IETF Logo Mail Archive

Re: [DNSOP] m.root-servers.net DNSSEC TCP failures

"George Barwood" <george.barwood@blueyonder.co.uk> Wed, 17 March 2010 13:21 UTC

Return-Path: <george.barwood@blueyonder.co.uk>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D27FF3A6BFE for <dnsop@core3.amsl.com>; Wed, 17 Mar 2010 06:21:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.356
X-Spam-Level: ***
X-Spam-Status: No, score=3.356 tagged_above=-999 required=5 tests=[AWL=-0.228, BAYES_20=-0.74, DNS_FROM_OPENWHOIS=1.13, HELO_EQ_BLUEYON=1.4, MIME_BASE64_BLANKS=0.041, MIME_BASE64_TEXT=1.753]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RB1b2GOwGgnV for <dnsop@core3.amsl.com>; Wed, 17 Mar 2010 06:21:07 -0700 (PDT)
Received: from smtp-out5.blueyonder.co.uk (smtp-out5.blueyonder.co.uk [195.188.213.8]) by core3.amsl.com (Postfix) with ESMTP id 9326D28B23E for <dnsop@ietf.org>; Wed, 17 Mar 2010 06:18:30 -0700 (PDT)
Received: from [172.23.170.138] (helo=anti-virus01-09) by smtp-out5.blueyonder.co.uk with smtp (Exim 4.52) id 1Nrt8v-0007Jo-Fn; Wed, 17 Mar 2010 13:18:37 +0000
Received: from [92.238.99.235] (helo=GeorgeLaptop) by asmtp-out3.blueyonder.co.uk with esmtpa (Exim 4.52) id 1Nrt8r-0005EC-RH; Wed, 17 Mar 2010 13:18:33 +0000
Message-ID: <475F44F7117C4037A7AC13355C6D9E9B@localhost>
From: George Barwood <george.barwood@blueyonder.co.uk>
To: Jim Reid <jim@rfc1035.com>
References: <3DBA4D6ECA684CE0AB62B1760AB64B65@localhost> <CF3EE840-0D45-4321-ABC4-31F4D186F9E6@rfc1035.com>
Date: Wed, 17 Mar 2010 13:18:30 -0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5843
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] m.root-servers.net DNSSEC TCP failures
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Mar 2010 13:21:10 -0000

----- Original Message ----- 
From: "Jim Reid" <jim@rfc1035.com>
To: "George Barwood" <george.barwood@blueyonder.co.uk>
Cc: <dnsop@ietf.org>
Sent: Wednesday, March 17, 2010 12:23 PM
Subject: Re: [DNSOP] m.root-servers.net DNSSEC TCP failures


> On 17 Mar 2010, at 11:28, George Barwood wrote:
> 
>> It seems that  m.root-servers.net is now serving DNSSEC, but does  
>> not have TCP, so the following queries all fail
> 
> Well these queries work just fine for me. Perhaps your problems are  
> caused by local misconfiguration such as a broken CPE/middleware box  
> or DNS proxy?

I don't think it is very local, as all the other root servers work fine.
I reproduced the problem at 3 different sites, all within the UK.

The error message from dig is

;; communications error to 202.12.27.33#53: network unreachable

and this comes up immediately.

Ping shows high packet loss ( > 50% ) , and an average round trip time of 600 msec.

But DNS/UDP works fine, with a response time of 30 msec.

I guess there are some network problems with TCP.

v2.23.0 | Report a Bug | By Email