k8s镜像因pub.mirrors.aliyun.com名字解析失败无法访问

访问https://mirrors.aliyun.com 会跳转到 http://pub/mirrors.aliyun.com ，后边这个名字无法解析。

跳转有一定随机性，但是名字解析可持续复现

$ curl -v -L https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
*   Trying 27.221.56.248...
* TCP_NODELAY set
* Connected to mirrors.aliyun.com (27.221.56.248) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=CN; ST=ZheJiang; L=HangZhou; O=Alibaba (China) Technology Co., Ltd.; CN=*.mirrors.aliyun.com
*  start date: Nov  4 07:36:15 2019 GMT
*  expire date: Nov  4 07:36:15 2020 GMT
*  subjectAltName: host "mirrors.aliyun.com" matched cert's "mirrors.aliyun.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - SHA256 - G2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xc05b70)
> GET /kubernetes/yum/repos/kubernetes-el7-x86_64 HTTP/2
> Host: mirrors.aliyun.com
> User-Agent: curl/7.61.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 301
< server: Tengine
< content-type: text/html
< content-length: 278
< location: http://pub.mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
< date: Thu, 28 Nov 2019 09:20:25 GMT
< expires: Thu, 28 Nov 2019 11:20:25 GMT
< cache-control: max-age=7200
< via: cn2324.l1, vcache10.cn2324, l2cn1793.l2, cache10.l2cn1793, osm-sh-ecs-1, cache10.l2cn1793[0,301-0,H], cache38.l2cn1793[1,0], vcache3.cn646[0,301-0,H], vcache3.cn646[2,0]
< ali-swift-global-savetime: 1574932825
< age: 813
< x-cache: HIT TCP_HIT dirn:11:411200234
< x-swift-savetime: Thu, 28 Nov 2019 09:20:32 GMT
< x-swift-cachetime: 7193
< timing-allow-origin: *
< eagleid: 1bdd389715749336388442641e
<
* Ignoring the response-body
* Connection #0 to host mirrors.aliyun.com left intact
* Issue another request to this URL: 'http://pub.mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/'
* Could not resolve host: pub.mirrors.aliyun.com
* Closing connection 1
curl: (6) Could not resolve host: pub.mirrors.aliyun.com

解析pub.mirrors.aliyun.com返回NXDOMAIN

$ dig pub.mirrors.aliyun.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.amzn2.0.2 <<>> pub.mirrors.aliyun.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50528
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pub.mirrors.aliyun.com.                IN      A

;; AUTHORITY SECTION:
aliyun.com.             60      IN      SOA     hidden-master.aliyun.com. hostmaster.alibaba-inc.com. 2014046777 3600 900 1209600 600

;; Query time: 1 msec
;; SERVER: 172.31.0.2#53(172.31.0.2)
;; WHEN: Thu Nov 28 09:35:26 UTC 2019
;; MSG SIZE  rcvd: 124