[122521] in North American Network Operators' Group
Re: in-addr.arpa server problems for europe?
daemon@ATHENA.MIT.EDU (Michelle Sullivan)
Tue Feb 16 02:16:51 2010
Date: Tue, 16 Feb 2010 08:16:18 +0100
From: Michelle Sullivan <matthew@sorbs.net>
In-reply-to: <201002152312.o1FNCFq8098232@drugs.dv.isc.org>
To: Mark Andrews <marka@isc.org>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Mark Andrews wrote:
> In message <87iq9ys512.fsf@mid.deneb.enyo.de>, Florian Weimer writes:
>
>> * Stephane Bortzmeyer:
>>
>>
>>> It is highly improbable that all these name servers are unreachable
>>> from you. Therefore, I suspect that *content* is the issue. RIPE-NCC
>>> zones are signed with DNSSEC. Are you sure you do not have a broken
>>> middlebox which deletes DNSSEC-signed answers?
>>>
>> Ahem. dig's +trace doesn't use EDNS by default, so no signatures and
>> (usually) no large responses.
>>
>
> I actually suspect no IPv6 path rather than DNSSEC, add a -4 to force IPv4.
>
And that is the solution!
(and I upgraded the resolver on all the machines to 9.6.1-P1 before
getting that far.)
Thanks,
Michelle
