[122469] in North American Network Operators' Group
Re: in-addr.arpa server problems for europe?
daemon@ATHENA.MIT.EDU (Stephane Bortzmeyer)
Mon Feb 15 06:58:34 2010
Date: Mon, 15 Feb 2010 12:58:13 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Michelle Sullivan <matthew@sorbs.net>
In-Reply-To: <4B791249.1060806@sorbs.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Feb 15, 2010 at 10:22:17AM +0100,
Michelle Sullivan <matthew@sorbs.net> wrote
a message of 185 lines which said:
> 213.in-addr.arpa. 86400 IN NS NS-PRI.RIPE.NET.
> 213.in-addr.arpa. 86400 IN NS NS3.NIC.FR.
> 213.in-addr.arpa. 86400 IN NS SUNIC.SUNET.SE.
> 213.in-addr.arpa. 86400 IN NS SNS-PB.ISC.ORG.
> 213.in-addr.arpa. 86400 IN NS SEC1.APNIC.NET.
> 213.in-addr.arpa. 86400 IN NS SEC3.APNIC.NET.
> 213.in-addr.arpa. 86400 IN NS TINNIE.ARIN.NET.
> ;; Received 224 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in 20011 ms
>
> ;; connection timed out; no servers could be reached
It is highly improbable that all these name servers are unreachable
from you. Therefore, I suspect that *content* is the issue. RIPE-NCC
zones are signed with DNSSEC. Are you sure you do not have a broken
middlebox which deletes DNSSEC-signed answers?
(I tried from an US/Datotel/Level3 machine and everything works.)
