Re: [DNSOP] m.root-servers.net DNSSEC TCP failures
Gilles Massen <gilles.massen@restena.lu> Wed, 17 March 2010 12:16 UTC
Return-Path: <gilles.massen@restena.lu>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E97413A6A39 for <dnsop@core3.amsl.com>; Wed, 17 Mar 2010 05:16:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.869
X-Spam-Level:
X-Spam-Status: No, score=-0.869 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, J_CHICKENPOX_84=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6YBUQYwOdI8e for <dnsop@core3.amsl.com>; Wed, 17 Mar 2010 05:16:12 -0700 (PDT)
Received: from smtprelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) by core3.amsl.com (Postfix) with ESMTP id BC61A3A690C for <dnsop@ietf.org>; Wed, 17 Mar 2010 05:15:56 -0700 (PDT)
Received: from smtprelay.restena.lu (localhost [127.0.0.1]) by smtprelay.restena.lu (Postfix) with ESMTP id BF0D910584 for <dnsop@ietf.org>; Wed, 17 Mar 2010 13:16:05 +0100 (CET)
Received: from [IPv6:2001:a18:1:8:230:5ff:fefe:537e] (unknown [IPv6:2001:a18:1:8:230:5ff:fefe:537e]) by smtprelay.restena.lu (Postfix) with ESMTP id 8C54410088 for <dnsop@ietf.org>; Wed, 17 Mar 2010 13:16:05 +0100 (CET)
Message-ID: <4BA0C805.1030002@restena.lu>
Date: Wed, 17 Mar 2010 13:16:05 +0100
From: Gilles Massen <gilles.massen@restena.lu>
Organization: Fondation RESTENA
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: dnsop@ietf.org
References: <3DBA4D6ECA684CE0AB62B1760AB64B65@localhost> <4BA0C477.8000904@ogud.com>
In-Reply-To: <4BA0C477.8000904@ogud.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV
Subject: Re: [DNSOP] m.root-servers.net DNSSEC TCP failures
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Mar 2010 12:16:13 -0000
It's a bit weird from here: TCP queries to m's IPv4 adress are working fine: dns-test:~ # dig @202.12.27.33 . any ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.7.0-P1 <<>> @202.12.27.33 . any ; (1 server found) ;; global options: +cmd ;; Got answer: And: dig @202.12.27.33 hostname.bind ch txt +short +tcp "M-NRT-JPIX-3" With IPv6 it's pretty strange: dns-test:~ # dig @2001:dc3::35 . any ;; Truncated, retrying in TCP mode. <timeout> BUT: dns-test:~ # dig @2001:dc3::35 . ns +tcp ; <<>> DiG 9.7.0-P1 <<>> @2001:dc3::35 . ns +tcp ; (1 server found) ;; global options: +cmd ;; Got answer: [...] ;; Query time: 34 msec ;; SERVER: 2001:dc3::35#53(2001:dc3::35) ;; WHEN: Wed Mar 17 13:10:59 2010 ;; MSG SIZE rcvd: 632 dns-test:~ # dig @2001:dc3::35 hostname.bind ch txt +short +tcp "M-CDG-2" Actually any query to M with IPv6 and TCP seems to work but ANY. But dig @2001:dc3::35 . any +bufsize=2048 doesn't work either. Maybe the IPv6 instance is having MTU/DF issues? Gilles Olafur Gudmundsson wrote: > Here is what I get: > <stora:~ 7:55 8 0>dig any . @m.root-servers.net. > ;; Truncated, retrying in TCP mode. > > ; <<>> DiG 9.6.1-P1 <<>> any . @m.root-servers.net. > > Thus I think the any-cast instance you are using is the broken one, > I'm talking to the one on the west coast of the US. (SFO ?). > > traceroute to m.root-servers.net (202.12.27.33), 64 hops max, 40 byte > packets > .. > 3 ge-0-0-2.cr2.sfo1.speakeasy.net (69.17.87.18) 98.303 ms 96.415 ms > 97.783 ms > 4 rtr0.sfo.m.root-servers.org (198.32.176.179) 100.297 ms 100.138 > ms 97.285 ms > 5 M.ROOT-SERVERS.NET (202.12.27.33) 99.553 ms 100.397 ms 99.036 ms > > Olafur > > > > > On 17/03/2010 7:28 AM, George Barwood wrote: >> It seems that >> >> m.root-servers.net >> >> is now serving DNSSEC, but does not have TCP, so the following queries >> all fail >> >> dig any . @m.root-servers.net >> dig rrsig . @m.root-serves.net >> dig any . @m.root-servers.net +dnssec +bufsize=1400 >> >> None of these are normal queries, but seems a bit doubtful even so. >> >> George -- Fondation RESTENA - DNS-LU 6, rue Coudenhove-Kalergi L-1359 Luxembourg tel: (+352) 424409 fax: (+352) 422473
- [DNSOP] m.root-servers.net DNSSEC TCP failures George Barwood
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Jaap Akkerhuis
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Olafur Gudmundsson
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Gilles Massen
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Nicholas Weaver
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Jim Reid
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Nicholas Weaver
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures George Barwood
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures sthaug
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures sthaug
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Tony Finch
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Chris Thompson
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Gilles Massen
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Mark Andrews