[122505] in North American Network Operators' Group
Re: in-addr.arpa server problems for europe?
daemon@ATHENA.MIT.EDU (Mark Andrews)
Mon Feb 15 18:12:56 2010
To: Florian Weimer <fw@deneb.enyo.de>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Mon, 15 Feb 2010 19:55:05 BST."
<87iq9ys512.fsf@mid.deneb.enyo.de>
Date: Tue, 16 Feb 2010 10:12:15 +1100
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In message <87iq9ys512.fsf@mid.deneb.enyo.de>, Florian Weimer writes:
> * Stephane Bortzmeyer:
>
> > It is highly improbable that all these name servers are unreachable
> > from you. Therefore, I suspect that *content* is the issue. RIPE-NCC
> > zones are signed with DNSSEC. Are you sure you do not have a broken
> > middlebox which deletes DNSSEC-signed answers?
>
> Ahem. dig's +trace doesn't use EDNS by default, so no signatures and
> (usually) no large responses.
I actually suspect no IPv6 path rather than DNSSEC, add a -4 to force IPv4.
drugs# foreach h ( SUNIC.SUNET.SE TINNIE.ARIN.NET NS-PRI.RIPE.NET NS3.NIC.FR SEC3.APNIC.NET SEC1.APNIC.NET SNS-PB.ISC.ORG )
foreach? echo $h `dig +short $h aaaa`
foreach? end
SUNIC.SUNET.SE 2001:6b0:7::2
TINNIE.ARIN.NET 2001:500:13::c7d4:35
NS-PRI.RIPE.NET 2001:610:240:0:53::3
NS3.NIC.FR 2001:660:3006:1::1:1
SEC3.APNIC.NET 2001:dc0:1:0:4777::140
SEC1.APNIC.NET 2001:dc0:2001:a:4608::59
SNS-PB.ISC.ORG 2001:500:2e::1
drugs#
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
