Re: [DNSOP] m.root-servers.net DNSSEC TCP failures
Nicholas Weaver <nweaver@ICSI.Berkeley.EDU> Wed, 17 March 2010 12:21 UTC
Return-Path: <nweaver@ICSI.Berkeley.EDU>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4B3033A67FD for <dnsop@core3.amsl.com>; Wed, 17 Mar 2010 05:21:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.624
X-Spam-Level:
X-Spam-Status: No, score=-5.624 tagged_above=-999 required=5 tests=[AWL=-0.155, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sf5mQX0zqEFj for <dnsop@core3.amsl.com>; Wed, 17 Mar 2010 05:21:46 -0700 (PDT)
Received: from fruitcake.ICSI.Berkeley.EDU (fruitcake.ICSI.Berkeley.EDU [192.150.186.11]) by core3.amsl.com (Postfix) with ESMTP id 6D9713A6A22 for <dnsop@ietf.org>; Wed, 17 Mar 2010 05:21:46 -0700 (PDT)
Received: from [IPv6:::1] (jack.ICSI.Berkeley.EDU [192.150.186.73]) by fruitcake.ICSI.Berkeley.EDU (8.12.11.20060614/8.12.11) with ESMTP id o2HCLumS014697; Wed, 17 Mar 2010 05:21:56 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
In-Reply-To: <4BA0C477.8000904@ogud.com>
Date: Wed, 17 Mar 2010 05:21:55 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <2FEC4958-BD96-4845-8672-E442E3F48D82@icsi.berkeley.edu>
References: <3DBA4D6ECA684CE0AB62B1760AB64B65@localhost> <4BA0C477.8000904@ogud.com>
To: dnsop@ietf.org
X-Mailer: Apple Mail (2.1077)
Cc: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Subject: Re: [DNSOP] m.root-servers.net DNSSEC TCP failures
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Mar 2010 12:21:48 -0000
A little more, from Comcast SF bay area: Its responding to large EDNS MTUs just fine for me: dig +dnssec any . @m.root-servers.net works (4096B MTU) but with a 512B MTU (no EDNS) it doesn't because there is no working TCP: dig any . @m.root-servers.net ;; Truncated, retrying in TCP mode. ;; Connection to 2001:dc3::35#53(2001:dc3::35) for . failed: host unreachable. ;; communications error to 202.12.27.33#53: connection reset And its not an IPv6 error, nor specific to the ANY query for the instance I'm connecting to, because: dig +tcp NS . @202.12.27.33 ;; communications error to 202.12.27.33#53: connection reset Traceroute for me (comcast, SF bay area): 8 pos-0-0-0-0-pe01.11greatoaks.ca.ibone.comcast.net (68.86.86.54) 18.236 ms 19.293 ms 18.971 ms 9 xe-9-3-0-0.sjc10.ip4.tinet.net (213.200.80.165) 18.936 ms 17.631 ms 18.901 ms 10 xe-0-0-0.par20.ip4.tinet.net (89.149.187.165) 188.885 ms 170.598 ms xe-1-0-0.par20.ip4.tinet.net (89.149.187.169) 187.812 ms 11 213.200.76.38 (213.200.76.38) 174.631 ms 171.042 ms 170.649 ms 12 * 213.200.76.38 (213.200.76.38) 171.488 ms !X * 13 * 213.200.76.38 (213.200.76.38) 174.952 ms !X * 14 213.200.76.38 (213.200.76.38) 172.172 ms !X * 175.036 ms !X My net has no filtering that I know of on DNS, either UDP or TCP: http://n1.netalyzr.icsi.berkeley.edu/restore/id=43ca253f-32397-7e23ee37-14c3-4026-9f6b/rd
- [DNSOP] m.root-servers.net DNSSEC TCP failures George Barwood
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Jaap Akkerhuis
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Olafur Gudmundsson
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Gilles Massen
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Nicholas Weaver
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Jim Reid
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Nicholas Weaver
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures George Barwood
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures sthaug
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures sthaug
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Tony Finch
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Chris Thompson
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Gilles Massen
- Re: [DNSOP] m.root-servers.net DNSSEC TCP failures Mark Andrews