudo
David
Jonly
Hugo Mills
wrosecrans
David Krause